Tag Archives: Zero-Day

10Fold- Security Never Sleeps- 151

Zero-day threats make up 30% of malware in new WatchGuard cybersecurity study

“Antivirus softwares struggle to keep up”

Seattle-based WatchGuard Technologies recently released a report outlining the increasing challenges to firm antivirus softwares. According to the security research firm, 30% of malware circulated in the last three months of 2016 is under the classification of ‘zero-day’ code. This means that antivirus companies have yet to construct any real defense mechanisms, providing serious concerns for firms of all fields.

Fake Flash Player Ads in Skype Lead to Malware

“Malvertising campaign on the rise”

Skype has recently been targeted by an aggressive malware hidden in Flash Player code. Users reported on Skype and Twitter that the Skype program was forcing a download for an update of Flash Player, posting screen caps of the events. The faux update, ‘FlashPlayer.hta,’ was serviced by the in-application messaging servers.

Self-Deleting Malware Makes ATMs Spit out Cash

“One of the most sophisticated ATM heists”

Cyber criminals have been involved in a highly specialized bank hacking network, security researchers have found. Fileless malware and ATM malware have been using self deleting codes that engage the machines cash-dispensing function without the draining of any account. While these attacks have been escalating, they are not new, such as notable switches of software usage and the hacking of government agencies.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 147

“Huge security hole in many products”
The second largest world producer of IoT devices, Dahua, has released a software update that has gaping security deficiencies in several of popular products including DVR’s and cameras. These internet connected gadgets are vulnerable to login bypasses and remote access to various systems. Additionally, code is available online that would allow exploitation of massive numbers of these types of ‘smart’ devices online by one user, creating DDoS attack concerns among security researchers.
“General technology concerns ease”
The stockpiling of zero-day vulnerabilities by various intelligence agencies to use in offensive capabilities for cyber battle is not quite as dangerous as once predicted, says a new RAND study. Tactical benefits accrued from the collection of the data result in greater outcomes from public disclosure.
 
“Malicious software not part of official ROM”
Check Point Software Technologies posted a blog last Friday detailing the installation of malware of several android devices sold to two firms. The malware was added somewhere along the supply chain, but was not included by the official ROM made by the manufacturer. Many of the phones affected with a ROM using system privileges, meaning that a complete re-installation of all software programs to remedy the problem.
Enjoy your read? Check out our other content here.