News and Information

Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response (EDR) tool. CISA identified three lessons learned from the engagement that illuminate how to effectively mitigate...

Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised...

Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar issues and encouraging them to...

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to...

Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp...

Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate victim computer networks and exfiltrate...

Executive Summary This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff...

Executive summary Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious...

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see...

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see...

Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of...

Summary The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies): United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New...

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for October Source: US-CERT Alerts

Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors’ use...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk...

Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational...

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see...

Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across...

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability CVE-2024-38106 Microsoft Windows Kernel Privilege Escalation Vulnerability CVE-2024-38107 Microsoft Windows...

Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency...

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and...

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS),...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see...

How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National Cyber Security Centre (NCSC) and international partners assess that APT29...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate the cooperation of Volexity, Ivanti,...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with...

SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs,...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one week spent on external testing...

SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear,...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity....

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5...

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as “the authoring agencies”—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023....

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit...

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) are releasing this joint cybersecurity...

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations...

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ)...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July 2023 to gather information from...

SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. IDOR vulnerabilities are access control...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on...

SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data. CISA and...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States...

SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation....

SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure...

Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov...

SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released...

SUMMARY The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P...

APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) are releasing this joint advisory to provide details of tactics, techniques...

SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to...

SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in...

Source: US-CERT Alerts

Source: US-CERT Alerts

Source: US-CERT Alerts

Source: US-CERT Alerts

Original release date: February 9, 2023 Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help...

Original release date: February 8, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and...

Source: US-CERT Alerts

Original release date: January 25, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software....

Original release date: December 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories...

Original release date: November 17, 2022 Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations. Note: This joint Cybersecurity Advisory (CSA) is part of...

Original release date: November 16, 2022 Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched...

Original release date: October 21, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: This joint Cybersecurity...

Original release date: October 6, 2022 Summary This joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). PRC state-sponsored cyber...

Original release date: October 4, 2022 Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication (MFA) on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on network assets. • Audit account usage....

Original release date: September 22, 2022 Summary Traditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat (APT) groups, target...

Original release date: September 21, 2022 Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to...

Original release date: September 14, 2022 Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of...

Original release date: September 6, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize and remediate known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for...

Original release date: August 16, 2022 Summary Actions for ZCS administrators to take today to mitigate malicious cyber activity: • Patch all systems and prioritize patching known exploited vulnerabilities. • Deploy detection signatures and hunt for indicators of compromise (IOCs). • If ZCS was compromised, remediate malicious activity. The Cybersecurity and Infrastructure Security Agency (CISA)...

Original release date: August 11, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for...

Original release date: August 4, 2022 Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user awareness and training...

Original release date: July 6, 2022 Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to...

Original release date: June 30, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for...

Original release date: June 23, 2022 Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. • Minimize the...

Original release date: June 7, 2022 | Last revised: June 8, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber...

Original release date: June 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury),...

Original release date: May 18, 2022 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager...

Original release date: May 18, 2022 Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory...

Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured...

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security...

Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security...

Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity...

Original release date: April 18, 2022 Summary Actions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the...

Original release date: April 13, 2022 Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute...

Original release date: March 24, 2022 Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity Advisory (CSA)—coauthored by...

Original release date: March 17, 2022 Summary Actions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of operations plans are...

Original release date: March 15, 2022 Summary Multifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should enforce MFA for...

Original release date: February 26, 2022 | Last revised: March 1, 2022 Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s...

Original release date: February 24, 2022 Summary Actions to Take Today to Protect Against Malicious Activity * Search for indicators of compromise. * Use antivirus software. * Patch all systems. * Prioritize patching known exploited vulnerabilities. * Train users to recognize and report phishing attempts. * Use multi-factor authentication. Note: this advisory uses the MITRE...

Source: US-CERT Alerts

複雑な環境に埋もれている SOC は今、セキュリティの強化に威力を発揮する統合ソリューションに熱い視線を送っています。 Publish to Facebook:  No 当ブログの以前の記事でも指摘したように、クラウドとモバイルが主流となった今、セキュリティの範囲は不明瞭になってきました。 企業情報の保護を、ファイアウォールだけに頼ることはできません。あまりにも多くのデータが飛び交っており、クラウドとの間を行き来するデータと、ファイアウォールの内側にとどまるデータの量はほとんど変わらなくなってきたからです。そのため、企業各社はさまざまな経路からしかけられる攻撃に備えるべく、多面的なアプローチを重視しています。 read more Source: Symantec

今月は、53 個のパッチがリリースされており、そのうち 17 件が「緊急」レベルです。 Publish to Facebook:  No いつものことですが、ベストプラクティスとして以下のセキュリティ対策を講じることを推奨します。 read more Source: Symantec

シマンテックによる人工知能ベースの TAA（Targeted Attack Analytics）で、広範囲にわたる新しいスパイ活動が明らかになりました。 Publish to Facebook:  No 最近のサイバースパイ活動で特に大きい変化のひとつは、「現地調達型」の戦術を多くのグループが採用するようになったことです。「現地調達型」というのはシマンテックの呼び方で、オペレーティングシステムの機能や正規のネットワーク管理ツールを利用して被害者のネットワークに侵入する行為を指します。その狙いは 2 つです。まず、既存の機能やツールを使うことで、攻撃者は被害者のネットワークに紛れ込み、無数にある正規のプロセスにその攻撃活動を隠そうとします。次に、そうしたツールを利用する悪質な動作が発覚したとしても、攻撃元の特定を困難にすることができます。 read more Source: Symantec

攻撃グループ「Chafer」が盛んな活動を続け、全世界のスパム率は下がった一方、メールマルウェアはわずかながら上昇に転じました。 Publish to Facebook:  No 2 月の「Latest Intelligence（最新インテリジェンス）」が発表されました。脅威を取りまく環境の概況も踏まえながら、その内容をご紹介します。2 月には、攻撃グループ「Chafer」が中東の組織を狙って活発な活動を展開しました。メールマルウェアの比率は依然として低かった一方、Facebook のアカウントにログインしてアカウント情報を盗み出そうとするモバイルマルウェアが出現しています。 read more Source: Symantec

Symantec research shows users to be twice as likely to encounter threats through email as any other infection vector, and the spam rate declines slightly for the second month in a row. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from October’s Latest Intelligence, and the threat landscape in general,...

Group uses custom Felismus malware and has a particular interest in South American foreign policy. Publish to Facebook:  No Twitter Card Style:  summary Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on...

Over 90 Ramnit-infected apps removed from Google Play. Publish to Facebook:  No Twitter Card Style:  summary Contributors: Shaun Aimoto, Martin Zhang Click to Tweet:  Nope, Ramnit worm not ported to #Android. It’s an infected HTML file that drops Ramnit on Win PCs Click to Tweet Acct:  @threatintel read more Source: Symantec

BadRabbit is self-propagating and has many similarities to the June 2017 Petya / NotPetya outbreak. Publish to Facebook:  No Twitter Card Style:  summary A new strain of ransomware called BadRabbit (Ransom.BadRabbit) began spreading yesterday, October 24, 2017, with the vast majority of infection attempts seen in Russia. Click to Tweet:  BadRabbit ransomware uses at least...

Symantec has found eight apps infected with the Sockbot malware on Google Play that can add compromised devices to a botnet and potentially perform DDoS attacks. Publish to Facebook:  No Twitter Card Style:  summary Contributor: Martin Zhang Click to Tweet:  Not all #Android #Minecraft PE skin apps are made equal. Some are malware in disguise....

The Necurs botnet is back again, this time spreading a downloader that takes screen grabs of victims’ desktops and reports encountered errors back to the attackers. Publish to Facebook:  No Twitter Card Style:  summary Contributors: Eduardo Altares, Wei Wang Dai, and Mingwei Zhang Click to Tweet:  Attackers need operational intelligence too. #Necurs downloader now also...

Wi-Fi security under threat from newly discovered WPA2 vulnerabilities Publish to Facebook:  No Twitter Card Style:  summary What is KRACKs? read more Source: Symantec

This month the vendor has patched 62 vulnerabilities, 27 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary_large_image Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has patched 62 vulnerabilities, 27 of which are rated Critical. As always, customers are advised to follow these...

September saw Symantec uncover new activity by the Dragonfly group, and the start of several new Locky spam campaigns. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from September’s Latest Intelligence, and the threat landscape in general, include new activity by the Dragonfly attack group, new Locky spam campaigns, and...

The latest ISTR special report, Email Threats 2017, casts a light on a threat landscape where attackers are actively spreading malicious threats, BEC scams, and a variety of spam through email. Publish to Facebook:  No Twitter Card Style:  summary Hello Sir, Thanks for your response to our order inquiry, I am very sorry to reply...

August saw increases in the malware and spam rates, and new phishing warnings from the IRS Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from August’s Latest Intelligence, and the threat landscape in general, include increases in the email malware and spam rates, new ransomware functionalities, and new phishing warnings...

Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group Background Image on Blogs "Quilted" Page:  EB-Header-image-102_1.jpg Publish to Facebook:  No Twitter Card Style:  summary The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers...

The ransomware landscape has shifted dramatically in 2017 and organizations bore the brunt of the damage caused by new, self-propagating threats such as WannaCry and Petya. Publish to Facebook:  No Twitter Card Style:  summary Click to Tweet:  Ransomware attacks trending upwards in first half of 2017, driven by #WannaCry and #Petya During first 6 months...

Mobile ransomware can now be created automatically without the need to write code. Publish to Facebook:  No Twitter Card Style:  summary Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly...

This month the vendor has patched 48 vulnerabilities, 26 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary This month Microsoft has patched 48 vulnerabilities, 26 of which are rated Critical. As always, customers are advised to follow these security best practices: read more Source: Symantec

Email malware rate continues to increase and WannaCry, Petya inspire other threats to add self-spreading components. Publish to Facebook:  No Twitter Card Style:  summary read more Source: Symantec

The use of fileless threats and dual-use tools by attackers is becoming more common. Publish to Facebook:  No Twitter Card Style:  summary Click to Tweet:  Attackers increasingly using legitimate tools to hide in plain sight All 10 APTs Symantec looked at used system tools in their attacks Click to Tweet Acct:  @threatintel @threatintel read more...

This month the vendor has patched 54 vulnerabilities, 19 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary This month Microsoft has patched 54 vulnerabilities, 19 of which are rated Critical. As always, customers are advised to follow these security best practices: read more Source: Symantec

A rise in instances of a particular bitcoin mining malware for Macs, the chaos causing Petya outbreak, and an increase in phishing emails for the third month in a row. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from June’s Latest Intelligence, and the threat landscape in general, include an...

Petya ransomware impacting large organizations in multiple countries Publish to Facebook:  No Twitter Card Style:  summary A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations.  Similar to WannaCry, Petya uses the Eternal Blue exploit to propagate itself. Click to Tweet:  What we know so far about the #Petya...

This month the vendor has released 94 vulnerabilities, 18 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has released 94 vulnerabilities, 18 of which are rated Critical. As always, customers are advised to follow these...

The WannaCry outbreak dominated the news cycle, while the phishing rate reached a high for 2017. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from May’s Latest Intelligence, and the threat landscape in general, include another increase in the number of web attacks blocked, a peculiar Google phishing scam, and...

Once popular exploit kit redirection campaigns see a significant decline as redirection through malvertising increases Publish to Facebook:  No Twitter Card Style:  summary The exploit kit scene these days strongly resembles a sinking ship—with very few survivors, struggling to keep themselves afloat. read more Source: Symantec

Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments Publish to Facebook:  No Twitter Card Style:  summary Click to Tweet:  Financial threat space 2.5 times bigger than that of ransomware 38% of financial threats were detected in business locations in 2016 Click to Tweet Acct:  @threatintel...

Eastern Europe based attacker’s advanced malware bears comparison with that used by nation-state actors, but basic missteps indicate a threat actor who is skilled but lacking in expertise. Publish to Facebook:  No Twitter Card Style:  summary In attacks reminiscent of the early days of malware, a lone wolf threat actor who appears to be based...

Similarities in code and infrastructure indicate close connection to group that was linked to Sony Pictures and Bangladesh Bank attacks Background Image on Blogs "Quilted" Page:  wannacry.jpg Publish to Facebook:  No Twitter Card Style:  summary Tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus, the group that was responsible for...

Adylkuzz impact and prevalence is much lower than WannaCry Background Image on Blogs "Quilted" Page:  commandcenter.jpg Publish to Facebook:  No Twitter Card Style:  summary There have been reports of another threat, known as Adylkuzz, leveraging MS17-010 to propagate to vulnerable machines. read more Source: Symantec

The WannaCry ransomware struck across the globe in May 2017. Learn how this ransomware attack spread and how to protect your network from similar attacks. Background Image on Blogs "Quilted" Page:  WannaCry-SR-Header-image43_5.jpg Publish to Facebook:  No UPDATE: May 23, 2017 00:30 GMT: read more Source: Symantec

WannaCry ransomware spreads aggressively across networks, holds files to ransom. Publish to Facebook:  No Twitter Card Style:  summary What has happened? On May 12, 2017 a new variant of the Ransom.CryptXXX family (Detected as Ransom.Wannacry) of ransomware began spreading widely impacting a large number of organizations, particularly in Europe. read more Source: Symantec

Number of web attacks blocked by Symantec rises to more than 1 million per day and Longhorn cyber espionage group linked to malware detailed in Vault 7 leak. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from April’s Latest Intelligence, and the threat landscape in general, include an increase in...

This month the vendor has released 56 vulnerabilities, 17 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has released 56 vulnerabilities, 17 of which are rated Critical. As always, customers are advised to follow these...

The Hajime worm appears to be the work of a white hat hacker attempting to wrestle control of IoT devices from Mirai and other malicious threats. Publish to Facebook:  No Twitter Card Style:  summary A battle is raging for control of Internet of Things (IoT) devices. There are many contenders, but two families stand out:...

Number of blocked web attacks increases to highest level since July 2016 and Necurs botnet returns with new spam campaigns. Background Image on Blogs "Quilted" Page:  EB-Stats-01.jpg.jpeg Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from March’s Latest Intelligence, and the threat landscape in general, include the number of blocked...

Changes in Google’s newest mobile OS will impact the functionality of many Android ransomware threats. Publish to Facebook:  No Twitter Card Style:  summary The first developer preview of Google’s latest mobile operating system, Android O, has been released. As usual, the newest version of Android has several new features and updates. One of those updates...

This month the vendor has released 44 vulnerabilities, 13 of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has released 44 vulnerabilities, 13 of which are rated Critical. As always, customers are advised to follow these...

Alleged botnet operator arrested in Spain, faces multiple charges in the US. Publish to Facebook:  No Twitter Card Style:  summary The US Justice Department has launched a coordinated takedown operation to disrupt and dismantle the Kelihos botnet (also known as Waledac). Click to Tweet:  Spam botnet #Kelihos/#Waledac hit by major FBI takedown and arrest of...

First evidence linking Vault 7 tools to known cyberattacks. Publish to Facebook:  No Twitter Card Style:  summary Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its customers from...

Fake emulators for newly released Nintendo console used as bait to get users to fill out survey scams and download potentially unwanted applications. Publish to Facebook:  No Twitter Card Style:  summary Over the last few weeks, scammers have been trying to dupe users into believing that a software emulator exists for the Nintendo Switch, the...

Unexplained three-month absence resulted in a seven-fold decrease in rate of emails containing malware. Publish to Facebook:  No Twitter Card Style:  summary After a near three-month period of inactivity, the Necurs botnet sprang back to life last week and resumed the mass mailing spam campaigns for which it has become notorious. Click to Tweet:  #Necurs...

A new spam campaign targeting German users uses victims’ real details and installs banking malware on compromised computers. Publish to Facebook:  No Twitter Card Style:  summary A spam campaign Symantec observed in January 2017 targeting people who live in Germany appears to be, once again, using detailed, real personal information to enhance the believability of...

This month the vendor is releasing 18 bulletins, nine of which are rated Critical. Publish to Facebook:  No Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing 18 bulletins, nine of which are rated Critical. As always, customers are advised to follow these...

Emails claim to be from HSBC and ask recipients to install fake Rapport security software. Publish to Facebook:  No Twitter Card Style:  summary Last month, Symantec detected a spam campaign mainly targeting financial institutions, which used social engineering to try trick victims into installing “virus detection software” that was in fact an information stealing Trojan...

Number of new malware variants reaches highest level since October 2016 and Symantec uncovers a wider campaign carried out by Shamoon attackers. Publish to Facebook:  No Twitter Card Style:  summary Some of the key takeaways from February’s Latest Intelligence, and the threat landscape in general, include the highest increase in malware variants since October 2016,...

Recent attacks involving the destructive malware Shamoon appear to be part of a much wider campaign in the Middle East and beyond. Publish to Facebook:  No Twitter Card Style:  summary Recent attacks involving the destructive malware Shamoon (W32.Disttrack.B) were launched by attackers conducting a much wider campaign in the Middle East. While the attackers have...

Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input. Blog Feature Image:  EB-Header-image109.jpeg Publish to Facebook:  No Twitter Card Style:  summary Being a good listener is normally considered an admirable quality in a person; however, it isn’t a quality you necessarily want to find in a piece of malware. The latest...

Cybersecurity consortium formally establishes rapid security intelligence sharing system to combat cybercrime and advanced attacks. Blog Feature Image:  EB-Stats-02.jpeg Twitter Card Style:  summary Symantec is one of the six founding members of the Cyber Threat Alliance (CTA) which yesterday announced its formal incorporation as a not-for-profit entity. The organization also announced the appointment of former...

New variants of Sage ransomware sport Cerber-like behavior, although no definitive link was found between the two families. Twitter Card Style:  summary Symantec Security Response has recently discovered the Sage 2.0 ransomware (Ransom.Cry) being delivered by the Trojan.Pandex spambot, which we have previously seen sending JS downloaders with spambots, banki Click to Tweet:  Sage 2.0...

Watering hole attacks attempt to infect more than 100 organizations in 31 different countries. Blog Feature Image:  virtual_abstraction.jpg Twitter Card Style:  summary Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or “watering holes” to infect pre-selected...

The email malware rate drops due to Necurs botnet inactivity and two new Android malware families appeared. Blog Feature Image:  intelligence.jpg Twitter Card Style:  summary Some of the key takeaways from January’s Latest Intelligence, and the threat landscape in general, include a lull in activity from the Necurs botnet affecting the email malware rate, new...

The email malware rate drops due to Necurs botnet inactivity and the Angler exploit kit makes a surprise comeback. Twitter Card Style:  summary Some of the key takeaways from January’s Latest Intelligence, and the threat landscape in general, include a lull in activity from the Necurs botnet affecting the email malware rate, the return of...

Android ransomware is now using dropper techniques to drop malware on rooted devices as well as an inefficient 2D barcode ransom demand. Blog Feature Image:  phone-alert.jpg Twitter Card Style:  summary Android.Lockdroid.E has been seen using a dropper technique to drop a version of itself on rooted Android devices. While this is not an uncommon technique,...

Android ransomware is now using dropper techniques to drop malware on rooted devices as well as an inefficient 2D barcode ransom demand. Twitter Card Style:  summary Android.Lockdroid.E has been seen using a dropper technique to drop a version of itself on rooted Android devices. While this is not an uncommon technique, this is the first...

Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user's knowledge. Blog Feature Image:  EB-generic-tablet.jpeg Twitter Card Style:  summary Contributor: Martin Zhang Summary: Three apps on Google Play use delayed attacks, self-naming tricks, and...

Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user's knowledge. Twitter Card Style:  summary Contributor: Martin Zhang Summary: Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated...

Greenbug may answer the question of how Shamoon obtains the stolen credentials needed to carry out its disk-wiping attacks. Twitter Card Style:  summary Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Click to Tweet:  Is there a...

Greenbug may answer the question of how Shamoon obtains the stolen credentials needed to carry out its disk-wiping attacks. Twitter Card Style:  summary Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Click to Tweet:  Is there a...

This month the vendor has released four bulletins, one of which is rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has released four bulletins, one of which is rated Critical. As always, customers are advised to follow these security best practices: read...

This month the vendor has released 4 bulletins, one of which is rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor has released 4 bulletins, one of which is rated Critical. As always, customers are advised to follow these security best practices: read...

Attackers could gain full control over passenger bookings, cancel flights, and steal sensitive information with leaked booking codes. Twitter Card Style:  summary While waiting for my flight to begin boarding at a European airport recently, I noticed that one of the screens at the gate showed a timed-out web browser window. Being curious and more...

Attackers could gain full control over passenger bookings, cancel flights, and steal sensitive information with leaked booking codes. Twitter Card Style:  summary While waiting for my flight to begin boarding at a European airport recently, I noticed that one of the screens at the gate showed a timed-out web browser window. Being curious and more...

The number of web attacks blocked per day were up by almost 100,000, and Symantec helps law enforcement crack down on cybercrime. Twitter Card Style:  summary Some of the key takeaways from December’s Latest Intelligence, and the threat landscape in general, include an increase in the number of web attacks blocked by Symantec, the return...

The number of web attacks blocked per day were up by almost 100,000, and Symantec helps law enforcement crack down on cybercrime. Twitter Card Style:  summary Some of the key takeaways from December’s Latest Intelligence, and the threat landscape in general, include an increase in the number of web attacks blocked by Symantec, the return...

Symantec’s assistance paves way for long-running FBI investigation into gang that stole up to $35 million from victims. Blog Feature Image:  ThinkstockPhotos-517416880.jpg Twitter Card Style:  summary Three Romanian men have been indicted in the US for allegedly operating a longstanding fraud operation known as Bayrob that conned victims out of millions of dollars. read more...

Symantec’s assistance paves way for long-running FBI investigation into gang that stole up to $35 million from victims. Twitter Card Style:  summary Three Romanian men have been indicted in the US for allegedly operating a longstanding fraud operation known as Bayrob that conned victims out of millions of dollars. read more Source: Symantec

Email malware nearly doubles to one in 85 emails and spam rate rises for third month in a row. Twitter Card Style:  summary Some of the key takeaways from November’s Latest Intelligence, and the threat landscape in general, include an increase in phishing emails, a drop in the number of new malware variants, the return...

This month the vendor is releasing 12 bulletins, six of which are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins, six of which are rated Critical. As always, customers are advised to follow these security best practices: read...

Symantec analyzed 111 threat families that use PowerShell, finding that they leverage the framework to download payloads and traverse through networks. Twitter Card Style:  summary Click to Tweet:  PowerShell threats are on the rise: 95.4% of the scripts Symantec analyzed were malicious Click to Tweet Acct:  @threatintel read more Source: Symantec

Symantec plays part in takedown of the Avalanche malware-hosting network. Twitter Card Style:  summary The Avalanche malware-hosting network has been dealt a severe blow following the takedown of infrastructure used by at least 17 malware families. read more Source: Symantec

Malware hit targets in Saudi Arabia and was configured to wipe disks on November 17. Twitter Card Style:  summary Shamoon (W32.Disttrack), the aggressive disk-wiping malware which was used in attacks against the Saudi energy sector in 2012, has made a surprise comeback and was used in a fresh wave of attacks against targets in Saudi...

New variant of malware used in attacks that knocked 900,000 home internet users offline. Blog Feature Image:  exploit_skull.jpg Twitter Card Style:  summary A new wave of attacks involving the Mirai botnet has crippled internet access for nearly a million home users in Germany. The latest attacks used a new version of the Mirai malware (Linux.Gafgyt.B)...

Mysterious threat group infects organizations using malicious key generators for pirated software. Twitter Card Style:  summary The group behind the Gatak Trojan (Trojan.Gatak) continues to pose a threat to organizations, with the healthcare sector in particular heavily affected by attacks. Gatak is known for infecting its victims through websites promising product licensing keys for pirated...

New Android.Fakebank.B variants use social engineering to bypass a battery-saving process and stay active in the background. Twitter Card Style:  summary Recent variants of Android.Fakebank.B have been updated to work around the battery-saving process Doze. The variants display a pop-up message asking the user to add the threat to the Battery Optimizations exceptions whitelist. read...

Number of new malware variants rises to over 96 million and global spam hits highest rate in nearly a year. Twitter Card Style:  summary Some of the key takeaways from October’s Latest Intelligence, and the threat landscape in general, include a sudden spike in new malware variants, spam reaching the highest rate in almost a...

Business email compromise scammers have gradually changed their tactics to improve their scam success rate. Twitter Card Style:  summary Symantec has been continuously tracking scam emails targeting businesses with fake wire transfer requests, and found that scammers behind these Business Email Compromise (BEC) emails have added some tricks to increase their chances of success. Click...

This month the vendor is releasing 14 bulletins, six of which are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins, six of which are rated Critical. As always, customers are advised to follow these security best practices: read...

Botnet has grown by exploiting weak security on a range of IoT devices. Twitter Card Style:  summary A distributed denial of service attack (DDoS) on DNS provider Dyn last week managed to disrupt an array of the internet’s biggest websites, including Spotify, Twitter, and PayPal. read more Source: Symantec

The latest Android.Lockscreen variants declare their activity as part of the launcher category to get around Android's security restrictions. Twitter Card Style:  summary New variants of Android.Lockscreen are using a simple, yet effective technique to improve their chances of successfully compromising devices. Click to Tweet:  Android.Lockscreen variant masquerades as launcher to sidestep security restrictions Click...

Adobe patches vulnerability (CVE-2016-7855) which was being used in a limited number of targeted attacks. Twitter Card Style:  summary A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). read more Source: Symantec

Adobe patches vulnerability (CVE-2016-7855) which was being used in a limited number of targeted attacks. Twitter Card Style:  summary A newly discovered zero-day vulnerability in Adobe Flash player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). read more Source: Symantec

Tech support scammers have begun using code obfuscation to avoid detection. Twitter Card Style:  summary Tech support scams remain one of the major and evolving forces in the computer security landscape. Between January 1 and April 30 this year, the Internet Crime Complaint Center (IC3) received 3,668 complaints related to tech support scams, which amounted...

Malicious actors are abusing a free VoIP service for gamers to distribute remote access Trojans, as well as infostealers and downloaders. Twitter Card Style:  summary Discord, a free VoIP service designed for gaming communities, has had its chat servers abused to host malware. Click to Tweet:  Attackers abuse Discord chat servers to deliver remote access...

As the presidential election draws near, the level of malware and spam activity attempting to capitalize on interest in the campaigns of Donald Trump and Hillary Clinton has risen. Twitter Card Style:  summary Over the past month, Symantec has blocked almost 8 million spam emails relating to the US presidential election. The volume of spam...

Original release date: October 14, 2016 Systems Affected Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data Overview Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can...

Trojan.Ascesso has been observed trying to send out thousands of student loan forgiveness scam emails. Twitter Card Style:  summary According to reports, 42 million people owe US$1.3 trillion in student debt in America today. With most of these student loans being government-backed, the student debt industry in America is big business and estimated to be...

Ransomware attack groups among the most frequent users of new tactic. Twitter Card Style:  summary_large_image Symantec has seen a major increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments over the past three months. Ransomware groups in particular have been employing this new tactic. read more Source: Symantec

This month the vendor is releasing 10 bulletins, five of which are rated Critical. Blog Feature Image:  microsoftpatch.png Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing 10 security bulletins, five of which are rated Critical. As always, customers are advised to follow...

Multiple banks attacked by Carbanak-linked group. Blog Feature Image:  globepoints.jpg Twitter Card Style:  summary Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide. These attacks appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors. Click to Tweet:  Banks & other...

Multiple banks attacked by Carbanak-linked group. Twitter Card Style:  summary Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide. These attacks appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors. Click to Tweet:  Banks & other financial targets hit by...

Multiple banks attacked by Carbanak-linked group. Twitter Card Style:  summary Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide. These attacks appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors. Click to Tweet:  Banks & other financial targets hit by...

The RIG exploit kit was the most active web attack toolkit in September and the number of new malware variants reached its highest point of the last year. Twitter Card Style:  summary The Latest Intelligence page has been refreshed through September 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware,...

The RIG exploit kit was the most active web attack toolkit in September and the number of new malware variants reached its highest point of the last year. Twitter Card Style:  summary The Latest Intelligence page has been refreshed through September 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware,...

Alex Gibney's film highlights Eric Chien and Liam O'Murchu's research on Stuxnet and cyberattacks. Blog Feature Image:  zero_days_trailer.png Twitter Card Style:  summary This summer, we saw the release of Zero Days, a documentary by Oscar-winning director Alex Gibney which examines the impact of cyberattacks perpetrated by countries around the world. As national governments move towards...

Alex Gibney's film highlights Eric Chien and Liam O'Murchu's research on Stuxnet and cyberattacks. Twitter Card Style:  summary This summer, we saw the release of Zero Days, a documentary by Oscar-winning director Alex Gibney which examines the impact of cyberattacks perpetrated by countries around the world. As national governments move towards using covert attacks on...

The latest Android.Lockscreen variants are using new techniques to improve their chances of obtaining ransom money. Blog Feature Image:  ThinkstockPhotos-503266042.jpg Twitter Card Style:  summary_large_image New variants of Android.Lockscreen are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom. read more Source: Symantec

The latest Android.Lockscreen variants are using new techniques to improve their chances of obtaining ransom money. Twitter Card Style:  summary_large_image New variants of Android.Lockscreen are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom. read more Source: Symantec

Scammers are spoofing the popular TaiG jailbreaking site to offer a fake iOS 9.2.1 jailbreak tool that leads to a donation page. Twitter Card Style:  summary With each new iOS release, a large number of users wait eagerly for the corresponding and inevitable jailbreak solution. Although jailbreaking compromises the security of the device, users resort...

Newly observed techniques used by Android malware authors attempt to make things more difficult for victims and security products. Twitter Card Style:  summary Contributors: Tommy Dong, Martin Zhang Recently, a number of new techniques have been discovered that not only help Android malware evade detection but also help it stay installed even when detection has...

Malware is infesting a growing number of IoT devices, but their owners may be completely unaware of it. Twitter Card Style:  summary Malware targeting the Internet of Things (IoT) has come of age and the number of attack groups focusing on IoT has multiplied over the past year. 2015 was a record year for IoT...

This month the vendor released 13 bulletins, six of which are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor released 13 bulletins, six of which are rated Critical. As always, customers are advised to follow these security best practices: read more Source:...

Our Latest Intelligence reveals that the number of new malware variants hit 45.5 million in August, the highest level seen since last year. Twitter Card Style:  summary The Latest Intelligence page has been refreshed through August 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful...

Original release date: September 06, 2016 Systems Affected Network Infrastructure Devices  Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve...

Several organizations in Hong Kong are being targeted by a cyberespionage group known as Buckeye. Twitter Card Style:  summary Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to have been operating for well over half a decade. Traditionally, the group attacked organizations in the US...

Users of iPhones and other iOS devices are advised to upgrade to the latest version of the operating system. Twitter Card Style:  summary Three zero-day vulnerabilities in Apple’s iOS mobile operating system are being exploited in the wild in targeted attacks. The vulnerabilities, collectively dubbed “Trident”, can be exploited by attackers to remotely jailbreak Apple...

Malicious attachment contains Adwind cross-platform remote access Trojan. Twitter Card Style:  summary Contributors: Paul Mangan, Kevin Savage Cybercriminals are using clickbait, promising a video showing Democratic Party presidential nominee Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails. read more Source: Symantec

A new attack group has released a data dump of leaked exploits and hacking tools they claim belong to the Equation group. Twitter Card Style:  summary An attack group calling itself the Shadow Brokers has released a trove of data it claims to have stolen from the Equation cyberespionage group. The data contains a range...

The creators of Shark have made it freely available, but demand a 20 percent cut of its profits. Blog Feature Image:  currency.jpg Twitter Card Style:  summary A new type of ransomware known as Shark (Trojan.Ransomcrypt.BG) is being distributed on the cyberunderground. read more Source: Symantec

The creators of Shark have made it freely available, but demand a 20 percent cut of its profits. Twitter Card Style:  summary A new type of ransomware known as Shark (Trojan.Ransomcrypt.BG) is being distributed on the cyberunderground. read more Source: Symantec

Scammers are hacking Instagram accounts and altering profiles with sexually suggestive imagery to lure users to adult dating and porn spam. Twitter Card Style:  summary Earlier this year, we reported an influx of fake Instagram profiles luring users to adult dating sites. Over the last few months, we have observed Instagram accounts being hacked and...

This month the vendor is releasing nine bulletins, six of which are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins, six of which are rated Critical. As always, customers are advised to follow these security best practices: read...

Low-profile group uses Remsec malware to spy on targets in Russia, China, and Europe. Twitter Card Style:  summary_large_image A previously unknown group called Strider has been conducting cyberespionage-style attacks against selected targets in Russia, China, Sweden, and Belgium. The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks. read...

A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer. Twitter Card Style:  summary Symantec has discovered a new ransomware variant that pretends to originate from Microsoft and uses social engineering techniques to trick the victim into calling a toll-free number to “reactivate” Windows....

Our latest intelligence reveals that the Neutrino toolkit’s activity rose more than 10 percentage points in July. Twitter Card Style:  summary The Latest Intelligence page has been refreshed through July 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here are some key...

The new Trojan can be used to steal information and passwords from compromised computers. Twitter Card Style:  summary Symantec recently noticed that an Italian malware author called z3r0 is selling a new remote access Trojan in an underground forum. The software is a back door threat that can be purchased for somewhere between US$58 and...

The HTML Source Code Viewer app by Sunuba Gaming poses as a development tool then steals pictures and videos from mobile devices. Twitter Card Style:  summary Contributor: Tommy Dong Click to Tweet:  Another app that steals your pictures and videos found on Google Play Norton's AppAdvisor can warn you before you download a malicious app...

Symantec finds that Patchwork now targets a variety of industries in the US, China, Japan, South East Asia, and the UK. Twitter Card Style:  summary The Patchwork attack group has been targeting more than just government-associated organizations. Our research into the group found that it’s been attacking a broad range of industries, including aviation, broadcasting,...

Scammers drive users to fake verification site that signs them up to adult webcam and erotic video websites. Twitter Card Style:  summary In recent weeks, we have noticed spam activity on Tinder claiming to promote safety in online dating in messages to users. This is used as a lure to funnel affiliate money into the...

New Symantec report finds ransomware numbers and ransom demands are on the rise, with corporations increasingly coming into the line of fire. Twitter Card Style:  summary read more Source: Symantec

Malicious macros made a comeback in 2015 to deliver malware. Now we’re seeing phishing emails use macros in Excel attachments to steal sensitive banking details. Twitter Card Style:  summary In 2015, we saw malicious Microsoft Office macros return with a vengeance, delivering a plethora of threats ranging from ransomware to banking Trojans. Now, we’ve found...

New Android.Fakebank variants intercept calls to banks’ customer care centers to stop victims from cancelling their stolen payment cards. Twitter Card Style:  summary In March 2016, newer variants of the Android.Fakebank.B family arrived with call-barring functionality. The feature aims to stop customers of Russian and South Korean banks from cancelling payment cards that the malware...

Pokemon Go has become a global sensation, but it has also attracted the attention of scammers and attackers. Find out how to protect your mobile device on your quest to become a Pokemon master. Twitter Card Style:  summary Pokemon Go has generated huge interest around the world. Despite only being launched in a limited amount...

This month the vendor is releasing 11 bulletins, five of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

More than 400 companies are targeted with BEC scams every day. Find out more and learn how to stay protected. Twitter Card Style:  summary_large_image Business email compromise (BEC), or CEO fraud, continues to be the bane of companies in 2016. BEC scams are low-tech financial fraud in which spoofed emails from CEOs are sent to...

Our latest intelligence reveals nearly a 30 percentage point drop in web attacks using Angler and a 20 percentage point increase in Manual Sharing social media scams. Twitter Card Style:  summary The Latest Intelligence page has been refreshed through June 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam,...

Original release date: July 05, 2016 Systems Affected All Symantec and Norton branded antivirus products Overview Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Description The...

The upcoming version of Android introduces a new condition so the "resetPassword" API cannot be used to reset a device’s password. The change impacts both ransomware and disinfectors. Twitter Card Style:  summary Android.Lockdroid.E variants with new functionality emerged during the last quarter of 2015 as part of the continued Android ransomware evolution. read more Source:...

The Beaver Gang Counter app uses a time-delay attack in an attempt to evade security measures. Twitter Card Style:  summary Contributor: Tommy Dong Symantec has discovered an app on Google Play that steals photos and videos from the popular social media app Viber. Beaver Gang Counter masquerades as a score keeping app for a popular card...

Quiet period for several major threat groups may be indirectly related to arrests in Russia. Blog Feature Image:  commandcenter.jpg Twitter Card Style:  summary There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. read more Source: Symantec

Symantec customers protected against critical vulnerability (CVE-2016-4171) due to be patched tomorrow. Twitter Card Style:  summary A new zero-day vulnerability in Adobe Flash player is being exploited in limited, targeted attacks. The vulnerability (CVE-2016-4171) is due to be patched tomorrow, June 16. read more Source: Symantec

This month the vendor is releasing 16 bulletins, five of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Our latest intelligence reveals Angler responsible for over 51 percent of exploit kit attacks, and one email in every 134 is now malicious. Twitter Card Style:  summary read more Source: Symantec

PUA downloaders are disguising themselves as torrents for pirated copies of Assassin’s Creed Syndicate and The Witcher 3 to install multiple different PUAs on users’ computers. Twitter Card Style:  summary read more Source: Symantec

Android banking and ad-fraud Trojans leverage ideas found in GitHub-hosted open source projects and use UsageStats API to bypass Android 5.0 and 6.0 security enhancements. Twitter Card Style:  summary read more Source: Symantec

Bank in Philippines was also targeted by attackers, whose malware shares code with tools used by Lazarus group. Twitter Card Style:  summary Symantec has found evidence that a bank in the Philippines has also been attacked by the group that stole US$81 million from the Bangladesh central bank and attempted to steal over $1 million...

Android.Bankosy and Android.Cepsohord are capable of working with the new runtime permission model introduced in Android 6.0 Marshmallow. Twitter Card Style:  summary read more Source: Symantec

Over 2,500 Twitter accounts were compromised to post links to adult dating and sex personals. Twitter Card Style:  summary_large_image More than 2,500 Twitter accounts have been compromised to tweet links to websites specializing in adult dating and sex personals. The attackers also changed the profile photo, biography, and full name of the accounts to promote...

Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [1]. In combination with the New generic Top...

A worm is exploiting an old vulnerability to spread across Ubiquiti routers running outdated firmware. Twitter Card Style:  summary read more Source: Symantec

Suckfly conducted long-term espionage campaigns against government and commercial organizations in India. Twitter Card Style:  summary read more Source: Symantec

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1]. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications. The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in...

Microsoft has patched an Internet Explorer zero-day vulnerability (CVE-2016-0189), which was exploited in targeted attacks in South Korea. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing 16 bulletins, eight of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Our latest intelligence reveals Nuclear exploit kit comprised 42 percent of all web attacks, and 71 percent of all social scams spread through manual sharing. Twitter Card Style:  summary read more Source: Symantec

Mobile financial malware authors may borrow tricks from adware by using Android’s accessibility service to circumvent OS improvements. Twitter Card Style:  summary read more Source: Symantec

Compromised websites and spear-phishing emails used to infect targets with Daserf Trojan Blog Feature Image:  globepoints.jpg Twitter Card Style:  summary Contributor: Gavin O’Gorman read more Source: Symantec

Presidential primary apps can gather a lot of information and may expose sensitive data. Twitter Card Style:  summary Contributor: Shaun Aimoto read more Source: Symantec

Original release date: April 14, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime...

This month the vendor is releasing 13 bulletins, six of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Exploit kits (EKs) including Magnitude and Nuclear have begun to exploit a type confusion vulnerability in Adobe Flash Player (CVE-2016-1019). Twitter Card Style:  summary read more Source: Symantec

The Latest Intelligence for March 2016 reveals that the average number of mobile malware variants has reached 50 per family. Twitter Card Style:  summary read more Source: Symantec

Patch due to be published this week for critical new Adobe Flash vulnerability CVE-2016-1019. Twitter Card Style:  summary Adobe has said it will soon issue an update for Flash Player, following the discovery of a critical vulnerability that is being exploited in the wild. read more Source: Symantec

A new crypto-ransomware variant may indicate a shift towards targeting businesses with malware that encrypts their files. Twitter Card Style:  summary read more Source: Symantec

Symantec Security Response outlines tax-related scams that individuals and businesses should not fall for during each tax season. Twitter Card Style:  summary read more Source: Symantec

Original release date: March 31, 2016 Systems Affected Networked Systems Overview In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it...

Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use. Twitter Card Style:  summary read more Source: Symantec

Backdoor.Dripion was custom developed, deployed in a highly targeted fashion, and used command and control servers disguised as antivirus company websites. Twitter Card Style:  summary read more Source: Symantec

The attackers mainly used Brobot malware to build a botnet of compromised servers to perform DDoS attacks against US banks and other organizations. Twitter Card Style:  summary read more Source: Symantec

Malware authors are signing threats with multiple digital certificates to account for a shift from SHA1 to SHA2. Twitter Card Style:  summary Contributor: Jeet Morparia read more Source: Symantec

CVE-2016-1788 is difficult to exploit, but within the capabilities of nation state attackers. Users are advised to update to iOS 9.3 to reduce the risk of attack. Blog Feature Image:  imessage-vulnerability-header.jpg Twitter Card Style:  summary read more Source: Symantec

Although detections dropped, financial Trojans are becoming far more capable and criminals are increasingly targeting institutions directly. Twitter Card Style:  summary read more Source: Symantec

A China-based APT group has an insatiable appetite for stolen code-signing certificates. Twitter Card Style:  summary read more Source: Symantec

The Latest Intelligence for February 2016 reveals that one in every 125 emails sent last month contained malware. Twitter Card Style:  summary read more Source: Symantec

Phishing attacks have linked back to YouTube channels where phishers explain their attacks and promote their tools while looking for buyers. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing 13 bulletins, five of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Compromised BitTorrent installer used to spread ransomware that encrypts files on Mac OS X computers. Twitter Card Style:  summary read more Source: Symantec

An Indian restaurant recommendation site contains injected code which redirects users to the Angler EK, which in turn drops TeslaCrypt (Trojan.Cryptolocker.N) on the computer. Twitter Card Style:  summary read more Source: Symantec

Prolific scammers that consistently target businesses in CEO fraud attempts have recently branched out into W2 related fraud schemes. Twitter Card Style:  summary read more Source: Symantec

New SSL/TLS vulnerability (CVE-2016-0800) could allow attackers to obtain encryption keys. Twitter Card Style:  summary read more Source: Symantec

Spam campaign baits users with Visa Total Rewards emails containing malware that leads to Trojan.Cryptolocker.N infections. Twitter Card Style:  summary read more Source: Symantec

A cross-industry initiative aims to tackle a disruptive attack group called Lazarus. Attacks linked with the threat actor targeted the US and South Korea, and some involved destructive malware. Twitter Card Style:  summary read more Source: Symantec

Attackers used legitimate tools on mobile devices to create variants of Android.Lockdroid.E. Twitter Card Style:  summary read more Source: Symantec

Employees at six Russian banks were sent spoofed emails delivering Trojan.Ratopak in a narrow, targeted attack. Twitter Card Style:  summary read more Source: Symantec

Trojan.Cidox and Trojan.Bebloh among threats used by spammers tailoring spam for specific countries, including Brazil, India, and now Japan. Twitter Card Style:  summary_large_image read more Source: Symantec

Millions of spam emails spread new ransomware variant on the day it first appeared. Twitter Card Style:  summary read more Source: Symantec

Malicious spam campaign capitalizes on the global interest in the virus to deliver JS.Downloader. Twitter Card Style:  summary Contributor: Nolan Kent read more Source: Symantec

Built to harvest the banking credentials of victims, the virulent Dridex is now one of the most dangerous pieces of financial malware in circulation. Twitter Card Style:  summary read more Source: Symantec

The Latest Intelligence for January 2016 shows an increase in fake offer social media scams and a decrease in spear-phishing activity. Twitter Card Style:  summary read more Source: Symantec

Attackers can take advantage of February’s increased download rates for apps related to Valentine's Day and dating to spread malware. Twitter Card Style:  summary read more Source: Symantec

Attackers steal users’ Netflix credentials and add them to black markets focused on providing access to the streaming service for cheaper prices. Twitter Card Style:  summary Netflix’s popularity has sharply grown since its creation in 1997. The company recently launched its streaming service globally. It is now available in more than 190 regions around the...

This month the vendor is releasing 13 bulletins, six of which are rated Critical. Twitter Card Style:  summary t read more Source: Symantec

Attackers have disguised information-stealing and Bitcoin malware as third-party add-ons and cheats for Blizzard’s online card game. Twitter Card Style:  summary read more Source: Symantec

Symantec telemetry confirms virtual cessation of activity around Dyre Trojan following Russian law enforcement operation. Twitter Card Style:  summary read more Source: Symantec

Spam campaign targets Portuguese-speaking firms in Brazil and other regions to deliver malware and steal sensitive data. Twitter Card Style:  summary read more Source: Symantec

The Latest Intelligence page launches on the Security Response website this week and comes with new features for presenting and sharing threat landscape information. Twitter Card Style:  summary read more Source: Symantec

Android.Lockdroid.E poses as a porn app and tricks users into giving it admin rights. Almost 67 percent of Android devices are at risk. Twitter Card Style:  summary Contributor: Shaun Aimoto read more Source: Symantec

Scammers are using more aggressive tactics with new “zero-click” sites to try to con victims out of US$2,000. Twitter Card Style:  summary_large_image read more Source: Symantec

Attackers compromise over 3,500 public servers in possible reconnaissance drive for future attacks. Twitter Card Style:  summary Contributor: Roberto Sponchioni read more Source: Symantec

India, USA, UK, and other countries are being targeted with fraudulent "tax deduction" emails containing information-stealing malware. Twitter Card Style:  summary Contributor: Jeet Morparia read more Source: Symantec

Financially motivated attackers are sending social-engineering emails to SMBs in India, the UK, and US in order to deliver Backdoor.Breut and Trojan.Nancrat. Twitter Card Style:  summary read more Source: Symantec

Users advised to patch vulnerability which affects many Linux-based operating systems. Twitter Card Style:  summary read more Source: Symantec

Recent W32.Waledac botnet activity may have led to a 100 percent gain in the UPOT stock price. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing nine bulletins, six of which are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins, six of which are rated Critical. read more Source: Symantec

Android.Bankosy gets updated to steal passwords sent through voice calls generated by 2FA systems. Twitter Card Style:  summary read more Source: Symantec

300 million reasons why you should improve the health of your computers in 2016 by using IPS. Twitter Card Style:  summary Without adequate and layered security, the web in 2015 was an incredibly threatening landscape, a trend that will no doubt continue in 2016. read more Source: Symantec

Three fake Instagram profile variations used to earn scammers money through affiliate programs. Twitter Card Style:  summary read more Source: Symantec

Symantec confirms Disakil Trojan, aka KillDisk, was used to infect media targets in earlier attacks. Twitter Card Style:  summary read more Source: Symantec

Adobe has patched a Flash zero-day vulnerability that may have already been exploited in limited targeted campaigns. Twitter Card Style:  summary read more Source: Symantec

Adobe has patched a Flash zero-day vulnerability that may have already been exploited in limited targeted campaigns. Twitter Card Style:  summary read more Source: Symantec

Malware authors use DroidWall firewall to disable Qihoo 360 mobile security app. Twitter Card Style:  summary Contributor: Shaun Aimoto read more Source: Symantec

Attackers quickly take advantage of CVE-2015-8562 remote code execution vulnerability in popular content management system. Twitter Card Style:  summary read more Source: Symantec

Built-in email notifications from Dropbox and Google+ are being used to evade spam filters. Twitter Card Style:  summary read more Source: Symantec

Continually refined by its authors, this ransomware strain poses a serious threat to businesses and consumers. Twitter Card Style:  summary read more Source: Symantec

So-called “whaling” scams attempt to trick high-ranking financial employees into making large wire transfer payments. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing 12 bulletins, eight of which are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Apple users can no longer be complacent about security, as the number of infections and new threats rises. Twitter Card Style:  summary read more Source: Symantec

Two Iran-based attack groups that appear to be connected, Cadelle and Chafer, have been using Backdoor.Cadelspy and Backdoor.Remexi to spy on Iranian individuals and Middle Eastern organizations. Twitter Card Style:  summary read more Source: Symantec

Original release date: December 03, 2015 Systems Affected Microsoft Windows Overview Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in...

At least four groups are using malicious email attachments to deliver the W32.Extrat remote access Trojan to Colombian financial employees. Twitter Card Style:  summary read more Source: Symantec

Scammers copy information from real LinkedIn profiles to pose as recruiters and attract new connections. Twitter Card Style:  summary read more Source: Symantec

Tech support scammers may have bolstered their arsenal by using the Nuclear exploit kit to drop ransomware onto victims’ computers. Twitter Card Style:  summary read more Source: Symantec

read more Source: Symantec

Dell computers with the eDellRoot root certificate may allow attackers to sign SSL/TLS certificates as legitimate sources and can be vulnerable to man-in-the-middle attacks. Twitter Card Style:  summary read more Source: Symantec

A look at some of the possible ways your new smart TV could be the subject of cyberattacks. Twitter Card Style:  summary read more Source: Symantec

The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of other illegal goods and services has remained stable. Twitter Card Style:  summary_large_image read more Source: Symantec

Cybercriminals spoof law enforcement officials in Dubai, Bahrain, Turkey, and Canada to send terror-alert spear-phishing emails containing Backdoor.Sockrat. Twitter Card Style:  summary_large_image read more Source: Symantec

Cybercriminals are looking for vulnerable installations of vBulletin to exploit. Keep them out by applying the latest patches. Twitter Card Style:  summary read more Source: Symantec

Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation...

This month the vendor is releasing 12 bulletins covering a total of 49 vulnerabilities. Twenty-six of this month's issues are rated Critical. Twitter Card Style:  summary read more Source: Symantec

Symantec analysis confirms that in the wrong hands, Mabouia ransomware could be used to attack Macs. Twitter Card Style:  summary Analysis by Symantec has confirmed that the proof-of-concept (PoC) threat known as Mabouia works as described and could be used to create functional OS X crypto ransomware if it fell into the wrong hands. read...

Serves as a reminder to app developers to only use verified versions of Apple’s integrated development environment. Twitter Card Style:  summary read more Source: Symantec

Attackers are compromising MySQL servers with the Chikdos malware to force them to conduct DDoS attacks against other targets. Twitter Card Style:  summary Contributor: Ayush Anand read more Source: Symantec

Backdoor.Duuzer targets South Korean organizations to gain full control of computers. The threat is linked to W32.Brambul and Backdoor.Joanap, which have also been affecting the region. Twitter Card Style:  summary read more Source: Symantec

Stealthy Android.Fakelogin overlays a phishing page tailor-made for the banking app that’s running on the device. Twitter Card Style:  summary read more Source: Symantec

Symantec has blocked Android version of Youmi ad library after it was found harvesting user data. Twitter Card Style:  summary read more Source: Symantec

Portuguese speakers are targeted on a host of portals including MSN, Universo Online, and Globo. Twitter Card Style:  summary read more Source: Symantec

Adobe has issued an emergency patch for a new Flash Player vulnerability (CVE-2015-7645) exploited by attackers behind the Operation Pawn Storm campaign. Twitter Card Style:  summary_large_image read more Source: Symantec

International police action hits gang that specialized in stealing banking credentials. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this month's issues are rated Critical. Twitter Card Style:  summary Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this month’s...

Original release date: October 13, 2015 Systems Affected Microsoft Windows Overview   Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department...

Android.Lockdroid.E uses Google’s design principles and a popular open-source project to trick users into paying its ransom. Twitter Card Style:  summary read more Source: Symantec

Fake emails posing as order confirmations from local Japanese suppliers of printers and components are spreading Infostealer.Shiz. Be aware and be cautious of unsolicited emails. Twitter Card Style:  summary read more Source: Symantec

Android Lollipop and above reduce the effectiveness of Android.Bankosy’s data-stealing techniques by deprecating the getRunningTasks API. Twitter Card Style:  summary read more Source: Symantec

YiSpecter Trojan abuses Apple’s iOS enterprise provisioning and private APIs to earn ad revenue. Avoid it by not installing apps from untrusted sources. Twitter Card Style:  summary read more Source: Symantec

Attackers can use .mp3 and .mp4 files to gain access to affected Android devices and install malware or steal information. Twitter Card Style:  summary read more Source: Symantec

Linux.Wifatch compromises routers and other IoT devices and appears to try and improve infected devices’ security. Twitter Card Style:  summary The following story could well work as the script of a Hollywood movie or superhero comic. read more Source: Symantec

A new remote code execution vulnerability affecting the compression utility is less dangerous than first believed. Twitter Card Style:  summary read more Source: Symantec

Researcher Patrick Wardle details security weakness in Apple’s “Gatekeeper” in Mac OS X that could allow attackers to run unverified, unsigned code. Twitter Card Style:  summary Tomorrow at the Virus Bulletin conference in Prague, researcher Patrick Wardle is set to highlight a security weakness in Apple’s Mac OS X “Gatekeeper” technology that could allow attackers...

Significant behavioral changes made to the Android mobile operating system have affected malware and how it applies to non-rooted devices. Twitter Card Style:  summary read more Source: Symantec

A variant of the Kovter malware is the first to use Trojan.Poweliks’ pioneering tricks by residing only in the registry to evade detection. Twitter Card Style:  summary read more Source: Symantec

Scammers are using compromised Instagram accounts to phish for login credentials and earn money through survey scams. Twitter Card Style:  summary read more Source: Symantec

Apple users advised to update iOS and Mac OS X as successful exploit requires no user interaction. Twitter Card Style:  summary read more Source: Symantec

Recent updates in the upcoming Android 6.0, a.k.a. Marshmallow, will challenge mobile ransomware’s ability to lock screens. Twitter Card Style:  summary read more Source: Symantec

Security advice on how to keep your Apple iDevice, and the data stored on it, safe. Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing 12 bulletins covering a total of 52 vulnerabilities. Twenty of this month's issues are rated 'Critical'. Twitter Card Style:  summary read more Source: Symantec

Attackers claim to offer premium apps to iOS devices for free by using stolen Apple ID accounts. Twitter Card Style:  summary read more Source: Symantec

Original release date: August 28, 2015 Systems Affected Networked systems Overview US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security...

Symantec telemetry shows surge in spam messages mentioning Ashley Madison megabreach. Twitter Card Style:  summary read more Source: Symantec

Symantec’s investigation uncovers additional modules for the Regin spying tool and finds advanced infrastructure supporting it. Twitter Card Style:  summary Symantec’s continuing investigation into the Regin Trojan has cast new light on the cyberespionage tool, revealing a wider range of capabilities and a complex infrastructure supporting the threat.  read more Source: Symantec

The Sundown exploit kit has been the first to integrate an exploit for the CVE 2015-2444 bug, using it in a recent watering-hole attack. Twitter Card Style:  summary While tracking exploit activity, Symantec found that the Sundown exploit kit (EK) has started to take advantage of a recent Internet Explorer vulnerability known as CVE-2015-2444. read...

A look at some of the detection-evasion and anti-analysis tactics employed by Android ransomware. Twitter Card Style:  summary read more Source: Symantec

Bug patched by Microsoft yesterday (CVE-2015-2502) has already been exploited in watering hole attacks to deliver Korplug malware. Twitter Card Style:  summary read more Source: Symantec

Symantec advises users to use Windows Update or the Microsoft Download Center to protect against CVE-2015-2502. Twitter Card Style:  summary read more Source: Symantec

Symantec confirms existence of flaw, which requires victim to voluntarily run an application for exploit. Twitter Card Style:  summary read more Source: Symantec

Every week brings a new story about a potential vehicle security vulnerability. Should drivers be concerned and how can they protect themselves? Twitter Card Style:  summary Contributor: Mario Ballano Barcena  read more Source: Symantec

Scammers promote links to free movies that lead to technical support scams for Windows, Mac OS X, and mobile users. Twitter Card Style:  summary Facebook comments sections on Buzzfeed, ESPN, and Huffington Post articles have become a popular target for scammers spreading links to spyware and adware, including tech support scam pages, in recent months....

This month the vendor is releasing 14 bulletins covering a total of 52 vulnerabilities. Twenty-two of this month's issues are rated ’Critical’. Twitter Card Style:  summary read more Source: Symantec

Symantec advises users to update their browser immediately. Twitter Card Style:  summary read more Source: Symantec

Symantec takes an in-depth look at ransomware to see where it could go next. Our research found that smartwatches could be on the ransomware shortlist. Twitter Card Style:  summary read more Source: Symantec

Original release date: August 01, 2015 Systems Affected Microsoft Windows Systems, Adobe Flash Player, and Linux Overview Between June and July 2015, the United States Computer Emergency Readiness Team (US-CERT) received reports of multiple, ongoing and likely evolving, email-based phishing campaigns targeting U.S. Government agencies and private sector organizations. This alert provides general and phishing-specific...

Although Google immediately patched seven critical vulnerabilities, how quickly end users receive updates is dependent on device manufacturers. Twitter Card Style:  summary read more Source: Symantec

The Black Vine attack group not only breached Anthem, but targeted multiple industries with zero-day exploits and custom malware since 2012. Twitter Card Style:  summary read more Source: Symantec

Gravity of threat means Windows users should update operating system immediately. Twitter Card Style:  summary read more Source: Symantec

Original release date: July 14, 2015 | Last revised: July 15, 2015 Systems Affected Microsoft Windows systems with Adobe Flash Player installed. Overview Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new...

This month the vendor is releasing 14 bulletins covering a total of 58 vulnerabilities. Twenty-four of this month's issues are rated ’Critical’. Twitter Card Style:  summary read more Source: Symantec

Vulnerability is reported to be exploitable by way of drive-by-download on the latest version of Java (1.8.0.45). Twitter Card Style:  summary read more Source: Symantec

Exploits continue to leak from the Hacking Team breach, as the latest unpatched Adobe Flash Player bug comes from the stolen cache. Twitter Card Style:  summary read more Source: Symantec

Low-profile information-stealing Trojan is used only against high-value targets. Twitter Card Style:  summary read more Source: Symantec

Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach. Twitter Card Style:  summary read more Source: Symantec

Yet Another Adobe Flash Player Zero-Day from Hacking Team Breach. Twitter Card Style:  summary Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player disclosed in the past week associated with Hacking Team, the Italian company that suffered recently a major data leakage read more Source: Symantec

Fallout from Hacking Team breach has serious online safety implications for the public. Twitter Card Style:  summary read more Source: Symantec

Users advised to update to latest version of popular open source implementation of SSL/TLS. Twitter Card Style:  summary read more Source: Symantec

Multi-billion dollar corporations hit by secretive attack group. Twitter Card Style:  summary Note:  “Morpho” was used in the original publication to refer to this attack group. Symantec has renamed the group “Butterfly” to avoid any link whatsoever to other legitimate corporate entities named “Morpho” read more Source: Symantec

Multi-billion dollar corporations hit by secretive attack group. Twitter Card Style:  summary read more Source: Symantec

Proof-of-concept code to unpatched vulnerability published after breach at hackers-for-hire company. Twitter Card Style:  summary read more Source: Symantec

Hackers claim to have hacked a growing list of websites, compromising credentials and other sensitive user information. Twitter Card Style:  summary read more Source: Symantec

Australian tax payers are receiving malicious emails that infect computers with Downloader.Upatre and Infostealer.Dyre. Twitter Card Style:  summary Contributor: Nolan Kent read more Source: Symantec

Famous singer’s death used as lure to spread financial Trojan Infostealer.Bancos. Twitter Card Style:  summary Unfortunately, as we’ve seen countless times before, tragic events involving famous people will almost certainly end up being used by cybercriminals as part of their social engineering scams. read more Source: Symantec

Adobe has patched a Flash vulnerability that allowed attackers to remotely execute arbitrary code. Twitter Card Style:  summary read more Source: Symantec

After takedowns against rival operations Dyre has filled the vacuum and now poses a major threat to banking customers in many countries. Twitter Card Style:  summary read more Source: Symantec

Unpatched vulnerabilities in Mac OS X and iOS allow malicious apps to bypass security and steal credentials. Twitter Card Style:  summary read more Source: Symantec

Attackers are compromising Gmail, Hotmail, and Yahoo Mail accounts with just text messages and a little social engineering. Twitter Card Style:  summary read more Source: Symantec

Attackers are taking advantage of the outbreak of Middle East Respiratory Syndrome (MERS) in South Korea and other regions to spread Trojan.Swort through spam emails. Twitter Card Style:  summary_large_image read more Source: Symantec

Attackers use new version of Duqu worm in ambitious attacks against telecoms, electronics and even information security sectors Twitter Card Style:  summary read more Source: Symantec

This month the vendor is releasing eight bulletins covering a total of 45 vulnerabilities. Twenty of this month's issues are rated ’Critical’. Twitter Card Style:  summary read more Source: Symantec

Prolific click-fraud bot, Trojan.Poweliks, resides only in the Windows registry and uses several tricks to make it difficult to evict. Twitter Card Style:  summary read more Source: Symantec

Symantec confirms flaw allows attackers to install rootkit malware that could survive hard disk reformat. Twitter Card Style:  summary Symantec has confirmed the existence of a critical vulnerability affecting most Apple Mac models that could enable attackers to overwrite firmware and gain persistent root access to the computer. read more Source: Symantec

A Japanese one-click fraud campaign moved to iOS devices by delivering a malicious app through an adult video website and demanding a subscription fee. Twitter Card Style:  summary Last week, we published a blog on a malicious Android app that reappeared after a three-year absence for a new Japanese one-click fraud campaign. read more Source:...

Crypto ransomware author appears to regret encrypting victims’ computers and automatically decrypts their files. Twitter Card Style:  summary read more Source: Symantec

New campaign uses an app as part of the scam and asks victims for up to US$2,400. Twitter Card Style:  summary read more Source: Symantec

In a recent adult site scam, SMS spammers were observed hiding links in YouTube videos in order to bypass URL filters. Twitter Card Style:  summary Contributor: Lamine Aouad read more Source: Symantec

Similar to FREAK, Logjam is a newly discovered attack that is focused on subverting secure communications on the internet. Twitter Card Style:  summary_large_image read more Source: Symantec

Attackers have released a malicious version of Putty, an open source SSH tool, in order to gain unauthorized access to remote computers and steal information. Twitter Card Style:  summary_large_image Contributor: Val S read more Source: Symantec

Contrary to widely publicized opinion, Rombertik’s destructive payload is not aimed at security researchers. Twitter Card Style:  summary_large_image read more Source: Symantec

Cybercriminals gain access to customer accounts, then transfer funds to other cards and gift cards. Twitter Card Style:  summary_large_image Starbucks Card holders who have a payment card linked to their online accounts may be at risk of having their account balances drained by cybercriminals. It appears cybercriminals are targeting Starbucks accounts as a result of...

The VENOM vulnerability (CVE-2015-3456) could expose VMs to unauthorized access and data theft. But is it really “bigger than Heartbleed?” Twitter Card Style:  summary_large_image read more Source: Symantec

Yahoo Mail accounts and address books used in family "emergency" impersonation scam. Twitter Card Style:  summary_large_image Last month, we learned of a phishing campaign targeting Yahoo Mail users. The phishing email claimed that the recipients’ mailbox had expired and asked them to click on a link to restore their email access. read more Source: Symantec

This month the vendor is releasing 13 bulletins covering a total of 46 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’. Twitter Card Style:  summary_large_image read more Source: Symantec

Crypto ransomware affecting Australian computers uses Breaking Bad theme in ransom demand. Twitter Card Style:  summary_large_image read more Source: Symantec

Latest scam campaign localizes content to target users in Hong Kong. Twitter Card Style:  summary_large_image read more Source: Symantec

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack....

We demonstrate how a relatively unskilled attacker could gain access to data from more than 11,000 files in unsecured IaaS cloud environments. Twitter Card Style:  summary_large_image read more Source: Symantec

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack....

Original release date: April 29, 2015 Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL.  Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1]. This Alert provides information on the 30 most commonly exploited...

Cybercriminals behind ransomware are increasingly targeting opportunities in the Far East to capitalize on potential new victims. Twitter Card Style:  summary_large_image read more Source: Symantec

Symantec’s Carey Nachenberg has published an exciting new cybersecurity novel, the proceeds of which will benefit some worthy charities. Twitter Card Style:  summary_large_image read more Source: Symantec

Recently fixed CVE-2015-1635 vulnerability could allow remote code execution and facilitate DoS attacks. Twitter Card Style:  summary read more Source: Symantec

Original release date: April 15, 2015 Systems Affected Microsoft Windows Overview The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide [1]. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical...

Volume 20 of Symantec’s Internet Security Threat Report (ISTR) reveals that cyberattackers are infiltrating networks and evading detection by hijacking company's infrastructures, while also extorting end-users via their smartphones and social media. Twitter Card Style:  summary_large_image read more Source: Symantec

This month the vendor is releasing 11 bulletins covering a total of 26 vulnerabilities. Thirteen of this month's issues are rated ’Critical’. Twitter Card Style:  summary_large_image read more Source: Symantec

Original release date: April 13, 2015 Systems Affected Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests. Overview A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing...

Infrastructure owned by the Simda botnet (also known as Rloader) has been seized in an Interpol-led law enforcement operation. Twitter Card Style:  summary_large_image read more Source: Symantec

Ransomware attackers have resorted to reviving a very old attack vector, the malicious Word macro. Twitter Card Style:  summary_large_image read more Source: Symantec

Law enforcement agencies and security vendors join forces to take down long running malware delivery network. Twitter Card Style:  summary_large_image read more Source: Symantec

Original release date: April 09, 2015 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware....

A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer. Twitter Card Style:  summary_large_image read more Source: Symantec

Attackers have been compromising users’ computers to add them to botnets, which are rented out to artificially inflate Twitch channel audience numbers. Twitter Card Style:  summary_large_image Contributor: Mark Anthony Balanza read more Source: Symantec

Lone spam operator impersonated major brands and reality TV stars to promote miracle diet pill spam. Twitter Card Style:  summary_large_image read more Source: Symantec

The road to success is never straightforward. This is a tale of a RAT developer’s persistence in the face of endless setbacks. Twitter Card Style:  summary_large_image Contributor: Mark Anthony Balanza read more Source: Symantec

Vulnerability (CVE-2015-0291) rated as high severity by OpenSSL. Twitter Card Style:  summary_large_image read more Source: Symantec

Symantec analyzed 50 smart home devices and found that many of them included several basic security issues, such as weak authentication and common web vulnerabilities. Twitter Card Style:  summary_large_image read more Source: Symantec

This month the vendor is releasing fourteen bulletins covering a total of 45 vulnerabilities. Nineteen of this month's issues are rated ’Critical’. Twitter Card Style:  summary_large_image read more Source: Symantec

The Boleto payment system is unique to Brazil but that doesn’t mean it escapes the attention of malware authors. Twitter Card Style:  summary_large_image read more Source: Symantec

A recently reported flaw lets attackers force secure connections to use a weaker, breakable form of encryption. Twitter Card Style:  summary_large_image read more Source: Symantec

While the number of financial Trojan detections decreased in 2014, the threat was still considerable, as attackers moved to bypass newer security measures. Twitter Card Style:  summary_large_image read more Source: Symantec

Attackers have created phishing sites to trick users whose iOS devices have been lost or stolen into handing over their iCloud credentials. Twitter Card Style:  summary_large_image read more Source: Symantec

Original release date: February 20, 2015 | Last revised: February 24, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic. Description Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery...

Original release date: December 19, 2014 | Last revised: December 25, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped...

Original release date: November 25, 2014 Systems Affected Microsoft Windows NT, 2000, XP, Vista, and 7 Overview On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States. Description Regin...

Original release date: November 19, 2014 | Last revised: November 25, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which...

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow remote code execution if a user views a specially-crafted web...