Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files).Read More
Fileless malware can be a difficult threat analyze and detect. It shouldn’t be a surprise that an increasing number of new malware threats are fileless, as threat actors use this technique to make both detection and forensic investigation more difficult. We recently found a new cryptocurrency miner (which we detect as TROJ64_COINMINER.QO) that uses this particular technique as well.Read More
The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact, cybercriminals continue to develop more of them.
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security industry’s response be when a hack is found that is not only successful in being able to drastically affect the performance and function of the car, but is also stealthy and vendor neutral?Read More