Malware exists even there - and it spreads fast. And like any system with a physical backend, the cloud can easily be subject to a wide range of vulnerabilities - including malware. But malware on the cloud is a very real, and very present threat. The problem is that the malware components aren’t identifiable through traditional scanning simply because they aren’t assembled as malware until the moment of attack.Some exploits appear to be benign.”. MORE

Big hits Since the malware museum opened its virtual doors in February, its collection of de-fanged DOS-based malware from the 80s and 90s has attracted nearly 1 million views. MORE

Researchers have found a malware program that was designed to manipulate supervisory control and data acquisition (SCADA) systems in order to hide the real readings from industrial processes. The same technique was used by the Stuxnet sabotage malware allegedly created by the U.S. The new malware was discovered in the second half of last year by researchers from security firm FireEye, not in an active attack, but in the VirusTotal database. MORE

There has been a steady stream of reports and claims lately that many of us no longer need endpoint security, that antivirus (AV) programs on our PCs are worthless. Gizmodo flat out said that you really don't need an antivirus app anymore, arguing that Windows 10 and the browsers have tightened up security to the point that they adequately protect end users. Windows Central asked the same question , but determined that more protection is better than less. MORE

But still the malware gets in. The malware gets in. You can block and patch and try your hardest to prevent, but the bad guys will innovate and eventually malware gets in. Which leads to this advice: Work hard to prevent ransomware and other malware attacks by using best practices, and have your approach validated by an external assessment (see Cognitio ). But understand that this is an evolving threat, and eventually malware will get in. Bob Gourley. MORE

The latter work (COFFSHOP.COM, artist unknown, if you’re keeping score) can be found at the Malware Museum, the brainchild of F-Secure Chief Research Officer Mikko Hypponen. Visitors can watch malware’s on-screen manifestations at the website and can even download emulations to their PCs. MORE

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users. Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious.LNK files inside ZIP archives. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell. MORE

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches MORE

Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart ) as a lead up to the publication on March 15 of my novel Zero Day , this post describes one submitted to me by a user that took a unique.( MORE

Customers of certain Cisco and Fortinet security gear need to patch exploits made public this week after a purported hack of NSA malware. Both companies have issued fixes to address exploits that were posted online and after they found the exploits represent real threats to some of their products, including versions of Cisco’s popular PIX and ASA firewalls and versions of Fortinet’s signature Fortigate firewalls. MORE

Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black. Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says. MORE

Who will win: Antimalware developers or malware developers Artificial intelligence algorithms are involved in a cyber arms race. MORE

Fileless malware is a dangerous and devious threat--and it's gaining traction. Find out how it might affect your organization, network, and the devices connected to it MORE

Malware is an abbreviated term that stands for “malicious software.” What is Malware? There are various types of malware. Malware creation has become popular in recent times due to the the lure of money that can be made through organized Internet crime. MORE

The buzzword "fileless malware" is increasingly causing fear, uncertainty, and doubt. But we should already have controls in place MORE

Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products. The malware, called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. The malware does so by exploiting flaws in the cameras that a security researcher reported back in March. MORE

The video below explores DDP Protected Workspace and uniquely addresses healthcare regulations related to malware prevention. Individuals take malware and obtain the characteristics pertaining to the individual and find ways to get around the malware inspections in place. MORE

The disk-wiping Shamoon malware, which was used in attacks that destroyed data on 35,000 computers at Saudi Aramco in 2012, is back; the Shamoon variant prompted Saudi Arabia to issue a warning on Monday. An alert from the telecoms authority, seen by Reuters, warned all organizations to be on the lookout for the variant Shamoon 2. MORE

The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force. The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated. More on Network World: IBM: Tax-related spam up 6,000% since Dec.; MORE

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie. MORE

The video at this link and embedded below provides an overview of conclusions from CTOvision research into ways to automate the removal of cyber threats (including malware) from your enterprise. By Bob Gourley. MORE

Financial malware attacks increased 16% in the second quarter of the year, driven by collaboration between the developers of two banking Trojans in the top the financial malware threats, says Kaspersky Lab MORE

The Department of Homeland Security (DHS) wants to be able to predict what form malware will morph to so it can plan how to block it when it becomes reality. 500,000 to develop the technology, known as Predictive Malware Defense (PMD). Charles River will use machine learning and statistical models to predict attacks based on new malware as well as create defenses ahead of time. The models will look at features of families of malware and predict how they might evolve. MORE

In spite of a recent effort to improve the performance and detection rates in Windows Defender, Microsoft's anti-malware tool is still not very good at its job. The latest round of tests performed by German institute AV-TEST, one of the most respected and regarded malware testing shops, show that Microsoft Security Essentials and Windows Malicious Software Removal Tool fared the poorest in removing an existing infection. MORE

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US. The malware, dubbed Crash Override in the Dragos report ( pdf ) and Industroyer in the ESET report ( pdf ), has nothing to do with espionage and everything to do with cyber-sabotage. MORE

Network traffic analysis should be used more in the fight against malware. The researchers, who have been studying historic network traffic patterns, say the latest malware tracking should take advantage of inherent network-supplied barometers and stop simply focusing on trying to identify malware code already on networks and machines. MORE

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches MORE

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches MORE

Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient.( malware read more ). MORE

A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives. Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective against all 14 vendors’ antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines. MORE

malware. big data Cyber Attacks Security and Risk cyber security encryption malware threat and vulnerability managementData is the perimeter, defend it that way. Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE's you probably heard about the nuclear bomb of a ransomware attack that kicked off last week. Welcome to the post apocalypse folks. MORE

A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments. On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks. Hotel and restaurant chains, beware. MORE

Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies. The malware program, which researchers from security firm SentinelOne have dubbed Furtim’s Parent, is a so-called dropper -- a program designed to download and install additional malware components and tools. The goal of droppers is to prepare the field for the installation of other malware components that can perform specialized tasks. MORE

In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates. Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods. MORE

Jack Wallen offers up a few bits of advice that will help you to use your devices intelligently and avoid malware If you work without concern for security, your data will be breeched. MORE

Malware-free cyber attacks are on the rise and artificial intelligence in cyber security is still far from replacing humans, according to most cyber security researchers MORE