WAP-billing Trojan-Clickers on rise

During the preparation of the "IT threat evolution Q2 2017" report I found several common Trojans in the "Top 20 mobile malware programs" list that were stealing money from users using WAP-billing - a form of mobile payment that charges costs directly to the user's mobile phone bill so they don't...

UCL Ransomware Linked to AdGholas Malvertising Group

A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit...

First Android-Rooting Trojan With Code Injection Ability Found On Google Play Store

A new Android-rooting malware with an ability to disable device’ security settings in an effort to perform malicious tasks in the background has been detected on the official Play Store. What's interesting? The app was smart enough to fool Google security mechanism by first pretending itself to b...

Judy Android Malware Infects Over 36.5 Million Google Play Store Users

Security researchers have claimed to have discovered possibly the largest malware campaign on Google Play Store that has already infected around 36.5 million Android devices with malicious ad-click software. The security firm Checkpoint on Thursday published a blog post revealing more than 41...

Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus message...

CVE-2016-3127

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain...

CVE-2016-3127

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain...

CVE-2016-3127

The CVE-2016-3127 issue affects BlackBerry Good Control Server prior to version 2.3.53.62. A information-disclosure vulnerability exists in the logging implementation, where remote attackers could gain and reuse logged encryption keys by accessing certain diagnostic log files, either through a va...

Powerful Extensible Wireless Drop Box: Pina Colada

Powerful Extensible Wireless Drop Box Pina Colada, a powerful and extensible wireless drop box, capable of performing a wide range of remote offensive attacks on a network. It can currently be controlled only via a command line interface, but a Command and Control remote server functionality is...

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun...

PLC Blaster Worm Targets Industrial Control PLCs

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...

MSRT July 2016 – Cerber ransomware

As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows...

Inside the xDedic Hacked Server Marketplace

An underground market peddling hacked servers was a unique find, even for a seasoned researcher such as Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic.biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was...

HPE Insight Control server deployment information disclosure vulnerability

HPE Insight Control server deployment is a set of server management configuration tools from Hewlett Packard Enterprise HPE. An information disclosure vulnerability exists in HPE Insight Control server deployment, which allows remote attackers to obtain sensitive information via unspecified vecto...

Locky Gets Clever!

As discussed in an earlier FireEye blog, we have seen Locky ransomware rise to fame in recent months. Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails, and may have overshadowed the Dridex banking Trojan as the top spam contributor. FireEye...

Ares - Python Botnet and Backdoor

Ares is made of two main programs: A Command aNd Control server, which is a Web interface to administer the agents An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the...

GEOVAP Reliance 4 Control Server Privilege Escalation Vulnerability

GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to...

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

Cisco Secure Access Control Server Security Restriction Bypass Vulnerability (CNVD-2015-07358)

Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions and create...

Cisco Secure Access Control Server Security Restriction Bypass Vulnerability

Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions by accessing...