Apple accidentally approved malware disguised as Flash, new report finds

The Verge

Apple accidentally approved common malware disguised as an update for Adobe Flash Player to run on macOS, according to a new report. According to security researcher Patrick Wardle, Apple approved an app that contained code used by a well-known malware called Shlayer.

Government Agencies Discover New Chinese Malware Strain

SecureWorld News

CISA reports on Chinese malware strain. And it's a malware strain used specifically by the Chinese government. A recent CISA Malware Analysis Report (with contributions from the FBI and DoD), outlines this new malware variant.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New Video: Automating Your Cyber Defenses Including Malware Removal


The video at this link and embedded below provides an overview of conclusions from CTOvision research into ways to automate the removal of cyber threats (including malware) from your enterprise. Additional context into this topic is available in our research report downloadable here: . Analysis Big Data Cloud Computing CTO Cyber Security DoD and IC Strategy The Future Trends Video Automation Chief information security officer CISO Computer security Malware By Bob Gourley.

Trojan malware is back and it’s the biggest hacking threat to your business


Trojan malware attacks against business targets have rocketed in the last year, as cybercriminals alter their tactics away from short-term gain and in-your-face ransomware attacks towards more subtle, long-term campaigns with the aim of stealing information including banking information, personal data, and even intellectual property. Figures from security company Malwarebytes Labs in a new report suggest […].

Nearly a third of malware attacks are zero-day exploits

Computer Weekly

Companies could be missing up to third of malware that is targeting them, according to a report by WatchGuard

Almost half of mobile malware are hidden apps

Tech Republic Security

Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report

Malware is down, but IoT and ransomware attacks are up

Tech Republic Security

Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall's midyear threat report

PcTechmate: Automating repair of malware ridden systems


The most recent reports from Symantec and McAfee have publicly said “Do not rely solely on our products to protect your computer.” Signature based solutions are being bypassed by malware every day. The pervasiveness and sophistication of modern malware is damaging computers to a point where expert int. Registering as a CTOvision Pro member provides unique insights, exclusive content and special reporting that can help you achieve more in your professional life.

Bad Rabbit malware raises fears of third global ransomware attack

Computer Weekly

A ransomware attack that has commonalities with WannaCry NotPeya is reportedly hitting organisations in Russia, Ukraine, Turkey, Bulgaria and Germany

Malware downloaded every 81 seconds, says new Check Point security report

Tech Republic Security

A new report from Check Point claims that the average day in an enterprise organization is rife with malware and malicious applications

Malware that took down Ukraine power grid could be used in US, report says

Tech Republic Security

A threat report from security firm Dragos indicates that a malware framework called CRASHOVERRIDE could be behind the 2016 cyberattack in Ukraine, and could come to other countries

New malware attacks safety systems

IT Manager Daily

Emergency shutdown systems have been targeted by a new malware attack. Threat: A malware attack called TRITON targeted control systems that provide emergency shutdowns for industrial processes. Damage risk: The malware can reprogram the SIS to allow unsafe conditions, leading to physical hazards and threats to human safety. The post New malware attacks safety systems appeared first on IT Manager Daily. IT Security Special Report malware triton

The state of malware: 4 big takeaways from AV-TEST's 2016 report

Tech Republic Security

The new report details increased risks to Android and Apple products and the top 10 Windows malware programs of 2016. Here's what your business needs to know to stay safe

Technology Context From the Verizon Data Breach Investigations Report (DBIR)


For a decade now the cyber security community has been treated to important strategic context coordinated by Verizon in their Data Breach Investigations Report (DBIR). The information in the report can help drive strategic planning for enterprise technologists and members of the enterprise cyber security team and it is well worth a read by any CTO, CIO, CISO and most other members of enterprise technology teams. For more see: Data Breach Investigations Report (DBIR).

Report 312

Popular malware scanner compromised by malware

IT Manager Daily

If you’ve been using CCleaner for 32-bit Windows machines, you might want to evaluate those systems and run an actual malware scan. In a spooky twist, recent versions of CCleaner have been installing malware programs rather than getting rid of them. But the program was vulnerable to a disguised malware attack, threatening the data of those 2 billion users. was installing malware programs onto machines it was downloaded onto.

Report: 2016 saw 8.5 million mobile malware attacks, ransomware and IoT threats on the rise

Tech Republic Security

Mobile malware attacks increased more than three times between 2015 and 2016, according to a new report from Kaspersky Lab. Here's what you need to know

Lastline: Stop Evasive Malware, Persistent Threats and Zero Days


Lastline Enterprise and Analyst deliver protection against targeted attacks, advanced persistent threats (APTs), zero-day exploits, and other advanced malware that bypass traditional signature-based controls and sandbox-based analysis systems. Registering as a CTOvision Pro member provides unique insights, exclusive content and special reporting that can help you achieve more in your professional life.

How to protect computers that store biometric data from malware

Tech Republic Security

More than a third of systems that handle biometric data were hit by at least one malware infection in the third quarter of 2019, according to a new Kaspersky report

Cyber attacks on at least three Asian banks share malware links

Computer Weekly

Cyber attacks on banks in Bangladesh, Vietnam and the Philippines used the same malware, which has links to other attacks on banks in the region, reports Symantec

Businesses beware: Smartphone malware rises 400% in 2016, Nokia reports

Tech Republic Security

Android smartphones and Internet of Things devices are increasingly at risk of attack, according to a new Nokia report. Here's how to keep your business safe

Report: Destructive malware and targeted cyberattacks on the rise in 2017

Tech Republic Security

Security firm Kaspersky Lab's threat report for Q2 2017 noted that malware disguised as ransomware will likely be a big problem this year, along with attacks targeting energy companies

McAfee report reveals five challenges to cyber threat intelligence

Computer Weekly

McAfee Labs’ latest report details the challenges facing threat intelligence sharing efforts and reveals growing trends in malware, ransomware, mobile malware and other threats

Sophisticated Self-Destructing Equation Malware Infects Thousands of Servers Worldwide

Data Center Knowledge

A group called Equation has reportedly been using multiple types of malware since 1996 to stage cyber attacks. Read More. Shared

These are the 15 Top Cyber Threats Now

SecureWorld News

The European Union Agency for Cybersecurity (ENISA) just published its Threat Landscape 2020 report. First, however, let's look at the top 15 cyber threats organizations face right now, according to the report: Malware. Trends in Malware attacks.

Mobile malware increasingly being used for espionage by state-sponsored groups

Tech Republic Security

State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry

How to Remove Malicious Code, Malware from Websites?


Information Technology Blog - - How to Remove Malicious Code, Malware from Websites? The main reasons how website get hacked or infected with malware are: Phishing. Malware. Do you want to remove malware, malicious code and from a website and clean it? Malware injections. If you are looking for priority malware removal from WordPress or Joomla, then SiteGuarding will help you to clean within 1-3 hours. Detailed report of the investigation and removal.

ACC Foundation Releases Extensive State of Cybersecurity Report


The Association of Corporate Counsel (ACC) Foundation has released the largest study of its kind on corporate cybersecurity, the result of the study is: The State of Cyber Security Report. The report highlights cybersecurity issues for more than 1,000 corporate lawyers at 887 organizations worldwide. The State of Cyber Security Report addresses: One-third of in-house counsel have experienced a data breach. Katie Kennedy.

Report 163

Non-malware attacks are on the rise

Network World

Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black. Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says.

Bidding Open on DHS’ $6B Security Hub, House report stresses sharing


House report tells federal, local law enforcement to work on sharing – “The House Homeland Security Committee on Friday issued a plea to further empower fusion centers, the regional agencies tasked with analyzing and sharing local crime data with local, state and federal officials.” By Ryan Kamauff Here are the top news and stories of the day.

Google Apps possibly downloading malware onto your device

IT Manager Daily

Google Apps may be allowing bad actors to install malware on your device via a security flaw. Threat: The Google Apps Script, used for apps like Google Drive, has a security vulnerability that could allow hackers to deliver malware to a user’s computer using Google Drive URLs. Damage risk: The vulnerability supports automatic downloads of malware and social engineering plans to convince users to run the malware once it’s been downloaded.

Cybercriminals increasingly using SSL certificates to spread malware

Tech Republic Security

Enterprises that don't perform adequate SSL inspections are now at a much higher risk to be breached or attacked, according to a Menlo Security report

'Invisible' malware hidden in trusted software, infiltrating enterprises worldwide

Tech Republic Security

A recent Kaspersky Lab report detailed a targeted attack of 'invisible' malware that utilizes legitimate software to hide in server memory. Here's what you need to know

Ransomware Evolves: Entire Hospital Including Emergency Rooms Disrupted


For more details on the attack see this NBC Los Angles Report. But still the malware gets in. The malware gets in. You can block and patch and try your hardest to prevent, but the bad guys will innovate and eventually malware gets in. Which leads to this advice: Work hard to prevent ransomware and other malware attacks by using best practices, and have your approach validated by an external assessment (see Cognitio ). Bob Gourley.

Crash Override: Malware that took down a power grid may have been a test run

Network World

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US. The malware, dubbed Crash Override in the Dragos report ( pdf ) and Industroyer in the ESET report ( pdf ), has nothing to do with espionage and everything to do with cyber-sabotage.

Hackers are working harder to make phishing and malware look legitimate

Tech Republic Security

A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses

Report: Financial firms still losing customer data to malware and hackers

Tech Republic Security

Capital One mega breach in March 2019 was the third worst data loss ever

2015 Cyberthreat Defense Report Reveals Cyberattacks Rising and Confidence Sinking


The more fact-based reports based on forensics are much more important (this brings to mind what John Oliver said about opinions vs facts ). Phishing, malware, and zero-days top of mind. Of 10 designated categories of cyberthreats, phishing/spear-phishing, malware, and zero-day attacks are perceived as posing the greatest risk to responding organizations. By Bob Gourley.

Report 300

IoT is a gold mine for hackers using fileless malware for cyberattacks

Tech Republic Security

A new report recommends a shift to perimeter-less security strategies Data exposure is one of the biggest threats from attacks on IoT devices.

How to defend your organization against browser-hijacking malware and ransomware

Tech Republic Security

Network attacks more than doubled this past quarter versus the prior quarter, according to a new report from security provider WatchGuard

Russian hacker tried to bribe a Tesla factory worker to install malware

Mashable VR

That appears to be the thinking of a least one Russian man, who the FBI arrested and who has been charged with attempting to pay a Tesla Gigafactory employee in Nevada to instal malware on the company's network. Why hack, when you can socially engineer your way in?

Microsoft Takes Down Massive Botnet Before 2020 Elections

GizModo VR

Microsoft has obtained a court order to seize servers the company says are part of the Trickbot botnet ahead of the 2020 elections, the Washington Post reported on Monday.

The Locky Saga Continues: Now Uses.odin as File Extension

Doctor Chaos

Aside from this, in this report we will also examine some of its other minor […]. Malware malware ransomwareAs a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” odin” extension to its encrypted files. This is now the third time that the extension has been changed.

New phishing email campaign impersonates US postal service to deliver malware

Tech Republic Security

The same threat actor has been observed targeting companies in the US, Italy, and Germany, according to a new report from security provider Proofpoint