Archive for July, 2017


The news that disturbed my digital life came two years ago in a snail mail letter strewn with phrases like “malicious cyber intrusion” and “identity theft.” A relative’s company had been part of a massive hack, the note said, leaving my information exposed. Before the letter came, I was a cyber security neophyte: I didn’t use a VPN and encrypted websites were just for banking. I often shopped online, depositing my credit card number over coffee shop wifi. Continue reading

Test injections from the NukeBot source code

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually suspected of being a scammer. Now, three months after the source code was published, we decided to have a look at what has changed in the banking malware landscape. Continue reading

A breakdown of how pervasive the CopyCat malware campaign is

Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues in two months. Continue reading

Recently, Check Point researchers revealed a brand new attack vector – attack by subtitles. As discussed in the previous post and in our demo, we showed how attackers can use subtitles files to take over users’ machines, without being detected. Continue reading

Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. Continue reading

Dam Breaking

A recent article in Information Age, titled “As the digital and physical worlds collide it’s time for a security refresh,” offers cybersecurity readiness advice from Mike East, CrowdStrike’s vice president for EMEA. The article, written by Nick Ismail, argues that as cyber threats continue to evolve, organizations must have the people, training and technology to respond in kind. Continue reading

The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. Continue reading

Azer Ransom Note

Today has been busy with ransomware and we have some some good news coming later today. For this story, though, we are going to take a look at the Azer variant of the Cryptomix ransomware. This version of Cryptomix was discovered today by security researcher MalwareHunterTeam right as a decryptor for the previous version, Mole02, was released. Continue reading

A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of it. It affects all versions of Samba since 3.5.0. Continue reading