Simple IOC and Incident Response Scanner: Loki

LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for „Indicators of Compromise“. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI...

Kaspersky Security Bulletin: Review of the Year 2017

Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...

WikiLeaks Reveals CIA Teams Up With Tech to Collect Ideas For Malware Development

As part of its ongoing Vault 7 leaks, the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals. According to the documents leaked by WikiLeaks, Raytheon Blackbird...

Unauthorized operation vulnerability in '/user/regin.php' in biweb version 5.86

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

SQL injection vulnerability in '/biweb/user/regin.php' in biweb V5.86

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

8 on 1 9: The Shadow-Brokers the leaked file description, technical analysis on-the vulnerability warning-the black bar safety net

! 0x01 exposure data with the equation and NSA relationship From the leaked data packet with the decompressed content to see, specifically for the firewall device attack and penetration action when the use of the tool set. According to the data exposed persons Shadow Brokers described, this packe...

NSA-linked Spying Malware Infected Top German Official's Computer

The German authorities have initiated a further investigation into espionage by the United States secret service NSA and British intelligence agency GCHQ after... ...the head of the German Federal Chancellery unit had his private laptop infected. According to a recent report published by Der...

Dennis Fisher and Mike Mimoso Discuss the Ghost Vulnerability, the Regin/NSA Correlation and More

Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions! Music by Chris Gonsalves Download: digitalunderground182.mp3...

Links Found between NSA, Regin Spy tool and QWERTY Keylogger

​Researchers have uncovered a new evidence that a powerful computer program discovered last year, called "Regin", is "identical in functionality" to a piece of malware used by the National Security Agency NSA and its Five Eyes allies. REGIN MALWARE "Regin" is a highly advanced, sophisticated piec...

Connection Disclosed Between Regin, Five Eyes Malware Platform

Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by...

Regin Cyberespionage Malware Platform Modules Disclosed

The Regin malware platform used to steal secrets from government agencies, banks and GSM network operators caught the attention of security experts who called it one of the most advanced attack platforms that has been studied, surpassing Flame, Duqu, even Stuxnet. Researchers at Kaspersky Lab sai...

Experts Question Legality of Use of Regin Malware by Intel Agencies

The disclosure of the Regin APT malware campaign this week has spurred much speculation about the source of the attack, with many experts pointing the finger at either the NSA or GCHQ, the British spy agency. Though security researchers involved in uncovering the attack have remained mum on the...

Costin Raiu on the Regin APT Malware

Denis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT Team about the discovery of the Regin APT malware, the threat’s targets and tactics, its ability to compromise GSM base stations and its other capabilities. Download: digitalunderground173.mp3 Music by Chris Gonsalves...

Regin Cyberespionage Malware Platform Targets GSM Networks

Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators in order to launch...

'Regin' - 'State-Sponsored' Spying Tool Targeted Govts, Infrastructures for Years

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. The nasty malware, dubbed "Regin", is said to ...