Home Tags Legitimate

Tag: legitimate

Converting licensed vocal files falls into a legal gray area.
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
No 'legitimate users' of modded Blackberries, says FBI An arrest by US authorities last week has brought to light alleged associations between encrypted phone supplier Phantom Secure and international drug trafficking.…
Sandvine insists report is inaccurate and misleading Internet users in Turkey, Egypt and Syria who attempted to download legitimate Windows applications have been redirected to nation-state spyware through deep-packet inspection boxes placed on telecom...

Masha and these Bears

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary.

They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile.

The Slingshot APT FAQ

While analyzing some memory dumps suspicious of being infected with a keylogger, we identified a library containing strings to interact with a virtual file system.

This turned out to be a malicious loader internally named “Slingshotrdquo;.
There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it.

From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile ground for collecting credit and debit cards en masse.

Mining is the new black

Last year we published a story revealing the rise of miners across the globe.

At the time we had discovered botnets earning millions of USD. We knew this was just the beginning of the story, which turned out to develop rapidly.
Calling government proposals to seek decryption of communications a "backdoor" is a cartoon-like assumption, according to Secretary of the Department of Home Affairs Michael Pezzullo.
Certificates registered in names of real corporations are surprisingly easy to come by.
Code-signed apps are harder to detect by network security appliances, making it easier to sneak malware onto a vulnerable system.

The downside? Certificates aren't cheap — and hackers usually are.
Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc.

Given that tax authorities and their taxpayers are moving online, it's no surprise to find cybercriminals hard on their heels.