There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is not commonly discussed is the fact that one third of these breaches are a result of weak default passwords in the remote administration software that is typically installed on these systems. [1] While advanced exploits generate a lot of interest, sometimes it’s Read more...
Archive for 'July 2014'
BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems
July 9, 2014 10:00 AM By Nart Villeneuve, Joshua Homan, Kyle WilhoitHavex, It’s Down With OPC
July 17, 2014 10:00 AM By Kyle Wilhoit
FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as “Fertger” or “PEACEPIPE”), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors. While Havex itself is a somewhat simple PHP Remote Access Trojan (RAT) that has been analyzed by other sources, none of these Read more...
Operation Tovar: The Latest Attempt to Eliminate Key Botnets
July 8, 2014 10:00 AM By Meaghan Molloy
Coordinated botnet disruptions have increased in pace and popularity over the last few years as more private companies work with international law enforcement agencies to combat malware infections on a grand scale. Operation Tovar, announced on June 2 2014, is the latest to make headlines. The target of the investigation, Evgeniy Mikhailovich Bogachev, was indicted by the Department of Justice and is wanted by the FBI for his role as alleged leader Read more...
The Little Signature That Could: The Curious Case of CZ Solution
July 18, 2014 10:00 AM By James T. Bennett, Kyle Wilhoit
Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are one way malware authors keep under the radar. Digital signatures are an easy, quick way to verify the authenticity of an application utilizing the signature.Threat actors routinely steal digital signing certificates to Read more...
The Service You Can’t Refuse: A Secluded HijackRAT
July 1, 2014 1:00 PM By Jinjian Zhai, Jimmy Su
In Android world, sometimes you can’t stop malware from “serving” you, especially when the “service” is actually a malicious Android class running in the background and controlled by a remote access tool (RAT). Recently, FireEye mobile security researchers have discovered such a malware that pretends to be a “Google Service Framework” and kills an anti-virus application as well as takes other malicious actions.In the past, we’ve seen Android malware that execute privacy Read more...
An error has occurred
Well that wasn’t supposed to happen. Something went wrong when trying to access this page. Please try again in a few minutes while we’re working on it.
To send feedback about this error, click here.