Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal game. The new kid on the block is called “Sharp…
Category: Security Blog G Data Software AG
Android: Banking trojan masquerading as Chrome
Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to this. A current example of a malware that specifically targets…
RisePro stealer targets Github users in “gitgub” campaign
RisePro resurfaces with new string encryption and a bloated MSI installer that crashes reversing tools like IDA. The “gitgub” campaign already sent more than 700 archives of stolen data to Telegram. This article has been indexed from Security Blog G…
Let the “Mother of all Breaches” Be a Wake-up Call
At the end of January, a database with an allegedly unprecedented amount of personal information of billions of people appeared online. What does that mean for every one of us? What are the ramifications? Or is it all “more bark…
My 6 Security Predictions for 2024…
The beginning of January is traditionally the perfect month to look ahead to the new year. What can we expect in 2024 in the field of security? I present six predictions for this year. This article has been indexed from…
csharp-streamer: Peeking under the hood
An unusual attack tool has caught the attention and peaked the curiosity of G DATA analyst Hendrik Eckardt. The discovered RAT (Remote Access Tool) is apparently designed for networks where people take an annoyingly close – for the attackers –…
Cobalt Strike: Looking for the Beacon
During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like.…
New “Agent Tesla” Variant: Unusual “ZPAQ” Archive Format Delivers Malware
A new variant of Agent Tesla uses the uncommon compression format ZPAQ to steal information from approximately 40 web browsers and various email clients. But what exactly is this file compression format? What advantage does it provide to threat actors?…
Buyer beware: Phishing sites & Fake Shops still popular among criminals
Just in time for Black Friday, the number of phishing and scam websites is increasing. People on the lookout for a bargain are at risk of having there payment details and personal information stolen. This article has been indexed from…
Hostile Takeover: Malicious Ads via Facebook
Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone else’s name and at the expense of those affected. This quickly results in thousands of euros in damages for the actual account holders – not to…
Robots: Cybercriminals of the Future?
Artificial intelligence and adjacent technologies have been causing quite the stir lately. Many are concerned that AI is going to give rise to new and potentially completely machine-generated forms of criminal attacks. Let us look at some of those concerns.…
NIS-2: EU Directive Takes a Massive Step towards Increased Security
NIS-2 aims to establish an EU wide common security standard for critical infrastructures and adjacent industries as well as vital supply chains. Here is a brief recap – and also a good reason why even non critical industries should pay…
A little History: What Hacking and Model Train Sets Have in Common
Many people have an image that springs to mind when they hear the term “hacker”. This image is often the result of media reports about criminal activity. But: You might be surprised to hear that the world would be far…
Vulnerabilities: Understand, mitigate, remediate
As the value of data has grown managing vulnerabilities effectively is essential for the success of your organizations’ security and minimizing the impact of successful attacks. But: What are those vulnerabilities, anyway? Eddy Willems explains. This article has been indexed…
ChatGPT: The real Evil Twin
The clamor and viral use of a very human-sounding, artificial technology chatbot named, ChatGPT gave rise to some new and interesting activities in the cybercrime world. This article has been indexed from Security Blog G Data Software AG Read the…
Verdict-as-a-Service moves malware scanning from the endpoint to the cloud
Today, no one can do without data at work. However, malware often lurks in shared resources. Stefan Hausotte and his team have developed a solution for this with G DATA Verdict-as-a-Service. He reveals more in an interview. This article has…
Recovering from Attacks: Getting Back to Normal
An all-out attack on a company network usually causes havoc. Normal operation ceases for the most part, and the entire organisation switches to “emergency mode”. Bouncing back from that can be a challenge that might take weeks or months. Here…
ChatGPT: What AI holds in store for security
ChatGPT has made quite a splash in recent weeks. The AI-supported chatbot impresses with its convincingly human-looking way of answering questions and interacting with users. This arouses enthusiasm as well as concerns – including in the world of IT security.…
IT security trends 2023 (part 2): Why iPhones are hackers’ best friends, rootkits are celebrating a renaissance, and uncertainty is bad for IT security
In the second part of the blog series, Tim Berghoff, Stefan Decker and Karsten Hahn explore current trends in IT security. Their views focus on the effects on IT security of the past years of crisis, the importance of smartphones…
IT security trends 2023 (part 1): On the shortage of skilled workers, social engineering attacks and companies refusing to learn
Every year in November, we at G DATA CyberDefense ask our IT security experts the same question: “What risks will threaten the IT security of companies and private individuals in the coming year?” In the first part of this blog…
Building security: Protecting the crown jewels of your company
One of the important aspects of creating effective security is to make an assessment about what assets need most protection. This is a multi-faceted endeavour, as this blog article will line out. This article has been indexed from Security Blog…
Collaboration: Why working with competitors is crucial to combat cybercrime
Collaboration is an important factor for success. This has always been true for organisation internally. It may seem counterintuitive at first, but sometimes collaborating with a competitor is the best thing you can do. This article has been indexed from…
Identifying file manipulation in system files
Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…
Identifying file manipulation in system files
Sometimes people send files to us that seem to be legitimate Microsoft system files at first glance, yet closer inspection reveals, that they have in fact been modified. Are those manipulations always malicious? And how can file manipulations be identified?…
Printers: The underestimated danger inside your company
Printers are an often overlooked pathway into a company network. Whether it is a misconfiguration or a security flaw: There are ways to remedy both. This article has been indexed from Security Blog G Data Software AG Read the original…
The real reason why malware detection is hard—and underestimated
Researchers develop an AI with a 98% malware detection rate and 5% false positive rate. If you think this is a splendid technology for antivirus software, this article might change your mind. This article has been indexed from Security Blog…
The Psychology of Cybercrime
A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…
The Psychology of Cybercrime
A good criminal needs to know what makes people tick. There is a great deal of psychology involved in criminal activities – especially when it comes to establishing contact with potential victims. This article has been indexed from Security Blog…
Cybercrime: The Dangerous World of QR Codes
This article has been indexed from Security Blog G Data Software AG QR codes are everywhere these days. People use them to open websites, download apps, collect loyalty points, make payments and transfer money. This is very convenient for people,…
Criminals provide Ginzo stealer for free, now it is gaining traction
This article has been indexed from Security Blog G Data Software AG We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer? Read the…
Criminals provide Ginzo stealer for free, now it is gaining traction
This article has been indexed from Security Blog G Data Software AG We identified more than 400 samples for Ginzo stealer within 10 days since 20th March and the numbers are rising. What is behind the free stealer? Read the…
An attacker’s toolchest: Living off the land
This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…
An attacker’s toolchest: Living off the land
This article has been indexed from Security Blog G Data Software AG If you’ve been keeping up with the information security world, you’ve certainly heard that recent ransomware attacks and other advanced persistent threats are sometimes using special kind of…
Research Project: SmartVMI
This article has been indexed from Security Blog G Data Software AG SmartVMI is getting off the ground: Alongside the University of Passau and innowerk, G DATA is conducting research into improving the state of virtual machine introspection for memory…
Android Malware: An underestimated problem?
This article has been indexed from Security Blog G Data Software AG Is Android malware dangerous? How can I prevent my phone from an being infected? How can I remove a malicious app from my phone? What’s the real reason…
Allcome clipbanker is a newcomer in underground forums
This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…
Allcome clipbanker is a newcomer in underground forums
This article has been indexed from Security Blog G Data Software AG The malware underground market might seem astoundingly professional in marketing and support. Let’s take a look under the covers of one particular malware-as-a-service—the clipboard banker Allcome. Read the…
QR codes on Twitter deliver malicious Chrome extension
This article has been indexed from Security Blog G Data Software AG ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don’t contain what they promise. Read the original article: QR…
Merck wins Not Petya claim – but the future of cybersecurity insurance is complicated
This article has been indexed from Security Blog G Data Software AG Pharmaceutical company Merck & Co won its case for coverage of losses incurred during the Not Petya cyberattack, securing a payment of 1.4 billion US-Dollars from its insurance…
Malware vaccines can prevent pandemics, yet are rarely used
This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…
Malware vaccines can prevent pandemics, yet are rarely used
This article has been indexed from Security Blog G Data Software AG Vaccines have distinct advantages over detection based defense mechanisms, so we developed a vaccine to protect from one of the most notorious ransomware families—STOP/DJVU. But unlike vaccines against…
Germanys National Cybersecurity Agency declares red alert: Wave of attacks possibly imminent due to Log4Shell vulnerability
This article has been indexed from Security Blog G Data Software AG The remaining days before Christmas will not be relaxing ones for IT and IT security managers in companies around the world: The Log4Shell security vulnerability is currently keeping…
Malicious USB drives: Still a security problem
This article has been indexed from Security Blog G Data Software AG A malicious USB drive dropped in a parking lot – this image has become a bit of a trope in IT security circles. Still, the threat is very…
Cybersicherheit – Zahl der Woche: Jeder Zweite hält Banken für besonders gefährdet
This article has been indexed from Security Blog G Data Software AG Das Risiko einer Cyberattacke ist branchenabhängig. Das belegt die aktuelle Umfrage „Cybersicherheit in Zahlen“ von G DATA in Zusammenarbeit mit Statista und brand eins. Nach Ansicht der Befragten…
To pay or not to pay?
This article has been indexed from Security Blog G Data Software AG Recently, several magazines have repeatedly covered how to protect against and recover from ransomware attacks. However, many companies and individuals are left with the question of whether they…
An overview of malware hashing algorithms
This article has been indexed from Security Blog G Data Software AG VirusTotal’s “Basic Properties” tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as…
Is it “Fool Us”, or is it “Us Fools”?
This article has been indexed from Security Blog G Data Software AG The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended…
How can we get rid of them and why law enforcement is not really the answer
This article has been indexed from Security Blog G Data Software AG Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the…
How can we get rid of them and why law enforcement is not really the answer
This article has been indexed from Security Blog G Data Software AG Microsoft has recently seen many attacks by hackers using so-called web shells. The number of web shell attacks between August 2020 and January 2021 doubled compared to the…
Microsoft signed a malicious Netfilter rootkit
This article has been indexed from Security Blog G Data Software AG What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a…
A Tale of Two Floppies – The Basics of Cyber Security
This article has been indexed from Security Blog G Data Software AG I was thrilled when I was approached and asked to give a talk at TEDx in Leuven – in this talk I am sharing some anecdotes that have…
Plans for iOS15 put victims of stalking and abuse at risk
This article has been indexed from Security Blog G Data Software AG Apple has announced some innovations for iOS 15 are a cause for concern among victims of abuse and organizations that support survivors. Among other things, it will be…
Is it good, bad or something in between?
This article has been indexed from Security Blog G Data Software AG There has been a lot said about data scraping. Here is a breakdown of what it is, why it might be problematic and how we might deal with…
Malware Hides in Steam Profile Images
This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…
Malware Hides in Steam Profile Images
This article has been indexed from Security Blog G Data Software AG SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The…
Malware family naming hell is our own fault
This article has been indexed from Security Blog G Data Software AG EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The…
Perform simple security tests yourself – using Metasploit Framework and nmap
This article has been indexed from Security Blog G Data Software AG Even with little effort, the security of your own network can be put to the test. We present two tools that make this possible. The best thing about…
Perform simple security tests yourself – using Metasploit Framework and nmap
This article has been indexed from Security Blog G Data Software AG Even with little effort, the security of your own network can be put to the test. We present two tools that make this possible. The best thing about…
11 Biggest cyber security threats in 2021
Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article covers a unique insight to the 11 biggest cyber security threats…
11 Biggest cyber security threats in 2021
Read the original article: 11 Biggest cyber security threats in 2021 Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article…
To patch or not to patch
Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…
To patch or not to patch
Read the original article: To patch or not to patch As the infosec world was in turmoil following a total of seven zero-day vulnerabilities in MS Exchange and the so-called Hafnium attack, one thing came to my mind – and…
Creating a safer online world together with the Cybersecurity Tech Accord
Read the original article: Creating a safer online world together with the Cybersecurity Tech Accord At G DATA we always are providing our customers with the confidence that our solutions always meet high standards to operate safely throughout their lifecycle…
The danger inside your phone
Read the original article: The danger inside your phone SIM swapping targets people from various areas of life. A taxi driver is technically not less vulnerable to this attack as a business owner. In this article we cover how it…
Apple takes serious measures in action against zero-click exploits in iOS
Read the original article: Apple takes serious measures in action against zero-click exploits in iOS Following concerns expressed by users as well as security experts, Apple announced that they will take steps to make zero-click exploits a lot more difficult.…
Spying on your Exchange Server
Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…
Spying on your Exchange Server
Read the original article: Spying on your Exchange Server Microsoft have patched four highly critical security flaws in their Exchange mail server application. Those flaws allowed an attacker to access confidential information. No passwords are needed to exploit the vulnerabilities.…
New version adds encrypted communication
Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…
New version adds encrypted communication
Read the original article: New version adds encrypted communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version…
Hey there! I am not using WhatsApp.
Read the original article: Hey there! I am not using WhatsApp. The new WhatsApp terms and policy are on everyone’s lips right now. People move to alternatives like Telegram and Signal. While Telegram is arguably more popular than Signal, it…
How secure are smart contracts?
Read the original article: How secure are smart contracts? Smart contracts are related to cryptocurrencies and offer more efficiency than usual contracts in certain areas. Meanwhile, they are only as secure as the programmer’s best knowledge. Due to bad programming…
The emerging trend of security token offerings
Read the original article: The emerging trend of security token offerings This article covers a fundraising method called STOs(security token offerings). While the benefits are clear, low usage and security risks may put a damper on things. We are likely…
IceRat evades antivirus by running PHP on Java VM
Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…
IceRat evades antivirus by running PHP on Java VM
Read the original article: IceRat evades antivirus by running PHP on Java VM IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article…
Criminal Activities in Times of a Global Pandemic
Read the original article: Criminal Activities in Times of a Global Pandemic The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019 (COVID-19). This brought about a change in the everyday…
Babax stealer rebrands to Osno, installs rootkit
Read the original article: Babax stealer rebrands to Osno, installs rootkit Babax not only changes its name but also adds a Ring 3 rootkit and lateral spreading capabilities. Furthermore it has a ransomware component called OsnoLocker. Is this combination as…
The TRUMP crypto derivative – An insight into crypto derivatives
Read the original article: The TRUMP crypto derivative – An insight into crypto derivatives Crypto derivatives offer unique advantages over traditional ones. But at what cost? In this article we look at what they are and what kind of security…
The TRUMP crypto derivative – An insight into crypto derivatives
Read the original article: The TRUMP crypto derivative – An insight into crypto derivatives Crypto derivatives offer unique advantages over traditional ones. But at what cost? In this article we look at what they are and what kind of security…
“The investment in new technologies has paid off.” (Update)
Read the original article: “The investment in new technologies has paid off.” (Update) G DATA Internet Security ensures that users are well protected against cyber attacks. This has been repeatedly confirmed in tests by two independent test institutes, AV-Test and…
Malware control via smartphone
Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app. Become a supporter of…
Malware control via smartphone
Read the original article: Malware control via smartphone Malware sellers want to attract customers with convenience features. Now criminals can remote control malware during their bathroom routine by just using a smartphone and Telegram app. Become a supporter of…
A modern Sample Exchange System
Read the original article: A modern Sample Exchange System We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system. …
Happy Birthday Virus Bulletin Conference, you’re 30 years old!
Read the original article: Happy Birthday Virus Bulletin Conference, you’re 30 years old! The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts.…
Happy Birthday Virus Bulletin Conference, you’re 30 years old!
Read the original article: Happy Birthday Virus Bulletin Conference, you’re 30 years old! The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts.…
DLL Fixer leads to Cyrat Ransomware
Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files. Advertise on IT Security News. Read the original…
DLL Fixer leads to Cyrat Ransomware
Read the original article: DLL Fixer leads to Cyrat Ransomware A new ransomware uses an unusual symmetric encryption method named “Fernet”. It is Python based and appends .CYRAT to encrypted files. Advertise on IT Security News. Read the original…
Reverse Engineering and observing an IoT botnet
Read the original article: Reverse Engineering and observing an IoT botnet IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer…
Reverse Engineering and observing an IoT botnet
Read the original article: Reverse Engineering and observing an IoT botnet IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer…
How Malware Gets a Free Pass
Read the original article: How Malware Gets a Free Pass In an ideal world, something that is signed cannot not be altered. A signature implies that the signed item is trustworthy and unaltered. When it comes to signed files, things…
How Malware Gets a Free Pass
Read the original article: How Malware Gets a Free Pass In an ideal world, something that is signed cannot not be altered. A signature implies that the signed item is trustworthy and unaltered. When it comes to signed files, things…
Ransomware tries to worm
Read the original article: Ransomware tries to worm Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though. Advertise on…
Number of cyber attacks increases significantly in the first quarter
Read the original article: Number of cyber attacks increases significantly in the first quarter The current threat analysis by G DATA CyberDefense shows that the number of attacks prevented in March 2020 has increased significantly. The cyber defence company averted…
Buran’s transformation into Zeppelin
Read the original article: Buran’s transformation into Zeppelin Ransomware is still evolving. Evidence for this can be seen every day. Our analysts have taken a look at Buran and Zeppelin, a particularly devastating exhibit of this evolution. Advertise on…
Introducing the TypeRefHash (TRH)
Read the original article: Introducing the TypeRefHash (TRH) We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware…
Introducing the TypeRefHash (TRH)
Read the original article: Introducing the TypeRefHash (TRH) We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware…
10 best computer science edutainment games!
Read the original article: 10 best computer science edutainment games! Learning computer science doesn’t have to be purely educational anymore – like it’s taught in schools or universities. There are many services out there, providing an additional entertaining part to…
New Java STRRAT ships with .crimson ransomware module
Read the original article: New Java STRRAT ships with .crimson ransomware module This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed. Advertise on…
New Java STRRAT ships with .crimson ransomware module
Read the original article: New Java STRRAT ships with .crimson ransomware module This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed. Advertise on…
10 best computer science edutainment games!
Read the original article: 10 best computer science edutainment games! Learning computer science doesn’t have to be purely educational anymore – like it’s taught in schools or universities. There are many services out there, providing an additional entertaining part to…
Harmful Logging – Diving into MassLogger
Read the original article: Harmful Logging – Diving into MassLogger There are many things that can be logged on a computer. While not all logging data is useful for the average user, a lot of logging goes on in the…