[SANS ISC] AutoIT based malware back in the wild

I published the following diary on isc.sans.org: “AutoIT based malware back in the wild“. One week ago I wrote a diary with an analysis of a malicious RAR archive that contained an AutoIT script. The technique was not new but I was curious to see if this was a one-shot

[The post [SANS ISC] AutoIT based malware back in the wild has been first published on /dev/random]

Continue reading [SANS ISC] AutoIT based malware back in the wild

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in certain customers unintentionally sharing sensitive files. Continue reading Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online

An anti-malware detection service provider and premium security firm has been accused of leaking terabytes of confidential data from several Fortune 1000 companies, including customer credentials, financial records, network intelligence and other sensi… Continue reading How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online

A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story

A leaked transcript of a phone conversation between President Donald Trump and his Philippine counterpart was available online for weeks before surfacing in news reports, and it now appears to be just one of a series of sensitive Philippine government documents acquired by a hacker group with suspected ties to the Vietnamese government, according to research conducted by multiple cybersecurity experts and evidence gathered by CyberScoop. On May 15, eight days before either The Intercept or the Washington Post reported about the transcript of Trump’s call with President Rodrigo Duterte, someone uploaded what appears to be the same document to the repository VirusTotal along with malicious email attachments. How The Intercept and the Post originally obtained their own copies of the Trump-Duterte transcript — which unnamed U.S. officials confirmed as authentic — remains unclear. The leak appears to be bigger than just one document. Included in the dump were notes regarding a conversation between Duterte […]

The post A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story appeared first on Cyberscoop.

Continue reading A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story

Malware Network Communication Provides Better Early Warning Signal

An academic paper to be presented today at IEEE posits that analysis of network signals provides a better early warning of malware than infections than current practices. Continue reading Malware Network Communication Provides Better Early Warning Signal

Malware Scanning Services Containers for Sensitive Business Information

At the Kaspersky Lab Security Analyst Summit, one researcher shared how he was able to find corporate emails, confidential business plans and classified FBI flash alerts. Continue reading Malware Scanning Services Containers for Sensitive Business Information

Cyber Security Snake Oil

Hello again readers and welcome back! Today’s blog post is going to cover an instance, which unfortunately occurs WAY to often in the cyber-security realm, especially on the topic of “threat intelligence” or “advanced analytics” or whatever other buzzw… Continue reading Cyber Security Snake Oil

Cyber Security Snake Oil

Hello again readers and welcome back! Today’s blog post is going to cover an instance, which unfortunately occurs WAY to often in the cyber-security realm, especially on the topic of “threat intelligence” or “advanced analytics” or whatever other buzzw… Continue reading Cyber Security Snake Oil