BlueBorne – Bluetooth’s airborne influenza

antispyware

Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability. This includes mobile, desktop, and IoT — roughly accounting for 8.2 billion devices. All operating systems are susceptible — Android, iOS, Windows, and Linux. Dubbed BlueBorne, it exposes several vulnerabilities in the Bluetooth technology. These vulnerabilities open up the potential to … [Read more…]

Threat Landscape for Industrial Automation Systems in H1 2017

Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. The data was … [Read more…]

Deloitte breached by hackers for months

On September 25, 2017, Deloitte announced that they detected a breach of the firm’s global email server via a poorly secured admin email in March of this year. Further, the attackers most likely had control of the server since November of 2016. Deloitte’s initial statement indicated that only six of their consultancy clients were impacted … [Read more…]

Tech support scammers abuse native ad and content provider Taboola to serve malvertising

A large number of publishers – big and small – are monetizing their sites by selling space for companies that provide so-called native advertising, cited as more effective and engaging than traditional banner ads. Indeed, on a news or entertainment site, users are more inclined to click on links and articles thinking that they are … [Read more…]

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity

This post was co-authored by David Sánchez and Jérôme Segura We recently came across a campaign targeting the Saudi Arabia Government via a malicious Word document which at first reminded us of an attack we had previously described on this blog. In our previous research, we detailed how an information stealer Trojan was deployed via … [Read more…]

Elaborate scripting-fu used in espionage attack against Saudi Arabia Government

This post was co-authored by David Sánchez and Jérôme Segura We recently came across a campaign targeting the Saudi Arabia Government via a malicious Word document which at first reminded us of an attack we had previously described on this blog. In our previous research, we detailed how an information stealer Trojan was deployed via … [Read more…]

A simple example of a complex cyberattack

We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it … [Read more…]

Keychain vulnerability in macOS

On Monday, Patrick Wardle, a respected security researcher at Synack and owner of Objective-See, sent a tweet about a keychain vulnerability he had found in macOS High Sierra. As his tweet showed, it is possible for a malicious app to extract, and then exfiltrate, keychain data from High Sierra, with passwords clearly exposed in plain … [Read more…]

Drive-by mining and ads: The Wild Wild West

There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for mining purposes. The Pirate Bay started to run a … [Read more…]

A week in security (September 18 – September 24)

antispyware

Last week, we kept you updated on our blog about the infected versions of CCleaner that were offered as downloads on the official servers. We also warned you against a fake IRS notice that delivers a customized spying tool, some of the threats currently facing gamers, and a Netflix scam that has been doing the … [Read more…]