RSS_Virtulization

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware. Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Android Malware, RATs, Phishing, QLocker Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber…

Threat researchers at Armorblox have come across two new phishing scams targeting customers of JPMorgan Chase Bank.  Both attacks deployed social engineering and brand impersonation tactics in an attempt to steal customers’ login credentials. While one scam involved an email that appeared to contain a credit card statement, the other impersonated a locked account workflow to falsely inform victims that access to their account had been blocked following the detection of unusual login activity. Amorblox researchers said…

Security expert publishes coffee table book for cryptographers to explain the science of secrecy. Image: iStockphoto/ivanmollov What do the Bass0matic, blockchain and zero-knowledge proofs have in common? Each term shows up in Jean-Philippe Aumasson’s new publication: “Crypto Dictionary: 500 Cryptographic Tidbits for the Curious.” Aumasson is the chief security officer and cofounder of Taurus Group, a Swiss fintech company and the author of “Serious Cryptography: A Practical Introduction to Modern Encryption.”   Aumasson writes in the preface…

While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die? Like anything else we own, those things can be passed along through our estates too. With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have…

The spyware tries to steal passwords and other sensitive data and accesses your contact list, warns the U.K.’s National Cyber Security Centre. Image: Artyom Medvediev, Getty Images/iStockphoto A new malicious piece of spyware is targeting Android users in the U.K. in an attempt to snag their passwords and other private information. Last Friday, the U.K.’s National Cyber Security Centre (NCSC) issued an advisory cautioning people to beware of the new spyware dubbed FluBot. Affecting Android…

With on-premises infrastructure, securing server workloads and applications involves putting security controls between an organization’s network and the outside world. As organisations migrate workloads (“lift and shift”) to the cloud, the same approach was often used. On the contrary to lift and shift, many enterprise businesses had realized that in order to use the cloud efficiently they need to redesign their apps to become cloud-native. Cloud native is an approach to building and running applications that exploits…