ThreatTrack Security Labs – Page 3

Dyre Spreading Using Code-Signing Certificates, HTTPS

Posted on April 21, 2015 by ThreatTrack Security Labs

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download […]

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS→

Dyre Spreading Using Code-Signing Certificates, HTTPS

Posted on April 21, 2015 by ThreatTrack Security Labs

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS→

2015 Cyberthreat Defense Report Spotlights Changing Security Trends

Posted on March 18, 2015 by ThreatTrack Security Labs

The CyberEdge Group has released their exhaustive 2015 Cyberthreat Defense Report, jam-packed with insights regarding the latest identified security trends for North America and Europe. The CyberEdge Group bill themselves as “Premier Research and Marketing Services for High-Tech Vendors and Service Providers.” The 41-page PDF report collects data from surveys of over 800 “qualified IT security […]

The post 2015 Cyberthreat Defense Report Spotlights Changing Security Trends appeared first on ThreatTrack Security Labs Blog.

Continue reading 2015 Cyberthreat Defense Report Spotlights Changing Security Trends→

2015 Cyberthreat Defense Report Spotlights Changing Security Trends

Posted on March 18, 2015 by ThreatTrack Security Labs

The post 2015 Cyberthreat Defense Report Spotlights Changing Security Trends appeared first on ThreatTrack Security Labs Blog.

Continue reading 2015 Cyberthreat Defense Report Spotlights Changing Security Trends→

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

Posted on March 10, 2015 by ThreatTrack Security Labs

On March 3, security researchers noted that an age-old SSL bug—in existence for more than 10 years—allows hackers under the right conditions to exploit a man-in-the-middle attack and gain access to potentially sensitive information. FREAK (Factoring RSA-EXPORT Keys) SSL relies on outdated ‘export grade’ cryptography settings, which are still contained within some web server code today. According […]

The post FREAK SSL Bug Forces Security Makers to Scramble for a Fix appeared first on ThreatTrack Security Labs Blog.

Continue reading FREAK SSL Bug Forces Security Makers to Scramble for a Fix→

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

Posted on March 10, 2015 by ThreatTrack Security Labs

The post FREAK SSL Bug Forces Security Makers to Scramble for a Fix appeared first on ThreatTrack Security Labs Blog.

Continue reading FREAK SSL Bug Forces Security Makers to Scramble for a Fix→

Dyre Targets More Websites

Posted on March 6, 2015 by ThreatTrack Security Labs

The Dyre Trojan has expanded its attack vectors, aiming to harvest sensitive data from an expanding list of targeted websites. Previously, Dyre had been known to seek out banking credentials as its primary targets, but ThreatTrack Security Labs researchers recently discovered multiple new types of domains, which have become part of Dyre’s standard target index. […]

The post Dyre Targets More Websites appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Targets More Websites→

Dyre Targets More Websites

Posted on March 6, 2015 by ThreatTrack Security Labs

The post Dyre Targets More Websites appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Targets More Websites→

Dyre Spambots Use JJencode to Broaden Distribution

Posted on February 9, 2015 by ThreatTrack Security Labs

January was a busy month for the developers of Dyre/Dyreza. The group reintroduced their Upatre link spam with some additional subterfuge. This article will explore two types of spambots that Dyre utilizes; the following diagram presents a simplified visual on how each type executes. Dyre bot operators have started to JJencode their HTML to obscure detection and have rigged […]

The post Dyre Spambots Use JJencode to Broaden Distribution appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spambots Use JJencode to Broaden Distribution→