BEC scams surge, cybercriminals target nearly all organizations

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. “BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise […]

Hardware Security: Why Fixing Meltdown & Spectre Is So Tough

The security world has been rocked by Meltdown and Spectre, two critical hardware security exploits affecting every device from smartphones to desktops to cloud servers. One lesson to learn here is that hardware security alone is not a panacea. Memory isolation is arguably the most important security feature in modern computer architecture. For example, a […]

This unusual new IoT botnet is spreading rapidly via peer-to-peer communication

A new Internet of Things botnet is the first of its kind to use custom-built peer-to-peer communication to spread to new targets. Dubbed Hide ‘N Seek (HNS) by the researchers at security company Bitdefender, the botnet first appeared in early January before disappearing then re-emerging on January 20. The botnet communicates between devices using a decentralised peer-to-peer mechanism. […]

Third Party Risks To Enterprise In A Post Equifax World

In the aftermath of the Equifax breach in which millions of people’s Personally Identifiable Information (PII) was stolen, everyone from press to the Senate has been focused on the customers. The attention is well-deserved, but consumers are not the only ones made more vulnerable by this major breach. Given that so many people’s PII has entered […]

What has the Necurs botnet been up to?

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. It’s difficult to say precisely, but the latest information provided by the Cisco Talos […]

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. They have dubbed the threat Dark Caracal, and have traced its activities to as […]

Four Malicious Google Chrome Extensions Affect 500K Users

The ICEBRG Security Research team discovered four malicious Google Chrome extensions during a routine investigation of anomalous traffic. More than 500,000 users, including workstations in major businesses around the world, have been affected. The team was analyzing an unusual spike in outbound traffic from a workstation at a European VPS provider. Upon further investigation of […]

Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool

An Italian IT company has been using spoofed web pages to quietly distribute an extremely sophisticated Android spyware tool for conducting surveillance on targeted individuals since 2015. In an advisory Tuesday, security vendor Kaspersky Lab described the tool, named Skygofree, as containing location-based audio recording capabilities and other functionality never before seen in the wild. Available telemetry […]

MaMi malware targets Mac OS X DNS settings

A researcher has discovered a strain of malware in the wild which targets Mac OS X users. The malware, dubbed MaMi, was first spotted by security researcher Patrick Wardle after he spotted a forum post on Malwarebytes in which a user said a colleague “accidentally installed something” and this led to DNS hijacking. Despite the user removing the […]

RIG EK Remains Top of Heap, Turns to Cryptomining

Even after a precipitous drop in activity last quarter, security researchers say that the RIG Exploit Kit (RIG EK) still leads the pack when it comes to overall malicious campaigns. And some of them have found that the crooks are expanding their moneymaking horizons by using RIG to take advantage of the cryptocurrency craze bubbling […]