An IRISSCON 2018 roundup

antispyware

Last week, some 400-plus attendees listened to a wide variety of infosec topics at the ninth annual IRISSCON, Ireland’s longest-running security event. I already talked a fair bit about this one a few weeks back, so rather than repeat myself, I’ll let the videos do the talking. First up, the Keynote: Next, a great and … [Read more…]

Persistent drive-by cryptomining coming to a browser near you

Since our last blog on drive-by cryptomining, we are witnessing more and more cases of abuse involving the infamous Coinhive service that allows websites to use their visitors to mine the Monero cryptocurrency. Servers continue to get hacked with mining code, and plugins get hijacked and affect hundreds or even thousands of sites at once. One … [Read more…]

Serious macOS vulnerability exposes the root user

On Tuesday afternoon, a tweet about a vulnerability in macOS High Sierra set off a firestorm of commentary throughout the Twitterverse and elsewhere. It turns out that the issue in question works with any authentication dialog in High Sierra. For example, in any pane in System Preferences, click the padlock icon to unlock it and … [Read more…]

Kaspersky Security Bulletin – Story of the year 2017

 Download the Kaspersky Security Bulletin: Story of the year 2017 Introduction: what we learned in 2017 In 2017, the ransomware threat suddenly and spectacularly evolved. Three unprecedented outbreaks transformed the landscape for ransomware, probably forever. The attacks targeted businesses and used worms and recently leaked exploits to self-propagate, encrypting data and demanding a ransom they … [Read more…]

Please don’t buy this: identity theft protection services

With an ever-increasing tempo of third-party breaches spilling consumer data all across the dark web, a natural impulse for a security-savvy user is to do something proactive to protect their sensitive information. After Equifax, there was an explosion of interest in credit monitoring and identity theft protection services. But most of these services offer limited … [Read more…]

IoT lottery: finding a perfectly secure connected device

Black Friday and Cyber Monday are great for shopping. Vendors flood the market with all kinds of goods, including lots of exciting connected devices that promise to make our life easier, happier and more comfortable. Being enthusiastic shoppers just like many other people around the world, at Kaspersky Lab we are, however paranoid enough to … [Read more…]

Terror exploit kit goes HTTPS all the way

We’ve been following the Terror exploit kit during the past few months and observed notable changes in both its redirection mechanism and infrastructure, which have made capturing it in the wild a more challenging task. Unlike the RIG exploit kit, which uses predictable URI patterns and distribution channels, Terror EK is constantly attempting to evade … [Read more…]

Week in security (November 20 – November 26)

antispyware

Last week we warned you about a new method by which the Mac malware OSX.Proton is being spread, we informed you where all those free Bitcoins you were texted about were being held up, how the EU intends to battle fake news, and how the Terdot Trojan likes social media. We also revealed our 2018 … [Read more…]

Mobile Menace Monday: Chrome declares war on unwanted redirects

As it was introduced earlier this year, Google is initiating their plan to implement a few new changes in Chrome to defend against unwanted web redirects. A redirect happens when a different website from the URL that was entered opens in the browser. Sometimes redirects are intentional, as in when an organization/website is bought out … [Read more…]

Android commercial spyware

There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method. There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is … [Read more…]