Blog News -  Úvod 
Úvod  APT blog  Attack blog 
BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog

 

Datum

Název

Info

Blog

Companies

16.12.18How to protect yourself as the threat of scam apps growsAs the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices?Spam blogEset
15.12.18Shamoon: Destructive Threat Re-Emerges with New Sting in its TailAfter a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East.Malware blogSymantec
15.12.18How threat actors are using SMB vulnerabilitiesSome of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services.Vulnerebility blogMalwarebytes
15.12.18Compromising vital infrastructure: the power gridHow are we doing at protecting the vital infrastructure of our power grid and its components against physical and cyberattacks?Cyber blogMalwarebytes
15.12.18Data scraping treasure trove found in the wild3 large databases containing scraped content landed in front of security researchers. How bad is it?Incident blogMalwarebytes
15.12.18Bitcoin Bomb Scare Associated with Sextortion ScammersOrganizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed some type of explosive materials in the recipient's building.Cryptocurrency blogCisco Talos
14.12.18What are Deep Neural Networks Learning About Malware?An analysis of FireEye’s deep learning-based malware classifier.Malware blogFireEye
14.12.18Adventures in Video Conferencing Part 5: Where Do We Go from Here?Overall, our video conferencing research found a total of 11 bugs in WebRTC, FaceTime and WhatsApp. The majority of these were found through less than 15 minutes of mutation fuzzing RTP. We were surprised to find remote bugs so easily in code that is so widely distributed. There are several properties of video conferencing that likely led to the frequency and shallowness of these issues.Vulnerebility blogProject Zero
14.12.18Malaysian government targeted with mash-up espionage toolkitAn interview with ESET researchers Tomáš Gardoò and Filip Kafka on their research of a malware toolkit used in espionage against the Malaysian governmentBigBrother blogEset
13.12.18Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsAppNot every attempt to find bugs is successful. When looking at WhatsApp, we spent a lot of time reviewing call signalling hoping to find a remote, interaction-less vulnerability. No such bugs were found. We are sharing our work with the hopes of saving other researchers the time it took to go down this very long road. Or maybe it will give others ideas for vulnerabilities we didn’t find.Vulnerebility blogProject Zero
13.12.1850 CVEs in 50 Days: Fuzzing Adobe ReaderThe year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year before (see table below). The probable reason for this is the increased popularity of automatic vulnerability finding tools, also known as “fuzzers”.Vulnerebility blogCheckpoint
13.12.18FLARE Script Series: Automating Objective-C Code Analysis with EmulationWe are sharing a new IDAPython library that provides scriptable emulation features to reverse engineers.Malware blogFireEye
13.12.18Android Trojan steals money from PayPal accounts even with 2FA onThere is no evidence that the flaw was misused during the six days it was alive, said the tech giantMalware blogEset
13.12.18Google+ to shut earlier as new bug exposed data of 52.5 million usersESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authenticationSocial blogEset
12.12.18Flurry of new Mac malware drops in DecemberLast week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft’s John Lambert and analyzed by Objective-See’s Patrick Wardle, and the second was found by Malwarebytes’ Adam Thomas.Malware blogMalwarebytes
12.12.18Data scraping treasure trove found in the wildWe bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it.Security blogMalwarebytes
12.12.18Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsAppWhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Exploit blogProject Zero
12.12.18Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerabilityAdobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific JavaScript, they could cause heap corruption. The user could also trigger this bug if they open a specially crafted email attachment.Vulnerebility blogCisco Talos
12.12.18Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverageMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities in this release.Vulnerebility blogCisco Talos
11.12.18Next Generation Dark Markets? Think Amazon or eBay for criminalsThe “evolution” of these markets is making cybercrime easier than ever beforeCyber blogEset
11.12.18Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT FirmsSymantec researchers have uncovered extensive insights into a cyber espionage group behind a recent series of cyber-attacks designed to gather intelligence on targets spread primarily across the Middle East as well as in Europe and North America.BigBrother blogSymantec
11.12.18Brazilian users’ mobile devices attacked by a banking TrojanDoctor Web virus analysts have detected the Android.BankBot.495.origin Trojan attacking Brazilian financial institution customers on Google Play. This Trojan uses Android’s special features (Accessibility Service). It uses them to control infected mobile devices and steal their owners’ confidential dataMalware blogDr Web
11.12.18in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and SignalMessaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted apps dubbed "secure instant messaging applications." These apps claim to encrypt users' messages and keep their content secure from any third parties.Social blogCisco Talos
10.12.18The Ransomware Doctor Without a CureWhen it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake – an unpatched device, an out-of-date product or an innocent human error.Ransomware blogCheckpoint
7.12.18DanaBot evolves beyond banking Trojan with new spam-sending capabilityESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group.BotNet blogEset
5.12.18Formjacking: Targeting Popular Stores Near YouFormjacking, the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites, has been making headlines lately. In our previous blog, we discussed how formjacking generally works and cited a few publicly reported attacks that targeted popular online businesses. Malware blogSymantec
5.12.18The Dark Side of the ForSSHeESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats.Malware blogEset
5.12.18New ‘Under the Radar’ report examines modern threats and future technologiesThe new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either for the purpose of additional infection or evasion of detection.Malware blogMalwarebytes
5.12.18Humble Bundle alerts customers to subscription reveal bugYou’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information.Vulnerebility blogMalwarebytes
5.12.18Adventures in Video Conferencing Part 1: The Wild World of WebRTCOver the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks.Vulnerebility blogProject Zero
5.12.18The DNS Attacks We’re Still SeeingsIn early 2017, even decades after its adoption, the Domain Name System (DNS) is still the Achilles’ heel of the internet. This is because nearly everything on the Internet requires DNS, but the DNS service relies on a protocol that is both unreliable and easy to impersonate. It is for these two reasons that attackers target DNS for direct attack or subversion to support other attacks.Attack blogF5 Labs
5.12.18An introduction to offensive capabilities of Active Directory on UNIXIn preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises' Active Directory forests.Security blogCisco Talos
4.12.18Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection VulnerabilityToday, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.Vulnerebility blogCisco Talos
4.12.18Scam iOS apps promise fitness, steal money insteadFitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad usersIncident blog

Eset

4.12.18CyberwarCon – focusing on the impact of cyber-badnessA welcome return to the hacker conferences of yesteryearCyber blog

Eset

2.12.18

Wireshark update 2.6.5 available

Wireshark version 2.6.5 is available: release notes.

Vulnerebility blog

SANS

1.12.18

The Evolution of BackSwap

The BackSwap banker has been in the spotlight recently due to its unique and innovative techniques to steal money from victims while staying under the radar and remaining undetected.

Malware blog

Checkpoint

1.12.18

Injecting Code into Windows Protected Processes using COM - Part 2

In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process.

Exploit blog

Project Zero

1.12.18

Marriott Starwood data breach: 5 defensive steps travelers should take now

Defensive steps for Marriott Starwood guests worried their personal information may have been compromised by the massive data breach

Incident blog

Eset

1.12.18

Cyberattacks on financial sector worries Americans most

A recent survey carried out by ESET has revealed that Americans are worried most about cyberattacks on the financial sector, listing it above attacks against hospitals, voting systems, or energy supply companies

Attack blog

Eset

30.11.18

Obfuscated Command Line Detection Using Machine Learning

This blog post presents a machine learning approach to detecting obfuscated Windows command line invocations on endpoints.

Security blog

FireEye

30.11.18

Digital Takeaways From the Supreme Court Fight

It’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications.

Security blog

F5 Labs

30.11.18

Reviewing Recent API Security Incidents

In the 18 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience.

Security blog

F5 Labs

30.11.18

Don’t Accept Risk With a Pocket Veto

We who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior.

Security blog

F5 Labs

30.11.18

Cyber Security Predictions: 2019 and Beyond

As you think about how to deploy in advance of a new year of cyber threats, here are the trends and activities most likely to affect your organization

Security blog

Symantec

30.11.18

Operation Eversion: Eight Indicted in Law Enforcement Takedown

Symantec part of industry group that assisted FBI-led takedown against 3ve ad-fraud scam.

Spam blog

Symantec

30.11.18

Tech Support Scams Increasing in Complexity – Part 3

Scammers make use of multiple encoding techniques at one go to create a multiple-level obfuscated scam.

Spam blog

Symantec

30.11.18

You Better Watch Out: Online and Offline Threats Endanger Payment Card Data

Cyber attackers are using old tricks and new to steal customers’ payment card details from retailers this shopping season.

Cyber blog

Symantec

29.11.18

US indicts two over SamSam ransomware attacks

The hacking and extortion scheme took place over a 34-month period with the SamSam ransomware affecting over 200 organizations in the US and Canada

Ransomware blog

Eset

29.11.18

3ve – Major online ad fraud operation disrupted

International law enforcement swoops on fake ad viewing outfit

Cyber blog

Eset

29.11.18

KingMiner: The New and Improved CryptoJacker

Crypto-Mining attacks have grown and evolved in 18. Due to the rise in value and popularity of crypto currencies, hackers are increasingly motivated to exploit the CPU power of their victims’ machines for crypto-mining operations.

Cryptocurrency blog

Checkpoint

29.11.18

Trojan clicker distributed under the guise of DynDNS

Typically, cybercriminals use several traditional malware distribution channels, the main one being spamming. However, occasionally one comes across other means of distribution. Doctor Web’s experts will touch on one of them in this article.

Malware blog

Dr Web

29.11.18

DNSpionage Campaign Targets Middle East

Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it's clear that this adversary spent time understanding the victims' network infrastructure in order to remain under the radar and act as inconspicuous as possible during their attacks.

Cyber blog

Cisco Talos

27.11.18

German chat site faces fine under GDPR after data breach

The country’s first fine under GDPR is lower than might have been expected, however, as the company earns praise for its post-incident cooperation and enhanced security measures

Cyber blog

Eset

26.11.18

New mining Trojan for Linux removes anti-viruses

One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a miner that infects Linux devices.

Cryptocurrency blog

Dr Web

26.11.18

Banking Trojan attacks European users of Android devices

Banking Trojans remain among the most dangerous malware programs; they help attackers steal confidential information and money from users. Doctor Web malware analysts have detected one such Trojan on Google Play.

Malware blog

Dr Web

23.11.18

New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap

The suspect is believed to have carried out the scam on no fewer than six executives in the Bay Area, albeit ultimately with varying success

Cyber blog

Eset

23.11.18

Black Friday special by Emotet: Filling inboxes with infected XML macros

Emotet starts another massive spam campaign just as Black Friday begins to pick up steam

Malware blog

Eset

23.11.18

Good deal hunting: Staying safe on Black Friday

As the unofficial beginning of the holiday shopping season catches us up in the frenetic hunt for all those fantastic bargains, the shopping bonanza presents a host of risks to your online safety. Here are a few tips for going on a shopping spree and staying safe

Cyber blog

Eset

23.11.18

Who needs passwords? Microsoft now lets you in with your face or security key

The software giant takes passwords one step closer to obsolescence as it now enables users to log into their Microsoft accounts with more modern forms of authentication

Safety blog

Eset

21.11.18

Cmd and Conquer: De-DOSfuscation with flare-qdb

Learn how to use flare-qdb to bring “script block logging” to the Windows command interpreter, and more

Malware blog

FireEye

21.11.18

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor

Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software. 

Vulnerebility blog

Cisco Talos

21.11.18

OceanLotus: New watering hole attack in Southeast Asia

ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites

BigBrother blog

Eset

21.11.18

Sednit: What’s going on with Zebrocy?

In August 18, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats.

Cyber blog

Eset

21.11.18

Two Brits jailed for TalkTalk hack

The breach exposed the personal data of 160,000 people and cost the telecom company £77 million

Cyber blog

Eset

20.11.18

Cybersecurity a big concern in Canada as cybercrime’s impact grows

90% of Canadians surveyed agreed that cybercrime was an important "challenge to the internal security of Canada"

Cyber blog

Eset

20.11.18

What scams shoppers should look out for on Black Friday and Cyber Monday

Last year, consumers spent a record $6.59 billion during the annual online shopping day, an all-time record, according to Adobe Insights. Still, that doesn’t mean no one is rushing out the night of Thanksgiving to do their shopping. Shoppers still went out in droves on Black Friday last year — Adobe estimated that Americans spent $2.43 billion on Nov. 25, 2017.

Cyber blog

Cisco Talos

20.11.18

Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign

FireEye detected new targeted phishing activity at more than 20 of our clients across multiple industries.

Phishing blog

FireEye

19.11.18

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN

Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution.

Vulnerebility blog

Cisco Talos

16.11.18

New Strain of Olympic Destroyer Droppers

Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution from the group.

APT blog

Checkpoint

15.11.18

Security researchers bypass encryption on self-encrypting drives

Industry standard specification does not guarantee the safety of the self-encrypting drives despite verification

Cyber blog

Eset

15.11.18

TrickBot takes over as top business threat

There’s a newer, more sophisticated banking Trojan in town attempting to penetrate business networks and giving Emotet a run for its money. And its name is TrickBot. 

BotNet blog

Malwarebytes

15.11.18

FLARE VM Update

FLARE VM has gone through many major changes to better support our users’ needs.

Vulnerebility blog

FireEye

14.11.18

Heap Feng Shader: Exploiting SwiftShader in Chrome

On the majority of systems, under normal conditions, SwiftShader will never be used by Chrome - it’s used as a fallback if you have a known-bad “blacklisted” graphics card or driver. However, Chrome can also decide at runtime that your graphics driver is having issues, and switch to using SwiftShader to give a better user experience.

Exploit blog

Project Zero

14.11.18

Deja-XNU

This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2.

Exploit blog

Project Zero

14.11.18

Microsoft Patch Tuesday – November 18

This month the vendor has patched 62 vulnerabilities, 13 of which are rated Critical.

Vulnerebility blog

Symantec

10.11.18

Metamorfo Banking Trojan Keeps Its Sights on Brazil

Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card information and login credentials for various online banking and financial services websites so this data can be monetized by the attackers.

Malware blog

Cisco Talos

9.11.18

Emotet launches major new spam campaign

The recent spike in Emotet activity shows that it remains an active threat.

Spam blog

Eset

9.11.18

US Air Force invites white hats to find hackable flaws, again

This is the third time that the air force wants ethical hackers to uncover chinks in its digital armor.

BigBrother blog

Eset

9.11.18

FASTCash: How the Lazarus Group is Emptying Millions from ATMs

On October 2, 18, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the U.S. government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016.

APT blog

Symantec

9.11.18

18 Phishing and Fraud Report: Attacks Peak During the Holidays

Phishing attack? Absolutely. Success? Likely. Risk of incident? High. Breach costs? About $6.5 million.

Phishing blog

F5 Labs

8.11.18

DJI Drone Vulnerability

Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency-management sectors and more. With so many customers worldwide, both consumer and corporate, DJI drones can obtain data and images from a wide range of viewpoints and across a large spectrum of subject matter.

Vulnerebility blog

Checkpoint

8.11.18

Supply-chain attack on cryptocurrency exchange gate.io

Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange

Cryptocurrency blog

Eset

1.11.18

New Ramnit Campaign Spreads Azorult Malware

This summer we wrote about the Ramnit malware and its underlying “Black” botnet campaign which was used for distributing proxy malware. Much to our surprise, the C&C servers of the “Black” botnet were shut.

BotNet blog

Checkpoint

30.10.18

SamSam: Targeted Ransomware Attacks Continue

Ransomware group remains highly active in 18, focussing mainly on organizations in the U.S.

Ransomware blog

Symantec

30.10.18

Gallmaker: New Attack Group Eschews Malware to Live off the Land

A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign.

Malware blog

Symantec

30.10.18

Symantec’s Latest Intelligence Page: Your Weather Report for the Threat Landscape

We've revamped the Latest Intelligence page with new metrics and a new look.

Security blog

Symantec

30.10.18

Ransomware and the enterprise: A new white paper

Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk

Ransomware blog

Eset

30.10.18

Zooming In On “Domestic Kitten”

In recent years, Iran has been channeling significant resources into cyber warfare, devoting designated entities within multiple government agencies to conduct extensive espionage campaigns against foreign countries such as the United States, Israel.

BigBrother blog

Checkpoint

25.10.18

ESET releases new decryptor for Syrian victims of GandCrab ransomware

ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators

Ransomware blog

Eset

25.10.18

Banking Trojans continue to surface on Google Play

The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users

Malware blog

Eset

25.10.18

LuminosityLink RAT author sentenced to 2.5 years in jail

As part of his plea agreement, the author of the malware also forfeited the proceeds from his crimes – 114 Bitcoin worth $725,000

Malware blog

Eset

25.10.18

GreyEnergy: Updated arsenal of one of the most dangerous threat actors

ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks

APT blog

Eset

25.10.18

TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers

FireEye Intelligence assesses with high confidence that intrusion activity that led to deployment of TRITON was supported by a Russian government-owned technical research institution located in Moscow.

BigBrother blog

FireEye

25.10.18

ICS Tactical Security Trends: Analysis of the Most Frequent Security Risks Observed in the Field

FireEye compiled data to identify the most pervasive and highest priority security risks in industrial facilities.

ICS blog

FireEye

25.10.18

18 Flare-On Challenge Solutions

The fifth annual Flare-On Challenge is over, with 114 finishers out of 4,893 registrants.

Security blog

FireEye

25.10.18

FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin

We introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modules

Vulnerebility blog

FireEye

25.10.18

APT38: Details on New North Korean Regime-Backed Threat Group

We release details on APT38, a threat group we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide.

APT blog

FireEye

18.10.18

The Emergence of the

New Azorult 3.3

During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult is a long known information stealer and malware downloader, with this particular version being advertised in an underground forum since October 4.

Exploit blog

Checkpoint

18.10.18

Godzilla Loader and the Long Tail of Malware

To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thinking where malicious tools and campaigns emerge out of the ether, forged by an invisible hand.

Malware blog

Checkpoint

27.9.18

The ‘Gazorp’ Dark Web Azorult Builder

On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for building binaries of the popular malware, Azorult, an infostealer used for stealing user passwords, credit card information, cryptocurrency related data and more.

Cryptocurrency blog

Checkpoint

20.9.18

Fake finance apps on Google Play target users from around the world

Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange

Cryptocurrency blog

Eset

20.9.18

The Occasional Orator

) Part 1

Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery

Cyber blog

Eset

20.9.18

Bristol airport takes flight screens offline after apparent ransomware attack

The screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working order

Ransomware blog

Eset

20.9.18

One in three UK orgs hit by cryptojacking in previous month, survey finds

Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies

Cryptocurrency blog

Eset

14.9.18

Meet Black Rose Lucy, the Latest Russian MaaS Botnet

An organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent years we’ve seen cyber criminals take greater heed of this advice by increasingly hiring cyber mercenaries and Malware-as-a-Service (MaaS) providers as a way to carry out their malicious activities.

BotNet blog

Checkpoint

14.9.18

Domestic Kitten: An Iranian Surveillance Operation

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internalized and implemented this strategy to great effect, and continue to do so today.

BigBrother blog

Checkpoint

30.8.18

Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who...

Ransomware blog

Checkpoint

28.8.18

CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center...

Exploit blog

Checkpoint

26.8.18

Interactive Mapping of APT-C-23

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017,...

APT blog

Checkpoint

20.8.18

Ryuk Ransomware: A Targeted Campaign Break-Down

Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers...

Ransomware blog

Checkpoint

16.8.18

VBEtaly: An Italian Ursnif MalSpam Campaign

Check Point researchers have found another wave of the Ursnif malspam campaign targeting Italy. Only a few details are known so far but what we have found is that the file delivered is a VBE file (encoded VBS) named “SCANSIONE.vbe” and is delivered via ZIP attachments in emails with the subject suggesting different documents in Italian.

Malware blog

Checkpoint

12.8.18

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..

Vulnerebility blog

Checkpoint

12.8.18

Man-in-the-Disk: Android Apps Exposed via External Storage

Research By: Slava Makkaveev Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an...

Attack blog

Checkpoint

7.8.18

FakesApp: A Vulnerability in WhatsApp

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 18, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...

Vulnerebility blog

Checkpoint

5.8.18

Ramnit’s Network of Proxy Servers

Research By: Alexey Bukhteyev As you may know, Ramnit is one of the most prominent banking malware families in existence today and lately Check Point Research monitored a new massive campaign of Ramnit, dubbed...

Malware blog

Checkpoint

31.7.18

Osiris: An Enhanced Banking Trojan

Research By: Yaroslav Harakhavik and Nikita Fokin Following our recent analysis of the Kronos banking Trojan, we discovered that Kronos has also now been enhanced to hide its communication with C&C server using Tor....

Malware blog

Checkpoint

30.7.18

A Malvertising Campaign of Secrets and Lies

Check Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via multiple...

Malware blog

Checkpoint

30.7.18

Emotet: The Tricky Trojan that ‘Git Clones’

The Emotet Trojan downloader originally debuted in 2014 as a banking Trojan that took an unusual approach to stealing banking credentials; Instead of hooking per-browser functions in the victim’s web browser process, Emotet...

Malware blog

Checkpoint

30.7.18

GlanceLove: Spying Under the Cover of the World Cup

When the whistle of the first match of the 18 World Cup blew, it didn’t just signal the start of an exciting tournament for football fans worldwide, but also gave the green light...

Malware blog

Checkpoint

30.7.18

Cyber Attack Trends: 18 Mid-Year Report

When it comes to the global cyber threat landscape, threats are ever evolving, keeping organizations, as well as the security research community, constantly challenged. In our Cyber Attack Trends: 18 Mid-Year Report we...

Attack blog

Checkpoint

30.7.18

Deep Dive into UPAS Kit vs. Kronos

By Mark Lechtik Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the back story...

Malware blog

Checkpoint

30.7.18

Scriptable Remote Debugging with Windbg and IDA Pro

Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working SSH server on one of the VMs

Vulnerebility blog

Checkpoint

30.7.18

Remote Code Execution Vulnerability on LG Smartphones

Research by: Slava Makkaveev Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’). These...

Vulnerebility blog

Checkpoint

30.7.18

Telegram: Cyber Crime’s Channel of Choice

Introduction The Dark Web is a hive of illicit activity. From illegal guns and drug dealing to the Ransomware-as-a-Service programs buyers and sellers can use this medium to trade and exchange both knowledge..

Ransomware blog

Checkpoint

30.7.18

SiliVaccine: Inside North Korea’s Anti-Virus

By: Mark Lechtik and Michael Kajiloti Revealed: In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea’s home-grown anti-virus software, SiliVaccine. One of several interesting.

Security blog

Checkpoint

30.7.18

A Crypto Mining Operation Unmasked

Introduction With the emerging threat of miners and the rise of cryptocurrencies that have taken the world by storm lately, Check Point Research has been keeping an eye out for mining campaigns. During

Cryptocurrency blog

Checkpoint

30.7.18

MMap Vulnerabilities – Linux Kernel

By: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this

Vulnerebility blog

Checkpoint

30.7.18

NTLM Credentials Theft via PDF Files

Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can.

Vulnerebility blog

Checkpoint

30.7.18

A New Phishing Kit on the Dark Net

Check Point Research and the cyber intelligence company, CyberInt, have collaborated to discover the next generation in phishing kits, currently being advertised on the Dark Net. Unlike previous kits which are primarily composed.

Phishing blog

Checkpoint

30.7.18

Check Point’s 18 Security Report

2017 was a pivotal year that surprised many in the IT security industry. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to full scale nation state attacks, it is

Security blog

Checkpoint

30.7.18

Uncovering Drupalgeddon 2

By Eyal Shalev, Rotem Reiss and Eran Vaknin Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-18-002 / CVE-18-7600), was disclosed by the Drupal security team. This vulnerability

Vulnerebility blog

Checkpoint

30.7.18

Return of the Festi Rootkit

Festi, a once popular rootkit is back in the wild, distributed mainly by the RIG exploit kit. A long known Windows rootkit, Festi dates back to 2009 where at that time it served.

Exploit blog

Checkpoint

30.7.18

Necurs is Back, Just in Time for Easter

After a drastic decline in the volume of spam coming from the Necurs spambot observed by Check Point Telemetry in the past month, the infamous botnet is back once again and is spreading.

Spam blog

Checkpoint

30.7.18

Tribute to Kris Kaspersky

Just over a year ago one of the greatest minds in the cyber research world sadly passed away. Born in the small Russian village of Uspenskoye, Kris Kaspersky, originally named Nikolay Likhachev, suffered.

Security blog

Checkpoint

30.7.18

RottenSys: Not a Secure Wi-Fi Service At All

Research By: Feixiang He, Bohdan Melnykov, Elena Root Key Findings: RottenSys, a mobile adware, has infected nearly 5 million devices since 2016. Indications show the malware could have entered earlier in the supplier..

Malware blog

Checkpoint

30.7.18

The GandCrab Ransomware Mindset

Key Points: In 18 even ransomware is agile. Learn about the mindset of the GandCrab ransomware developers. Take a deep dive into the inner workings of GandCrab’s operation. Get an overview of two

Ransomware blog

Checkpoint

30.7.18

Guest Accounts Gain Full Access on Chrome RDP

Researchers: Ofer Caspi, Benjamin Berger Chrome Remote Desktop is an extension to the Chrome browser that allows users to remotely access another computer through Chrome browser or a Chromebook. It is fully cross-platform, and.

Security blog

Checkpoint

30.7.18

Check Point Mobile Research Team Looks Back On 2017

The mobile world is extremely dynamic and changes rapidly, so it’s always a little hectic to follow its lead. For this reason, we try to stop every once in a while and take.

Security blog

Checkpoint

30.7.18

Jenkins Miner: One of the Biggest Mining Operations Ever Discovered

The Check Point research team has discovered what could potentially become one of the biggest malicious mining operations ever seen. As seen in our previous report of the RubyMiner, these types of attacks

Cryptocurrency blog

Checkpoint

30.7.18

A New Rig Exploit Kit Campaign Dropping XMRig Miner

Cryptocurrency values may be tumbling but cyber criminals are still hedging their bets on its long term returns. Check Point researchers have discovered a new malvertising campaign leading to the Rig Exploit Kit..

Exploit blog

Checkpoint

30.7.18

DorkBot: An Investigation

Research By: Mark Lechtik Overview: DorkBot is a known malware that dates back to 2012. It is thought to be distributed via links on social media, instant messaging applications or infected removable media.

BotNet blog

Checkpoint

30.7.18

Malware Displaying Porn Ads Discovered in Game Apps on Google Play

Research by: Elena Root & Bogdan Melnykov Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside around 60 game apps, several of which

Malware blog

Checkpoint

30.7.18

‘RubyMiner’ Cryptominer Affects 30% of WW Networks

In the last 24 hours, 30% of networks worldwide have experienced compromise attempts by a crypto-miner targeting web servers. During that period, the lone attacker attempted to exploit 30% of all networks worldwide.

Cryptocurrency blog

Checkpoint

30.7.18

Many Formulas, One Calc – Exploiting a New Office Equation Vulnerability

By: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised.

Vulnerebility blog

Checkpoint

30.7.18

Malicious Flashlight Apps on Google Play

Check Point researchers have detected a new type of adware roaming Google Play, the official app store of Google. The suspicious scripts override the user’s decision to disable ads showing outside of a.

Malware blog

Checkpoint

30.7.18

Huawei Home Routers in Botnet Recruitment

A Zero-Day vulnerability (CVE-2017-17215) in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild..

Vulnerebility blog

Checkpoint

30.7.18

November Cyber Roundup

November was another busy month as people geared up for Black Friday shopping and the pitfalls that brings to both online retailers and consumers alike. Take a look at our quick roundup of..

Cyber blog

Checkpoint

30.7.18

ParseDroid: Targeting The Android Development & Research Community

Researchers: Eran Vaknin, Gal Elbaz, Alon Boxiner, Oded Vanunu Latest research from the Check Point Research Team has revealed several vulnerabilities, that puts each and every organization that does any type of Java/Android..

Malware blog

Checkpoint

30.7.18

Christmas is Coming: The Criminals Await

By Dikla Barda, Roman Zaikin and Oded Vanunu Black Friday symbolizes the start of the end of year shopping season. During this period, online shopping is expected to increase rapidly as consumers search.

Cyber blog

Checkpoint

30.7.18

IoTroop Botnet: The Full Investigation

Last week, thanks to the Check Point web sensor network, our researchers discovered a new and massive IoT Botnet, ‘IoTroop’. Due to the urgency of this discovery, we quickly published our initial findings.

BotNet blog

IoT blog

Checkpoint

30.7.18

Bad Rabbit: The Full Research Investigation

What is this all about? Earlier this week a new ransomware attack dubbed ‘Bad Rabbit’ broke out and has so far affected The Ukraine, Russia, Turkey and Bulgaria.  Various healthcare, media, software and.

Ransomware blog

Checkpoint

30.7.18

A New IoT Botnet Storm is Coming

Key Points: A massive Botnet is forming to create a cyber-storm that could take down the internet. An estimated million organizations have already been scanned with an unknown amount actually infected. The Botnet.

BotNet blog

IoT blog

Checkpoint

30.7.18

The Perfect ‘Inside Job’ Banking Malware

Researchers:  Mark Lechtik and Raman Ladutska The Brazilian cyberspace is known to be a whole ecosystem of its own and, although the banking malware that originates there has traditionally been somewhat basic, recent..

Malware blog

Checkpoint

30.7.18

September’s Most Wanted Malware: Locky Shoots Back Up Global Rankings

Check Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has...

Malware blog

Checkpoint

30.7.18

EternalBlue – Everything There Is To Know

Introduction Since the revelation of the EternalBlue exploit, allegedly developed by the NSA, and the malicious uses that followed with WannaCry, it went under thorough scrutiny by the security community. While many details.

BigBrother blog

Checkpoint

30.7.18

August’s Most Wanted Malware: Banking Trojans and Ransomware That Want Your Money

Check Point’s latest Global Threat Index has revealed that banking trojans were extensively used by cyber-criminals during August with three main variants appearing in the top 10. The Zeus, Ramnit and Trickbot banking..

Ransomware blog

Checkpoint

30.7.18

ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit you in your wallet!

Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges for fake services to users’ accounts without their knowledge. According to...

Malware blog

Checkpoint

30.7.18

Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions

With a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought..

Ransomware blog

Checkpoint

30.7.18

July’s Most Wanted Malware: RoughTed and Fireball Decrease, But Stay Most Prevalent

Check Point’s latest Global Threat Impact Index reveals that that the number of organizations impacted globally by the RoughTed malvertising campaign fell by over a third during July, from 28% to 18%. RoughTed

Malware blog

Checkpoint

30.7.18

Is Malware Hiding in Your Resume?

Eran Vaknin, Dvir Atias, Alon Boxiner The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a..

Malware blog

Checkpoint

30.7.18

Cyber Attack Trends: Mid-Year Report

Looking back at the first half of 2017, the word ransomware is probably one of the first that come to mind, courtesy of WannaCry and the more recent Petya attacks that dominated the.

Cyber blog

Checkpoint

30.7.18

Get Rich or Die Trying: A Case Study on the Real Identity behind a Wave of Cyber Attacks on Energy, Mining and Infrastructure Companies

Over the past 4 months, over 4,000 organizations globally have been targeted by cyber attacks which aim to infect their networks, steal data and commit fraud.  Many of these companies are leading international.

Cryptocurrency blog

Checkpoint

30.7.18

“The Next WannaCry” Vulnerability is Here

This Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “critical”. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull.

Vulnerebility blog

Checkpoint

30.7.18

JavaScript Lost in the Dictionary

Check Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was..

Cyber blog

Checkpoint

30.7.18

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

THE TAKEAWAY Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. IN CONTEXT A large-scale malvertising campaign, RoughTed is used...

Malware blog

Checkpoint

30.7.18

OSX/Dok Refuses to Go Away and It’s After Your Money

Following up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at.

Malware blog

Checkpoint

30.7.18

Hacked in Translation – “Director’s Cut” – Full Technical Details

Background Recently, Check Point researchers revealed a brand new attack vector – attack by subtitles. As discussed in the previous post and in our demo, we showed how attackers can use subtitles files

Attack blog

Checkpoint

30.7.18

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

THE TAKEAWAY: Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May. The top three malware families were...

Malware blog

Checkpoint

30.7.18

How the CopyCat malware infected Android devices around the world

Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues...

Malware blog

Checkpoint

30.7.18

BROKERS IN THE SHADOWS – Part 2: Analyzing Petya’s DoublePulsarV2.0 Backdoor

Background In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again is engaged in another large scale attack. Important.

Malware blog

Checkpoint

30.7.18

Preventing Petya – stopping the next ransomware attack

Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer.

Ransomware blog

Checkpoint

30.7.18

Threat Brief: Petya Ransomware, A Global Attack

[updated 6/28] A worldwide attack erupted on June 27 with a high concentration of hits in Ukraine – including the Ukrainian central bank, government offices and private companies. The attack is distributing what seems..

Ransomware blog

Checkpoint

30.7.18

CrashOverride

On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer–..

Vulnerebility blog

Checkpoint

30.7.18

Anatomy of the Jaff Ransomware Campaign

Last month, Check Point researchers were able to spot the distribution of Jaff Ransomware by the Necurs Botnet. The ransomware was spread using malicious PDF files that had an embedded docm file, which.

Ransomware blog

Checkpoint

30.7.18

FIREBALL – The Chinese Malware of 250 Million Computers Infected

Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware,  Fireball, takes over target browsers and turns.

Malware blog

Checkpoint

30.7.18

BROKERS IN THE SHADOWS: Analyzing vulnerabilities and attacks spawned by the leaked NSA hacking tools

Background Rarely does the release of an exploit have such a large impact across the world. With the recent leak of the NSA exploit methods, we saw the effects of powerful tools in..

BigBrother blog

Checkpoint

30.7.18

The Judy Malware: Possibly the largest malware campaign found on Google Play

Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean

Malware blog

Checkpoint

30.7.18

Hacked in Translation – from Subtitles to Complete Takeover

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers..

Malware blog

Checkpoint

30.7.18

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces Again

Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there..

Malware blog

Checkpoint

30.7.18

Check Point Reveals Global WannaCry Ransomware Infection Map at CPX Europe 2017

Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. With a new Check Point WannaCry Ransomware Infection Map, the researchers were able to track 34,300 attack.

Ransomware blog

Checkpoint

30.7.18

WannaCry – New Kill-Switch, New Sinkhole

Check Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware. In the last few hours we witnessed a stunning...

Ransomware blog

Checkpoint

30.7.18

WannaCry – Paid Time Off?

Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with.

Ransomware blog

Checkpoint

30.7.18

Global Outbreak of WannaCry

[Updated May 17, 2017] On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryp ransomware. We have reports that multiple global organizations are experiencing..

Ransomware blog

Checkpoint

30.7.18

JAFF – A New Ransomware is in town, and it’s widely spread by the infamous Necurs Botnet

Necurs, one of the largest botnets, went offline during the holiday period of 2016 and through the beginning of 2017. However it returned only to shortly peak late in April, spreading Locky using..

Ransomware blog

Checkpoint

30.7.18

DiamondFox modular malware – a one-stop shop

Check Point researchers have conducted a thorough investigation of the DiamondFox malware-as-a-service in collaboration with Terbium Labs, a Dark Web Data Intelligence company. The report includes a review of the malware’s sales procedure...

Malware blog

Checkpoint

30.7.18

Update – OSX/Dok Campaign

Our ongoing investigation of the OSX/DOK campaign has led us to detect several new variants of this malware. These new variants have the same functionality as the previous ones, and are designed to.

Malware blog

Checkpoint

30.7.18

OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated)

People often assume that if you’re running OSX, you’re relatively safe from malware. But this is becoming less and less true, as evidenced by a new strain of malware encountered by the Check.

Malware blog

Checkpoint

30.7.18

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to

Vulnerebility blog

Checkpoint

30.7.18

2016 H2 Global and Regional Threat Intelligence Trends

Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to.

Cyber blog

Checkpoint

30.7.18

An In-depth Look at the Gooligan Malware Campaign

Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30. The report discusses the ins and outs of.

Malware blog

Checkpoint

30.7.18

More Than 1 Million Google Accounts Breached by Gooligan

As a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of..

Malware blog

Checkpoint

30.7.18

ImageGate: Check Point uncovers a new method for distributing malware through images

Check Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these..

Malware blog

Checkpoint

18

Increased Use of a Delphi Packer to Evade Malware Classification

The concept of "packing" or "crypting" a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools.

Malware blog

FireEye

18

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov.

Malware blog

FireEye

18

APT10 Targeting Japanese Corporations Using Updated TTPs

In July 18, FireEye devices detected and blocked what appears to be APT10 (Menupass) activity targeting the Japanese media sector.

APT blog

FireEye

18

Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

FireEye identified a new exploit kit that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region.

Exploit blog

FireEye

18

Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East

FireEye has identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East.

BigBrother blog

FireEye

18

Announcing the Fifth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 18.

Vulnerebility blog

FireEye

18

BIOS Boots What? Finding Evil in Boot Code at Scale!

This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.

Vulnerebility blog

FireEye

18

On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation

On Aug. 1, 18, indictments were unsealed announcing the arrests of three individuals within the leadership ranks of a criminal organization that aligns with activity we have tracked since 2015 as FIN7.

Cyber blog

FireEye

18

Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign

FireEye recently observed a campaign involving Microsoft Office vulnerabilities being used to distribute the FELIXROOT backdoor.

Malware blog

FireEye

18

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

This blog post discusses the various trends that we have been observing related to cryptojacking activity.

Cryptocurrency blog

FireEye