Mobile threats are trending upward, with vulnerability exploits gaining traction. The silver lining? More of these vulnerabilities are also disclosed, analyzed and detected. This helps better mitigate Android devices from zero-days and malware, enabling OEMs/vendors to more proactively respond to these threats. This is echoed by our continuous initiatives on Android vulnerability research: from June to August 2016, for instance, we’ve discovered and disclosed 13 vulnerabilities to Google. Their real-world impact ranges from battery drainage and unauthorized capture of photos, videos, and audio recordings, to system data leakage and remote control. This is on top of 16 other security flaws we’ve uncovered that were cited in Android/Google’s security bulletins from January to September this year.Read More
BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the ELIRKS backdoor when it was first discovered in 2012. It is known for using blogs and microblogging services to hide the location of its actual command-and-control (C&C) servers. This allows an attacker to change the C&C server used quickly by changing the information in these posts.
Like most campaigns, BLACKGEAR has evolved over time. Our research indicates that it has started targeting Japanese users. Two things led us to this conclusion: first, the fake documents that are used as part of its infection routines are now in Japanese. Secondly, it is now using blogging sites and microblogging services based in Japan for its C&C activity.Read More
Last week’s massive distributed denial-of-service (DDoS) attack on the DNS provider Dyn should serve as a wake-up call: the Internet of Things ecosystem is completely, and utterly, broken. Poorly supported and insecure devices brought an important part of the Internet’s infrastructure offline and took many high-profile sites with it.Read More
Our midyear security roundup noted how more than half of the files types encrypted by ransomware were directly related to enterprises – database files, SQL files, and web pages on servers were some of the file types that were most commonly targeted. These all reside on servers; for enterprises, ransomware on servers is a potent threat that needs to be dealt with. We will take a look at how ransomware has evolved to affect servers and what solutions currently exist to tackle this particular problem.Read More