Transatlantic Cable podcast, episode 167
Who would have thought that an episode of this podcast would start with Robin Hood? Well, you don’t have to go far; that’s exactly where we kick off this episode of the Transatlantic Cable podcast. Our first story of the week takes a look at some Robin Hood types who,…Read More
Malware control via smartphone
T-RAT has 98 commands. Instead of describing every single command within the main article, I categorized them into groups which are explained below. The full command listing is in Appendix B. 1. Menu navigation These are commands to enter or exit certain modules like the file manager. They help to…Read More
Training by security console
The notable shortage of cybersecurity specialists on the market in recent years has become particularly problematic in 2020. The pandemic, which has led to a widespread shift to remote working, has also highlighted the need to change security strategies at many companies. Even small firms have realized that the skills…Read More
What DoH Can Really Do
Reading Time: ~ 3 min. Fine-tuning privacy for any preference A DNS filtering service that accommodates DNS over HTTPS (DoH) can strengthen an organization’s ability to control network traffic and turn away threats. DoH can offer businesses far greater control and flexibility over their privacy than the old system. The…Read More
Leaky images and other foibles of office documents
Reports, articles, marketing materials — all are document types most of us handle at some point. We write and edit them on computers, e-mail them to colleagues or friends, share them in the cloud, hand them to clients, and so much more. If a file you intend to show to…Read More
Cyber News Rundown: Child Smartwatch Backdoored
Reading Time: ~ 2 min. Backdoor Found in Children’s Smartwatch Researchers have discovered that the X4, made by Norwegian smartwatch seller Xplora, contains a backdoor that could allow for information to be stolen. The X4 watch is designed specifically for children with a limited number of capabilities, mostly for children’s…Read More
Collaboration tools from a security perspective
For many companies, the mass transition of staff to remote working created a need for new tools. Years of fine-tuning employee interaction mechanisms went down the drain overnight as IT departments scrambled to deploy market-ready collaboration solutions. These solutions aroused no less interest among cybercriminals, who smelled an opportunity to…Read More
MaMoCrypt Ransomware Decryption Tool
We’re happy to announce the availability of a new decryptor for MaMoCrypt, a strain of ransomware that appeared in December last year. MaMoCrypt is an unusual piece of ransomware, a variant of MZRevenge written in Delphi and packed using mpress. If you don’t want to go through the technical analysis, you…Read More
Innovation in enterprise
It is no secret that business cannot survive without innovation. To gain competitive advantage, companies must continually develop, introducing new processes, new technologies, new tools. Wholesale digitalization has affected innovation in at least two ways. On the one hand, it has prepared the ground to ease the way for the…Read More
Transatlantic Cable podcast, episode 166
We kick off this week’s edition of the Transatlantic Cable podcast by looking at an active scam in the UK. As if 2020 was not bad enough, now people need to be on the lookout for scams that are targeting them with travel and refunds that are more prevalent with…Read More
How to choose a truly free smartphone game
Wherever and whenever you want to play, mobile games are there for you. You can occupy yourself on the subway or while waiting in line at the doctor’s office by battling in Fortnite or PUBG, or you can spend your lunch break gathering resources in Clash of Clans. What’s more,…Read More
Transaction and account security tips for eBay
eBay is one of the most popular marketplaces in the world, and one of the reasons is that it’s generally safe and reliable. But when you engage in monetary transactions, you always assume the risk of losing money as a result of fraud or negligence, to name just two causes.…Read More
Cyber News Rundown: COVID-related Attacks Target Canadian Companies
Reading Time: ~ 2 min. New Jersey Hospital Pays Massive Ransom Officials have decided to pay roughly $670,000 in ransom following a ransomware attack on the University Hospital in New Jersey. The hospital was likely forced into this decision after being unable to restore from backups the 240GB of data…Read More
A modern Sample Exchange System
Motivation As an anti-virus software vendor, we exchange current malware samples and IOCs with our partners from the industry. This has been common practice among vendors for many years, but there is no standard for this and the approaches used for the process have specific drawbacks. For example, some vendors provide new…Read More
MontysThree: Industrial cyberspy
Our experts have found traces of activity of a new cybercriminal group that spies on industrial enterprises. The crooks are carrying out targeted attacks, using a tool that our researchers call MontysThree, looking for documents on victims’ computers. The group appears to have been active since at least as far…Read More
What Are Infostealers?
An infostealer is a piece of malicious software (malware) that tries to steal your information. More complex malware such as banking trojans (for example TrickBot) and stalkerware usually include infostealer components.In most cases, this means stealing information that can make money for the cyber criminals. Here are some things that…Read More
Transatlantic Cable podcast, episode 165
The SAS is here — digitally, of course; it is 2020, after all. To kick off the latest iteration of the Transatlantic Cable podcast, Dave and I chat about a topic presented at the conference. We begin with Mark Lechtik, Igor Kuznetsov, and Yury Parshin’s research on MosaicRegressor. This new…Read More
Malware delivery through UEFI bootkit with MosaicRegressor
Recently, our researchers uncovered a sophisticated targeted attack aimed at diplomatic institutions and NGOs in Asia, Europe, and Africa. As far as we can determine, all of the victims were connected to North Korea in one way or another, whether through nonprofit activity or diplomatic ties. The attackers used a…Read More
It’s Time to Talk Seriously About Deepfakes and Misinformation
Reading Time: ~ 4 min. Like many of the technologies we discuss on this blog—think phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just getting a whole lot better. And that has scary implications for both private citizens and businesses alike. The term “deepfakes,” coined by a Reddit user in…Read More
The Pied Piper of Hamelin and cyberweapons
Contrary to popular opinion, fairy tales and folk legends were not invented as entertainment, but to teach children (and adults) important lessons in an easy-to-understand form. Since time immemorial, storytellers have woven cybersecurity tips into their tales, hoping to make the Internet (which they foresaw) a safer place. For example,…Read More