Security News

  • The “notification” ransomware lands in Brazil

    Unlike the previously reported and now decrypted Xpan ransomware, this same-but-different threat from Brazil has recently been spotted in the wild. This time the infection vector is a more massively propagated malicious campaign relying on traditional spam email.
  • Windows zero-day exploit used in targeted attacks by FruityArmor APT

    A few days ago, Microsoft published the "critical" MS16-120 security bulletin with fixes for vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. One of the vulnerabilities - CVE-2016-3393 - was reported to Microsoft by Kaspersky Lab in September 2016.
  • ‘Adult’ video for Facebook users

    In April of this year, we registered some mass attacks on Facebook users in Russia. As a result, many Russian-speaking users of the social network fell victim to fraudsters. Half a year later the fraudsters have used the same tactics to attack Facebook users in Europe.
  • CryPy: ransomware behind Israeli lines

    A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others.
  • Five myths about machine learning in cybersecurity

    Machine learning has long permeated all areas of human activity. I would like to warn about, or dispel, some of the misconceptions associated with the use of ML in the field of cybersecurity.
  • Trust me, I have a pen

    Earlier today we became aware of a malicious website delivering Petya through the Hunter exploit kit. While there is nothing special about yet another exploit kit page, this one caught our attention because it mimics the index page of our sinkhole systems.
  • Wave your false flags!

    Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting ‘False Flag’ timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups.
  • On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users

    What is most interesting about the StrongPity APT's more recent activity however, is their focus on users of encryption tools, peaking this past summer. In particular, the focus was on Italian and Belgian users, but the StrongPity watering holes affected systems in far more locations than those two.
  • Polyglot – the fake CTB-locker

    In this article, we discuss how it is possible to take advantage of errors made in the implementation of a cryptographic scheme, and how mistakes by malware writers allow us to help users restore their encrypted data.
  • TeamXRat: Brazilian cybercrime meets ransomware

    We discovered a new variant of a Brazilian-made ransomware, that is being used to infect local companies and hospitals, directly affecting innocent people, encrypting their files and asking to pay the ransom.

Leave a Reply

Your email address will not be published. Required fields are marked *