Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store. We named the malware “AbstractEmu” after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads.

The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute force credential attacks targeting Remote Desktop Protocol (RDP) to gain access to targets’ networks.

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

Viruses are the hot topic of 2021. We’re not just talking about the COVID-19 virus. Computer viruses, identity theft, and threat actors are no longer just the subject of sci-fi films and crime shows, but a reality of running a business. More than ever, cybersecurity is top of mind for business leaders. Whether you are a Fortune-500 Company or just launching your first venture, no business is too big or too small to escape the realities of today’s cyber threats.

The Tsunami malware is back! Although it appeared for the first time several years ago, the Sysdig Research Team has just discovered a new sample of Tsunami malware targeting Jenkins and Weblogic services deployed in Kubernetes clusters. The Tsunami malware is a backdoor that gives the attackers full control over the infected systems. Indeed the targeted machines, once infected, communicate with an IRC server waiting for new commands to be executed.

BazarLoader (sometimes referred to as BazaLoader) is a popular downloader among criminals, used to distribute multiple malicious payloads including Ryuk and Conti ransomware. According to a recent report by Phishlabs, during Q3 2021 this malware accounted for 24.7% of all attacks, earning the unwelcome accolade of being the most common payload.

Following a series of headline-grabbing ransomware attacks that disrupted critical services in the US, FBI Director Christopher Wray likened the threat posed by ransomware to the September 11 terrorist attacks of 2001. According to Wray, recent attacks against one of the largest oil pipeline operators in the United States and a major meat processing operation may be just a harbinger of what is to come.