Cybercriminals tend to leverage what’s popular and new. Case in point, the much-anticipated Google Project Glass is being used as a social engineering lure to trick unsuspecting users into scams. We found that one of the top results for the search term “free Google glasses” is an eye-catching YouTube link with the title [{FREE}] Google Project…
Read MoreThe popular Japanese word processor software Ichitaro is no stranger to threats, particularly exploits taking advantage of the software’s vulnerabilities. Since 2007, we have reported the malware targeting Ichitaro’s security flaws. This time, however, we uncovered an attack that employs an old trick that even Microsoft Office was previously vulnerable to (CVE-2011-1980). Typically, when an…
Read MoreLast year, we reported about PlugX a breed of Remote Access Trojan (RAT) used in certain high-profile APT campaigns. We also noted some of its noteworthy techniques, which include its capability to hide its malicious codes by decrypting and loading a backdoor “executable file” directly into memory, without the need to drop the actual “executable…
Read MorePostgreSQL is a fully featured object-relational database management system. It supports a large part of the SQL standard and is designed to be extensible by users in many aspects. Graphical user interfaces and bindings for many programming languages are available as well. Earlier this month, I discovered a denial of service vulnerability in versions of PostgreSQL that caused a…
Read MoreJust like other businessmen, scammers operate using certain business models. In my previous post, I wrote about the typical scammer, their trust model, and the strategies they use to get, hold, and sustain customers. In this post, we’ll look at their business model, and how users can avoid their schemes. Scammers Business Model While scammers…
Read More