Clik here to view.
Boost Certificate Security With Android SSL Pinning
Certificate SSL pinning is an extra security layer in the SSL validation process for certificate authenticity. This process verifies that the certificate/key provided by the remote server exactly...
View ArticleClik here to view.
Microsoft’s June Patch Kills Potential CFG Bypass
After applying Microsoft’s June patch, we noticed some interesting changes that prevent a security bypass of Windows’ Control Flow Guard (CFG). The changes are in the Shader JIT compiler of the Windows...
View ArticleClik here to view.
JavaScript-PHP Joint Exercise Delivers Nemucod Ransomware
The ransomware Nemucod has been very prevalent in the last few months. Nemucod’s habit of frequently changing its delivery mechanism and infection vector to evade detection makes this threat very...
View ArticleClik here to view.
Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs...
View ArticleClik here to view.
How to: Testing Android Application Security, Part 2
The popularity of Android devices and applications makes it a target for malware and other threats. This post is the second in a short series on Android application security. In the first article we...
View ArticleClik here to view.
Security Best Practices for Azure App Service Web Apps, Part 4
Microsoft’s Azure App Service is a fully managed Platform as a Service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. In spite of...
View ArticleClik here to view.
Efficient Application Testing With Burp’s Cookie Jar
Testing web applications for security flaws is sometimes difficult due to the peculiar behaviors of applications. One curious behavior is an application that modifies and validates cookies on a...
View ArticleJune #SecChat Recap: Findings from the 2016 Verizon DBIR
This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260 confirmed breaches, taking a deep dive into...
View ArticleClik here to view.
Business Email Compromise Hurts Your Organization
As many workers do today, you probably get emails from your boss asking you to perform various tasks. You may also get unusual requests under unusual circumstances—perhaps to put out a fire for a big...
View ArticleClik here to view.
Trojanized Pokémon GO Android App Found in the Wild
Pokémon GO is a new mobile game that allows fans to “catch” Pokemons in the real world using augmented reality and their smartphones capabilities such as location technology and built-in cameras. The...
View ArticleClik here to view.
Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact
Protected View is a security feature of Microsoft Office. According to research from MWR Labs, Protected View mode is a strong application-level sandbox. In a real-world attack scenario, Office...
View ArticleClik here to view.
Security Best Practices for Azure App Service Web Apps, Part 5
Microsoft’s Azure App Service is a fully managed platform as a service for developers that provides features and frameworks to quickly and easily build apps for any platform and any device. Despite the...
View ArticleClik here to view.
Phishing Attacks Employ Old but Effective Password Stealer
A few months ago we received a sample from a customer that turned out to be a password stealer (PWS). One thing about this malware stood out: the subdirectory used in the access panel URL. It contained...
View ArticleIntel Security Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware
Intel Security, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems. Although we talk a great deal of the value...
View ArticleClik here to view.
No More Ransom: A New Initiative to Battle Ransomware
Ransomware has seen a huge increase over the past couple of years. According to our June Quarterly Threats Report, there was a 113% increase in ransomware over the past year. However, the real...
View ArticleClik here to view.
Trojanized Propaganda App Uses Twitter to Infect, Spy on Terrorist Sympathizers
The Mobile Malware Research Team of Intel Security has discovered in recent weeks a number of new threats in the Middle East. In May, we uncovered a spying campaign targeting cybersecurity...
View ArticleClik here to view.
Taking Steps to Fight Back Against Ransomware
Ransomware is an attack in which malware encrypts files and extorts money from victims. It has become a favorite among cybercriminals because it is easy to develop, simple to execute, and does a very...
View ArticleClik here to view.
Active iOS Smishing Campaign Stealing Apple Credentials
Intel Security Mobile Research recently found an active phishing campaign targeting iOS users via SMS messages. The message tells users that their Apple accounts have been temporarily locked to trick...
View ArticleClik here to view.
XML External Entity Injection Opens Door to Attacks, Theft
XML is a popular language for web developers, partially due to its software and hardware independence. Recently, however, XML security is under threat from XML external entity injection (XXE) attacks,...
View ArticleClik here to view.
Creating a Custom Domain Name with a Google App Engine Application
Google’s App Engine is a Platform as a Service (PaaS) for developers that provides features and frameworks to quickly and easily build scalable web applications. Developers can create applications and...
View Article