Webinar: On June 28, Symantec will host a webinar where experts will discuss the most prevalent and significant financial threats of the past 12 months. Register now to attend. With all the attention ransomware is getting lately it’s easy to overlook other threats, such as those that target the financial sector and its customers. However, these types of threats are a serious and costly problem for
Hajime worm battles Mirai for control of the Internet of Things A battle is raging for control of Internet of Things (IoT) devices. There are many contenders, but two families stand out: the remains of the Mirai botnet, and a new similar family called Hajime. Hajime was first discovered by researchers in October of last year and, just like Mirai (Linux.Gafgyt), it spreads via unsecured devices tha
Table. Corentry version numbers and compilation dates compared to Fluxwire version numbers and changelog dates disclosed in Vault 7 A second Vault 7 document details Fire and Forget, a specification for user-mode injection of a payload by a tool called Archangel. The specification of the payload and the interface used to load it was closely matched in another Longhorn tool called Backdoor.Plexor.
Some of the key takeaways from January’s Latest Intelligence, and the threat landscape in general, include a lull in activity from the Necurs botnet affecting the email malware rate, new Android malware families, and the discovery of a cyberespionage group with possible links to the Shamoon disk-wiping attacks. Malware The email malware rate dropped dramatically in January, down from 1 in 98 email
Symantec has found evidence that a bank in the Philippines has also been attacked by the group that stole US$81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam. Malware used by the group was also deployed in targeted attacks against a bank in the Philippines. In addition to this, some of the tools used share code similarities with
New Internet Explorer zero-day exploited in Hong Kong attacks A newly patched zero-day vulnerability in Internet Explorer has already been exploited in attacks involving a compromised website belonging to an evangelical church in Hong Kong. Symantec telemetry revealed an exploit hosted on the compromised site, which was used to infect visitors with the Korplug back door (detected by Symantec as Ba
Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012 Earlier this year, the second largest health insurance provider in the US publicly disclosed that it had been the victim of a major cyberattack. The attack against Anthem resulted in the largest known healthcare data breach to date, with 80 million patient records exposed. Symantec believes that the attackers beh
The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy. Since no centra
Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well. The target of the link is disguised to make it look like it is linking to a text file, tricking the user into opening it, unaware that they are not opening a text file. Figure 1. Details of LNK file made to
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War Yesterday, June 25, the Korean peninsula observed a series of cyberattacks coinciding with the 63rd anniversary of the start of the Korean War. While multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DDoS) attacks observed yesterday against South Korean g
韓国でいくつかの銀行と放送局がサイバー攻撃を受けたことが、メディアで報じられています。 同国の ISP/電気通信プロバイダのサイトが改ざんされたほか、多くの組織のサーバーが停止しました。 改ざんされたサイトには、手の込んだアニメーション付きの Web ページが表示されます。効果音が流れて 3 つのどくろが現れ、「Whois」集団を名乗る攻撃者の手によると称するメッセージも表示されます。 この攻撃はまず、多数の Web サイトで障害が出始めるという形で明るみに出ました。銀行の利用者がオンライン口座にアクセスできなくなり、他のサイトからも停止しているという報告が相次ぎました。現時点で具体的な詳細はわかっていませんが、攻撃を受けたサイトの多くはハードディスクを消去され、該当するコンピュータは機能不全に陥りました。 シマンテックは、疑わしいマルウェアを Trojan Horse/Trojan.Jo
Latest Java Zero-Day Shares Connections with Bit9 Security Incident Symantec recently received information on a new Java zero-day, Oracle Java Runtime Environment CVE-2013-1493 Remote Code Execution Vulnerability (CVE-2013-1493). The final payload in the attack consisted of a DLL file, detected by Symantec as Trojan.Naid, which connects to a command-and-control (C&C) server at 110.173.55.187. Int
Today Mandiant released a detailed report dubbed "APT1" which focuses on a prolific cyber espionage campaign by the Comment Crew going back to at least 2006 and targeting a broad range of industries. The report cites the earliest known public reference about APT1 infrastructure as originating from Symantec. We have detected this threat as Backdoor.Wualess since 2006 and have been actively tracking
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く