News

So you’ve no doubt heard about WannaCry (or wCry or WanaCrypt), running rampant and infecting significant public organisations across the globe (Kaspersky Lab have seen evidence of 74+ Countries infected during the initial 24 hours, with other reports estimating some 200,000+ machines now impacted across 140+ countries).     So how does it work? WannaCry
Read More
Vulnerability:   A new vulnerability has been found in all versions of WordPress up to and including the current release (4.7.4).  This vulnerability allows attackers to utilize the password reset functionality in WordPress to obtain the password reset link. Solution: WordPress has not yet released an update to counter exploit attempts, so in the mean time
Read More
SPLUNK Powered SOCs are now able to easily consume Kaspersky Lab’s Threat Intelligence feeds via the Threat Intelligence Feed App for Splunk. A direct correlation exists between the quality of intelligence used and the effectiveness of decisions made on the basis of this intelligence. Relying on intelligence that’s irrelevant, inaccurate or not aligned with your
Read More
Secure-ISS and Kaspersky Lab in conjunction with IT Forum Gold Coast are hosting an event! “Everything you need to know about Cyber Crime” Today’s business world is fast paced and ever changing thanks to new technology; artificial intelligence developments and being connected to the world wide web or Internet. Unfortunately, with every step forward, there
Read More
New Detection Technique – Adups Firmware According to security researchers from Kryptowire, an unknown backdoor built into a specific Android firmware has enabled secret monitoring of popular mobile devices. The user and device information were collected automatically and transmitted periodically to a server in China without the users’ consent or knowledge. The collected information was
Read More

Hackers use Mail Chimp to spread malware

The importance of having strong, unique passwords has become ever relevant this week as the hack of a number of Mail Chimp accounts has come to light.   The hacks do not appear to be part of a widespread breach of Mail Chimp, rather more likely the result of the use of weak, reused passwords
Read More
New Detection Technique – XM1RPC Spam Backdoor A new spam & backdoor campaign targeting WordPress sites has been discovered. It is dubbed ‘XM1RPC’, which refers to the filename ‘xm1rpc.php’ that is being used in the campaign to confuse the administrators familiar with XML-RPC. The malware is known to infect all the sites on the server
Read More
New Detection Technique – NoobCrypt NoobCrypt is a new ransomware family which earns its name due to the taunting messages that the victims receive when they enter an incorrect decryption password. However, the developer behind NoobCrypt made a mistake in which all files for all victims are encrypted with the same encryption key embedded in
Read More
New Detection Technique – ShinoLocker ShinoLocker is a ransomware simulator (or “educational” ransomware) developed by researcher Shota Shinogi as a way for people to test their security performance and utilities. According to the developer, the difference between ShinoLocker and real ramsomware is that ShinoLocker never asks for ransom and you don’t have to pay money
Read More
New Detection Technique – PassCV PassCV is a very active and successful malware family that leverages a wide array of stolen authenticode-signing certificates. PassCV relies heavily on obfuscated and signed versions of older RATs (such as ZxShell and Ghost RAT) to provide backdoor functionality to affected systems via phony resumes and curricula vitae (CVs). We’ve
Read More