Decrypting CryptXXX version 3 — for free
In April 2016 a young and ambitious trojan cryptor known by the name CryptXXX was released. It was distributed by the infamous Angler and Neutrino exploit kits. It’s creators certainly hoped that after the release they could lay on the couch and watch the money flow from the victims pockets to their bitcoin wallets. But…
John McAfee’s 3 major cybersecurity predictions for 2017
John McAfee, CEO at MGT Capital Investments, Inc. (MGTI) provides CSO with his predictions for 2017. 1. “IoT denial of service attacks on major Internet carriers, like the one carried out on Dyn earlier year will become commonplace, and the severity will be orders of magnitude greater than what we have seen. The 2016 IoT DDoS…
Trump Plans To Build Anti-Hacking Team
US President-elect Donald Trump has announced he will set up a team to guide the government on how to ward off cyberattacks within 90 days of taking office, reports Reuters. He said this soon after a “constructive” meeting with members of US intelligence agencies on January 6 to discuss the agencies’ report on last year’s…
After a terrible year for cybersecurity, will 2017 be any better?
From a cybersecurity perspective, 2016 was a very devastating year for companies, schools, government agencies, organizations and even presidential campaigns. What we’ve learned from a record year for breaches, hacks, phishing, malware, and ransomware is what we’ve known all along: cyber criminals are clever and they are not bound by any rules or real strategy….
The Four Leading Security Threats of 2017
The security landscape is constantly evolving and will continue to evolve in 2017. Long-standing security threats will take on new dimensions. Social engineering, for example, will become an output as well as an input. At the same time, the Internet of Things (IoT) continues to open new threat vectors. The new year will certainly bring…
The Coolest Hacks Of 2016
In a year when ransomware became the new malware and cyber espionage became a powerful political propaganda tool for Russia, it’s easy to forget that not all hacking in 2016 was so ugly and destructive. Sure, cybercrime and cyber espionage this past year turned the corner into more manipulative and painful territory for victims. But…
User Behavior Analytics: Perfect for Analysis but Not Security
How many times have you read or heard about user behavior analytics (UBA)? Today this term applies to security managers and auditors but not to security administrators. User behavior analytics enable IT teams to track and quickly analyze user behavior anomalies and monitor watch-lists, trends and many other factors relative to users. UBA is a…
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.
Tech support scam page triggers denial-of-service attack on Macs
Tech support scammers have been using various themes to push fake alerts to scare users into calling for assistance. These fall into the ‘browlock’ category if they are via the browser and into the screen lockers category if they are actual malware that runs on the system. Recently, there has been a trend for scammers to cause…
IDG Contributor Network: Defensive regression in cybersecurity
What is defensive regression? There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It’s not the regression that Sigmund Freud talks about, although there are plenty of folks that don’t act like adults in our industry – long live office ball pits :-). Perhaps the simplest…