Meet Coldroot, a nasty Mac trojan that went undetected for years

A Mac malware that can silently, remotely control a vulnerable computer and steal passwords from a user’s keychain has gone largely unnoticed by antivirus makers for two years — even though the code is readily available to download. Patrick Wardle, chief research officer at Digita Security, revealed in a blog post Tuesday details of Coldroot, a remote […]

AndroRAT: New Android malware strain can hijack older phones

An Android trojan that started out as an open-source project has been updated to allow hackers to gain access to virtually all data on infected devices. Silent installation, shell command execution and the collection of credentials, Wi-Fi passwords and screenshots are just some of the capabilities of AndroRAT, which exploits CVE-2015-1805, a Linux kernel vulnerability that […]

US, International Law Enforcement Shut Down Massive Cybercrime Marketplace

US law enforcement authorities in collaboration with their counterparts in over a dozen nations have taken down a major cybercrime organization that was responsible for some $530 million in losses over the past seven years. Thirty-six individuals from 17 countries have been charged in connection with their alleged roles in the so-called Infraud Organization, including […]

Mac crypto miner distributed via MacUpdate, other software download sites

Software download site/aggregator MacUpdate has been spotted delivering a new Mac crypto miner to users. Stealthy cryptocurrency miners are most often aimed at Windows and browser users (e.g., the Coinhive script), but no one is safe: neither Linux users, nor Mac users, even though cryptocurrency-mining malware targeting Mac machines is a relatively rare occurrence. The first instance […]

Cyberattack Impersonates FBI Internet Crime Complaint Center

A new cyberattack scams people into providing personal data and downloading malicious files by impersonating the Internet Crime Complaint Center (IC3), a division of the FBI intended to give the public a reliable means of reporting suspected illegal activity online. The unknown threat actors emailed targets requesting information so they could be paid restitution. To […]

BEC scams surge, cybercriminals target nearly all organizations

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. “BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise […]

Hardware Security: Why Fixing Meltdown & Spectre Is So Tough

The security world has been rocked by Meltdown and Spectre, two critical hardware security exploits affecting every device from smartphones to desktops to cloud servers. One lesson to learn here is that hardware security alone is not a panacea. Memory isolation is arguably the most important security feature in modern computer architecture. For example, a […]

This unusual new IoT botnet is spreading rapidly via peer-to-peer communication

A new Internet of Things botnet is the first of its kind to use custom-built peer-to-peer communication to spread to new targets. Dubbed Hide ‘N Seek (HNS) by the researchers at security company Bitdefender, the botnet first appeared in early January before disappearing then re-emerging on January 20. The botnet communicates between devices using a decentralised peer-to-peer mechanism. […]

Third Party Risks To Enterprise In A Post Equifax World

In the aftermath of the Equifax breach in which millions of people’s Personally Identifiable Information (PII) was stolen, everyone from press to the Senate has been focused on the customers. The attention is well-deserved, but consumers are not the only ones made more vulnerable by this major breach. Given that so many people’s PII has entered […]

What has the Necurs botnet been up to?

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. It’s difficult to say precisely, but the latest information provided by the Cisco Talos […]