Blog

CARBANAK Banking Malware

Source Code for CARBANAK Banking Malware Found On VirusTotal

What do we know about Carbanak malware As we all know Carbanak has its impressive portfolio holding in its reputation, considering it as the leading player for Advanced Threat Protection attack and believed to be one of the successful attack in the world used entirely for banks, financial institutions, hospitals, and restaurants. First seen on threat...
Continue Reading
ShadowHammer

ShadowHammer: New details (UPDATE)

Latest development As we discussed previously in one of the topic dealing with the emergence of ShadowHammer, this will be the latest update although, investigation is on-going and pretty sure there are more to come in the latter progress report. As we all know by this time similar algorithm was employed for the attack particularly three...
Continue Reading
DNS Hijacking Attack

Hackers Launching DNS Hijacking Attack to Gain Access to Telecommunication & ISP Networks

What is Sea turtle attack? It’s not an attack of a vicious sea turtle to human as you are invading their territory. Sea Turtle attack is not like any other DNS hijacking or poisoning, it is labeled as another breed of campaign more refined than its predecessor. How is it different from other DNS hijacking attack?...
Continue Reading
Malware and Spyware Protection

Hidden for 5 years, complex ‘TajMahal’ spyware discovered

From the Abyss Researchers has recently unveil new form of sophisticated cyber espionage framework that has been active since at 2013,dubbed as the TajMahal named after one of its XML file used for exfiltration, and an unknown origin and crafter, Its modules and bundles functionality which have never been before seen in an advanced persistent threat...
Continue Reading
identity theft prevention

Profoundly Database Breach: Revealed User Identities?

Over the past few weeks Facebook has been quite active partnering with different app makers for their Facebook platform to incorporate where users can also enjoy it. Profoundly has been moderately gaining fame and somehow trended. The app Profoundly is used to anonymize users who want to ask questions on Facebook. Despite the apps main feature...
Continue Reading
Phishing Scheme

Phishing Scheme Uses Legit Signup Forms to Steal Payment Card Data

Baiting Scheme Legitimately looking organization newsletter subscription forms to scam unwary victims from making payment transactions leading to hackers’ personal bank account. Phishing Technique Drawn companies such as Audi, Austrian Airlines, and S-Bahn Berlin to Russian users. Here’s how it is pulled off: Email catch line saying “Money for you” either written in English or German...
Continue Reading
Malware

US Web Servers Hosted 10 Malware Families

The infamous Necurs Known for being the multipurpose Necurs botnet wearing different kind of role as its façade was initially introduced as infector and rootkit 7 years ago, and now well known for having partnered with top cybercrime rings and made its name as the top spamming and infection forces in the malware scene. Scaling from...
Continue Reading
ASUS laptops

ShadowHammer: Malicious updates for ASUS laptops

How secure are we? There’s no such thing as foolproof system at least now a days when all threat actors are looking for means on how to manhandle security loopholes. Gone are the days when secure haven as what we think it is–say our manufactures OEM are no longer excused to all sorts of attack. In...
Continue Reading
anti virus malware protection

Xiaomi Brand Phones: A Slip Up of Anti-Virus App Could Turn Against You as a Malware

Mobile phones in today’s generation are still selling like pancakes despite the stiff competition between different mobile phone manufacturers. Needless to say, mobile phones are still part of our daily lives which serves as a multi-functional tool from communication up to almost anything thanks to the applications made for mobile devices. It is well-known that Android...
Continue Reading
Data breaches

Data breaches more common than rain in the UK

The UK has something of a reputation for its wet climate, and its citizens for constantly talking about the weather. So, it might come as a surprise to find that in the UK the chance of encountering a data breach is higher than that of experiencing a rainy day. A survey by technology services company shows...
Continue Reading
Android malware

New Android Malware Gustuff Targeting 100+ Banking, 32 Cryptocurrency and Messengers apps such as WhatsApp

A newly found type of Android malware has stolen cryptocurrency and banking data from in excess of 125 different applications. The “Gustuff” Trojan virus is said to pick up its popularity in the cybercriminal underworld given that it’s custom-made explicitly to take banking and crypto assets. Gustuff is accepted to be about a year old but...
Continue Reading
hacking

Asus was warned of hacking risks months ago, thanks to leaky passwords

A security researcher cautioned Asus two months back that workers were inappropriately distributing passwords in their GitHub stores that could be exploited to get to the organization’s corporate network. One password, found in an employee repo on the code sharing, enabled the researcher to get to an email account used by internal developers and engineers share...
Continue Reading
Magento PayPal

Hackers abuse Magento PayPal integration to test validity of stolen credit cards

Hacker groups and online fraudsters are mishandling a component of Magento online shops to test the validity of stolen debit and credit card numbers. The transactions are executed against Magento stores that support the PayPal Payflow Pro integration. The PayPal Payflow Pro integration is a payment option available on Magento shops that enables an online store...
Continue Reading
PDF attacks

Malicious PDFs | Revealing the Techniques Behind the Attacks

Email users are mindful on how attackers used phishing and spear-phishing campaigns and how this medium is being the source of these attacks as with most email attachments or links, PDF files have gotten a lot of attention from threat actors.   Code Execution   Our familiarity with the possibility of malicious Office attachments that run...
Continue Reading
Android apps

Preinstalled Android apps are harvesting and sharing your data

Our Mobile Application Monitoring team has been wary of the trend that mobile appstores including iTunes and Google Playstore has been getting malicious apps in their store. Now the deception of mobile apps continue, up to the point that it has reached the stage where it has been pre-installed by your Mobile Phone vendor. Classy move...
Continue Reading
Social Media

Era of Fake News Round 2: The Era where Information is being weaponized

“Weaponization” of Social Media How are we able to confidently say that the Social media is weaponized? From stalking, petty crimes, going up to wars and even elections. Social Media alone is a giant tactical weapon of the new cyber tacticians that seek out advantage from the digital information era. According to New York Times article...
Continue Reading
Ransomware

Ransomware Strikes(Again): Lockergoga Series

Risks when an operation gets disrupted How much does it affect a business no matter what size whenever its operations get disrupted? Huge sums of money, time, effort, and most of all the data that are involved in the operations of the business.  Consumer confidence? A plunge in the stakeholders confidence? How dangerous? Ransomware in general...
Continue Reading
Facebook in plain text format

Facebook in plain text format: An internal Mistake, View able within the Organization are hundreds of Millions of Passwords

Another one? It is as if the Cambridge Analytica, and the previous Facebook bug or vulnerability was not enough of a problem for the Social Media giant. Facebook now faces another controversy where it had exposed its latest security breach. What was the security breach? Who were affected? The security breach where the platform accidentally stored...
Continue Reading
dark web sales

Hack-A-Ton Leak-a-Ton Final Round? The fourth round of dark web sales

The latest round of leaked data sold by a famous dark web netizen was noticed by The Hacker News, who already made three separate releases in different time intervals of leaked data for sale in a Dark web Marketplace. The discovery? While the dark web monitoring mode is consistent, with the large hidden services and contents...
Continue Reading
WordPress Vulnerability

Hackers Take Advantage of WordPress Vulnerability: Hacks Sites Remotely Unauthenticated, Undiscussed Effects of the Cause

What is the issue? Unauthenticated RCE Vulnerability Remote code execution to access one’s device through a vulnerability is not a new thing, however still one of the ways for hackers to take advantage and make use of another site’s resources to execute malicious actions nonetheless. Without authentication a hacker can take control of a wordpress site...
Continue Reading
1 2 3 4 17