HackDig : Dig high-quality web security articles for hacker

An (un)documented Word feature abused by attackers

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP
Publish At:2017-09-18 17:05 | Read:76 | Comments:0 | Tags:Featured Research Microsoft Word Targeted Attacks Vulnerabil

Miners on the Rise

Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabilities to do so. This results in threat actors receiving cryptocurr
Publish At:2017-09-12 13:30 | Read:182 | Comments:0 | Tags:Research Botnets Cryptocurrencies Malware Descriptions Socia

Dissecting the Chrome Extension Facebook malware

It’s been a few days since Kaspersky Lab’s blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify. After Frans saw David’s tweet about the blog po
Publish At:2017-08-31 14:55 | Read:185 | Comments:0 | Tags:Research Browser Plugins Google Chrome Social Engineering So

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli
Publish At:2017-08-30 19:50 | Read:241 | Comments:0 | Tags:Featured Research APT Cyber espionage Targeted Attacks Turla

Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!” In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy. NeutrinoPOS vs Jimmy The au
Publish At:2017-08-29 07:00 | Read:197 | Comments:0 | Tags:Research Banking Trojan Cryptocurrencies Malware Description

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:378 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:278 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

Cybersecurity Doesn’t Just Happen, You Have to Get a Round Tuit (We Have One For You)

It’s Monday. On the West Coast, Black Hat is over and if you traveled, you should be home. If you didn’t travel, it’s still Monday and there are things to be done. And August starts tomorrow – so you might be thinking, “Bah, let’s get through August and then I’ll refocus.” Not so fast. This is a round tuit. Y
Publish At:2017-07-31 14:15 | Read:688 | Comments:0 | Tags:Threats bbc breaches data priorities research round tuit Sec

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – t
Publish At:2017-07-25 11:30 | Read:223 | Comments:0 | Tags:Research Backdoor malware description Windows

Turning Off Cybersecurity to Increase Productivity Shouldn’t Be How the Problem Gets Solved

It seems security teams are under a lot of pressure from the organization when it comes to the balance between productivity and staying secure. Our infographic below explains how this plays out: with some saying they turn off security and others modifying it. Cybersecurity shouldn’t be this hard and it shouldn’t impact end user behavior. Users s
Publish At:2017-07-24 23:15 | Read:288 | Comments:0 | Tags:Company News 2017 click cybersecurity infographic Infosecuri

Spring Dragon – Updated Activity

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as w
Publish At:2017-07-24 17:05 | Read:205 | Comments:0 | Tags:Research APT Targeted Attacks

A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokers”. These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most effectively of known ransomware to date. With this extraord
Publish At:2017-07-20 07:00 | Read:139 | Comments:0 | Tags:Research ExPetr Ransomware Shadow Brokers Vulnerabilities an

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually suspected of being a scammer. Now, three months after the source code
Publish At:2017-07-19 07:45 | Read:217 | Comments:0 | Tags:Research Banking Trojan Financial malware

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won’t write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it’s plain and simple nonsense. As usual, Vesselin Bontchev, a legend in IT s
Publish At:2017-07-13 22:50 | Read:356 | Comments:0 | Tags:Research ExPetr Petya Ransomware Wiper

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. ‘On the Origin of Species’ The golden age of Trojans and viruses has long gone. Malicious programs
Publish At:2017-07-12 10:00 | Read:428 | Comments:0 | Tags:Research Adware PUPs Trojan

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud