HP Revokes Digital Certificate Used to Sign Malware

by on | Leave a comment
Filed under Industry News and tagged , , , .

malware certificate

As reported by Krebs on Security, HP has performed the cyber security equivalent of a “my bad” by quietly advising customers of a digital certificate that had been used to sign malware in May 2010. The certificate, which was initially signed in error, was revoked by Verisign at HP’s request on October 21, 2014. Continue reading

DGAs: A Domain Generation Evolution

by on | Leave a comment
Filed under Research Lab and tagged , , , , , , , .

dga evolution

You may remember hearing about Domain Generating Algorithms, aka DGAs, from our coverage of the PushDo malware or from the malware we dubbed DGA.Changer, or more recently from our post on the Tinba Trojan. Malware threats that contain DGAs are not new, but they are more difficult to prevent and detect.

The experts in Seculert’s Research Lab have identified an increasingly disturbing trend in the use of DGAs by cyber criminals. Continue reading

Better Results, More Incident Format Options [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged .

iStock_000026381109Small

What’s New in Seculert Version 2.1.1

New Information in Elastic Sandbox Analysis Results
Seculert’s Elastic Sandbox analysis results now indicate if a communication was found to a known Command and Control (C&C) server. In addition, to ensure that you always access the most up-to-date data, every time you view the results it is checked against the live C&C list. Continue reading

SECURITY INFOGRAPHIC: Why the US Needs More Cyber Security Professionals

by on | Leave a comment
Filed under Industry News and tagged , , .

security professionals

In a blog post published in back in May, my colleague Doug McLean wrote that an enterprise’s attempt to find experienced, knowledgeable, and (reasonably) affordable Security Analysts these days is no longer a traditional human resource effort, but more like “searching for unicorns”. Continue reading

Attention Kmart Shoppers: Your Data May Have been Stolen

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , , , .

kmart blue light special

Move over “clean up in aisle 3”. There’s a more important announcement for Kmart shoppers coming over the P.A. system — or rather, published on the company’s website in a bulletin from President and Chief Member Officer Alasdair James: bad actors have breached the Point of Sale (PoS) system. Continue reading

“Backoff” Malware Hits Dairy Queen

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , , , .

malware dq

If you visit the Dairy Queen website, you’ll find all kinds of stuff you’d expect – like information about tasty frozen treats, a location finder, a trip planner, special promos, and more — and one thing that will take you by surprise; unless you happen to work in the network security field, and as such this probably won’t faze you at all: a bulletin from the CEO advising customers of a malware attack. Continue reading

Malware Attack at Staples: “That Was Easy”

by on | Leave a comment
Filed under Breach Diaries, Industry News and tagged , , , .

malware attack easy

Krebs on Security is reporting that bad actors have apparently smacked their version of the “easy button” in a malware attack targeting Staples stores in the US Northeast, including seven in Pennsylvania, three in New York City, and one in New Jersey. Continue reading

Security Executives: Is Your Board Meeting A Battlefield?

by on | Leave a comment
Filed under Industry News, Security 101 and tagged , , .

board meeting battle

CISOs preparing for their next board meeting — or perhaps steeling themselves up for their next battle — may find it valuable to heed the advice of BitSight CTO’s Stephen Boyer, who in a recent CSO article highlighted some tips on how to move past the all-too-common deadlock between security executives and board members. Continue reading

Unpatchable BadUSB Malware Released by Security Researchers

by on | Leave a comment
Filed under Industry News and tagged , , , .

usb malware

At the Black Hat conference in August, security researcher Karsten Nohl demonstrated an emerging risk on the cyber threat landscape that he dubbed “BadUSB”: virtually unpatchable malware that resides in the core of a USB device, rewrites its firmware to stay undetected by anti-virus products, and proceeds to infect everything that it attaches to. Continue reading