Dell has been shipping laptops with a rogue Root CA pre-installed, similarly to what happened earlier this year with SuperFish installed on Lenovo laptops. We will show how it is possible to abuse the root CA to steal user’s data and how to safely remove it.
Poweliks (actually we should say Kovter) is a well-known and studied click-fraud malware that made its first appearance in early August 2014, it became famous very quickly due the fact that it used a persistence mechanism that allowed it to be fileless on disk, taking advantage of the Windows Registry and also because it adopted new techniques to stay persistent on the system. Its evolution apparently never stopped, in this post we will analyze what appears to be a new strain of the malware with an incredibly low detection rate.
Cyber security is a hot topic. Quite frankly it always was an interesting subject, though today threats have been advancing at an alarming rate, companies are increasingly more concerned about their data, especially after the amount of data breaches reported this year and actively pursuing strategies to build better guards for their intellectual property.
Continue reading “Must know before buying an endpoint security system”
Ransomware is a type of malicious software (known as malware) that restricts, using encryption, access to data on your computer. Once the restriction takes place, a ransom is requested to unblock your data and if paid the restriction is removed, in theory. In principle, ransomware is a simple threat, yet one that has caused a lot of pain and expense in recent months due to its increasing popularity. The purpose of this article is to give a quick overview of ransomware, keeping it as simple as possible.
Continue reading “Ransomware – A Quick Overview”
On the 4th of August one of our customers reported an infection attempt on one of their machines. In their deployment ReaQta-core is used to augment the security of their signature-based enterprise endpoint protection system, so an infection attempt detected by our solution is a sign that the AV missed the threat. Usually this either means that the attack is targeted or that the malware is brand new, let’s find out together the result of our investigation.
Continue reading “Analysis of an Undetected Dridex Sample”
Eset published the analysis of Dino, a recently discovered APT that seems to be tied to the Animal Farm, the same group that allegedly developed Casper, Babar (previously analyzed by ReaQta) and Bunny.
Adobe released in April 2015 an update to patch CVE-2015-3043 that was being exploited actively in the wild by (but not only) threat actor APT28 during the operation RussianDoll. The vulnerability was a heap overflow in the FLV audio parsing engine, in particular the culprit was a hardcoded heap buffer length of 0x2000 bytes, the attackers simply had to provide a source capable of bypassing the length check and overwrite a buffer with more than 0x2000 bytes.