New Linux Malware ‘HiddenWasp’ Borrows from Mirai, Azazel

A new strain of malware targeting Linux systems has been identified by researchers. The malware, dubbed HiddenWasp, is believed to be used as part of a second-stage attack against already-compromised systems and is composed of a rootkit, trojan and deployment script. “The ratio of Linux threats h...

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NS...

LockerGoga Ransomware Family Used in Targeted Attacks

ARCHIVED STORY LockerGoga Ransomware Family Used in Targeted Attacks By ATR Operational Intelligence Team · April 29, 2019 Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried...

LockerGoga Ransomware Family Used in Targeted Attacks

ARCHIVED STORY LockerGoga Ransomware Family Used in Targeted Attacks By ATR Operational Intelligence Team · April 29, 2019 Co-authored by Marc RiveroLopez. Initial discovery Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried...

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted...

CVE-2019-10243

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura...

CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542...

Information disclosure

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542...

CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542...

How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications

Attacks on applications can be divided into two types: targeted attacks and “spray and pray” attacks. Targeted attacks require planning and usually include a reconnaissance phase, where attackers learn all they can about the target organization’s IT stack and application layers. Targeted...

What Enterprise Leaders Should know about Persistent Threats in 2019

Staving off critical threats in the current cybersecurity landscape is a tall order for any size organization. As hackers continually shift and improve upon their attack and breach strategies, IT and security stakeholders must do their best to keep up and remain informed of these trends. This is...

BEC Will Reach Two Levels Deeper

In our predictions report for 2019, “Mapping the Future: Dealing with Pervasive and Persistent Threats,” we foresaw an increase in the rate of BEC business email compromise attacks: “Business email compromise will go two levels down in the org chart.” From the report: | “Business email compromise...

December 2018 Security Update Release

Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks. Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to...

December 2018 Security Update Release

Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks. Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to...

Charming Kitten Iranian Espionage Campaign Thwarts 2FA

A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email accounts and start monitoring communications. According to researchers at Certfa...

New Flash Player zero-day used against Russian facility

For the past couple of years, Office documents have largely replaced exploit kits as the primary malware delivery vector, giving threat actors the choice between social engineering lures and exploits or a combination of both. While today's malicious spam malspam heavily relies on macros and popul...

Parlez-vous Machine?

Have you ever heard of the MQTT or CoAP protocols? No? Well the device on your wrist, and so many devices around you, could be using them right now. MQTT and CoAP are machine-to-machine or M2M protocols. With the rise of the internet of things IoT and operational technology OT, there’s increased...

Uber: [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB

It was possible to determine open internal ports on an usuppliers.uber.com server, via examination of different error messages to a specific POST request made with various payloads. This error message discrepancy would allow an attacker to discover open internal ports, potentially allowing more...

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. We reported this vulnerability to Microsoft on August 17, 2018. Microsoft confirmed the vulnerability and designated it...

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard. we talked about OWASP Top 10 Risk classification and overlap. In this post, we will look into the tools that may help address these risks. To understand what’s possible to cover with which protection mechanisms we can now color-code our OWASP...