ESET uncovers an Android trojan, masquerading as flashlight app. Android users were the target of another banking malware with screen locking capabilities, masquerading as a flashlight app on Google Play. Unlike other banking trojans with a static set of targeted banking apps, this trojan can dynamically adjust its functionality. Aside from delivering the promised flashlight functionality, this remotely controlled trojan comes with a variety of additional functions aimed at stealing victims’ banking credentials. Based on commands from its C&C server, the trojan can display fake screens mimicking legitimate apps, lock infected devices to hide fraudulent activity and intercept SMS and…
ISBuzz Team
Following the news that Spoofed apple.com links are tricking people into visiting Russian domains in what is called a “homograph attack”, which was meant to be fixed more than a decade ago. Tim Helming, Director at DomainTools commented below. Tim Helming, Director at DomainTools: “Cybersquatting–registering and using domains intended to spoof well-known entities–is a huge and global business. These homographs, which can be very hard to detect even for those who are vigilant, are just one of many techniques used by criminals to lure users into giving up credentials or other sensitive information, downloading malware, etc. To complicate matters, domain registrars generally…
Mirai—a notorious malware that’s been enslaving IoT devices—has competition. A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things (IoT) products, with a resiliency that surpasses Mirai, according to security researchers. Itsik Mantin, Director of Security Research at Imperva commented below. Itsik Mantin, Director of Security Research at Imperva: “This is another example for the Internet of Things being a Botnet of Things, with another malware that distributes like wildfire in the Internet, even if the number of infected devices is less than the claimed 100,000. What most disturbs me here is the fact that this trend…
How do you make 2FA more user-friendly? Isaac: To keep up in today’s competitive consumer technology market, perfecting the user experience is a must. This makes it hard for brands to add extra security measures that can potentially disrupt the user experience. We consistently see brands sacrifice security for an optimal user experience, adopting the attitude, ‘it won’t happen to me’. But when it does, brands are unprepared and scrutinized for their lack of foresight. To solve this problem, striking a balance between usability and security is key in product design and security implementation. The best solution is getting security…
Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others. Itsik Mantin, Director of Security Research at Imperva commented below. Itsik Mantin, Director of Security Research at Imperva: “In this vulnerability an anti-phishing mechanism wasn’t implemented properly in some web browsers, and like in many other cases, improper implementation renders the mechanism ineffective, in this case exposing users to phishing attacks that are hard to identify. In most of the cases these…
The British Chambers of Commerce (BCC) announced that ‘One in five’ British businesses had been hacked by cyber criminals over the past year, according to their latest survey. IT security experts from FireMon and Veracode commented below. Paul Calatayud, Chief Technology Officer at FireMon: “When reflecting on the statistic that one of five British business have been hacked by cyber criminals, I immediately think to myself: this is only the tip of the iceberg. As a cyber defender my entire career, this static only tells me part of the story given that half of those that were surveyed and responded with…
After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point Check Point has revealed a massive uplift in Exploit Kit usage by cybercriminals worldwide, with the Rig Exploit Kit reaching second place in the company’s March Global Threat Impact Index. Exploit Kits, which are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code, have been in decline since a high point in May 2016, following the demise of the leading Angler and Nuclear variants. However, March saw the Rig EK surge up…
A new ransomware has been discovered by security researchers at Recorded Future. Named ‘Karmen’, the ransomware allows anyone, including novices, to set up an account and customise their own ransomware campaign. The Karmen costs $175 and lets buyers set ransom prices, determine how long to give victims to pay and offers multiple ways to communicate with targets. The console also acts as a dashboard allowing subscribers to keep tabs on the number of clients they have and how much money they have earned. Lee Munson, Security Researcher at Comparitech commented below. Lee Munson, Security Researcher at Comparitech: “The discovery of Karmen highlights…
New capabilities help customers reduce the risk of downtime and data theft TEMPE, Ariz – Limelight Networks, Inc. (Nasdaq: LLNW), a global leader in digital content delivery, today introduced Security Alert and WAF Express, two new additions to its Cloud Security Services that enhance protection against attacks on websites and unauthorised access or theft of content. Limelight Security Alert provides incremental and scalable protection for websites and web applications. Active DDoS attack detection and alerting make sure customers are aware of malicious activity against their websites and application domains. Customers’ content delivery services are configured to minimise the surface of attack exposed to…
Make no mistake about it: employee behavior is, has been, and will continue to be the greatest vulnerability to a company’s endpoint security. Far, far too often corporate employees are the unwitting allies of malware, ransomware, and other growing digital threats. Many are using devices with highly sensitive data and corporate network access for their own personal browsing, where a single errant click can open the door for malicious hackers (and subsequent losses to a company’s bottom line and brand reputation). Other cautionary – and common – data breach trails involve employees who lost their devices, or had them stolen,…
