The evolution of crypto-ransomware in terms of behavior takes a step forward, and a creepy one at that. We have recently encountered a nasty crypto-ransomware family called JIGSAW. Reminiscent to the horror film Saw, this malware toys with users by locking and deleting their files incrementally. To an extent, it instills fear and pressures users into paying the ransom. It even comes with an image of Saw’s very own Billy the puppet, and the red digital clock to boot.Read More
Last March, we reported on Operation C-Major, an active information theft campaign that was able to steal sensitive information from high profile targets in India. The campaign was able to steal large amounts of data despite using relatively simple malware because it used clever social engineering tactics against its targets. In this post, we will focus on the mobile part of their operation and discuss in detail several Android and BlackBerry apps they are using. Based on our investigation, the actors behind Operation C-Major were able to keep their Android malware on Google Play for months and they advertised their apps on Facebook pages which have thousands of likes from high profile targets.Read More
The FBI has issued a warning on the dramatic increase of Business Email Compromise (BEC) scams, swindling over US$2.3 billion from companies worldwide, notably the US and Europe. The scams do not discriminate, with targets ranging from small businesses to large corporations. All the perpetrators need is the company executive’s email address (or someone close, like their personal assistant) and the ability to make a convincing fake email.Read More
13 security bulletins were released in this month’s Patch Tuesday addressing vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Office, and Microsoft XML Core Services, among others. Out of these bulletins, six are rated as ‘Critical’ while seven are tagged as ‘Important.’ Both MS16-037 and MS16-038 which fixed vulnerabilities in Internet Explorer and Edge respectively, could allow remote code execution when exploited successfully.
Perhaps, the most notable among the vulnerabilities resolved in this month’s Patch Tuesday is MS16-047, more popularly known as the Badlock vulnerability that has been circulating in the last few weeks. With all the hype, this vulnerability, which affects all Windows systems and Samba servers, only received an ‘Important’ rating. One of our researchers wrote a detailed entry debunking the hype surrounding this vulnerability.Read More
News about Badlock vulnerability affecting Windows computers and Samba servers started showing up on Twitter and media around three weeks ago. The site badlock[.]org was registered on March 11 according to WHOIS. There has been a lot of guessing and speculation around this vulnerability. It’s time for reality check: just how bad actually is Badlock?
Named vulnerabilities have resulted in being clichéd very quickly. Being a named vulnerability doesn’t qualify it as a serious widespread vulnerability. Badlock is somewhere in between. In this entry, we demystify the hype of Badlock with questions that measure it as a vulnerability. We also pin it up against a noteworthy case to see how it compares.Read More