In its recent report, National Police Agency mentioned that the current estimated total cost of unauthorized transactions suffered by Japanese users reached 1.417 billion yen during the period of January-May 2014. In comparison the estimated total damage cost from these kinds of threats was 1.406 billion yen in 2013. Data released by Japanese Bankers Association also gives…Read More
In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.
In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.Read More
Users may wrongly perceive that apps and programs running in the cloud are fail-safe, when it has been increasingly used as a vector to host and deliver malware. Conversely, by targeting cloud-based productivity platforms utilized by many enterprises, the malefactors are hoping to victimize users who handle sensitive corporate data that when denied access to can mean serious repercussions for their business operations.Read More
Breaches do not just die. 2015’s biggest cases showed us that data breaches do not end with their respective public disclosures. Just because the causes of compromise have been spotted and acknowledged does not mean the damage is done. Data was stolen. Networks were infiltrated and monitored. That kind of information, in the wrong hands, could be disastrous for any organization seeking to protect their customers and prevent any form of monetary loss or legal repercussion. Ashley Madison and the Hacking Team learned this the hard way when attackers and cybercriminals were able to utilize their data in further attacks.Read More
The earlier Flash zero-days of the year have brought a new malware threat to the forefront: the BEDEP malware family. It has been the payload of two zero-day exploits in recent weeks: CVE-2015-0311 in late January, and CVE-2015-0313 in early February. While these attacks made BEDEP far more widespread, it was not exactly a new malware family…Read More