On Tuesday, a number of Ukrainian banks and financial firms, including the state power distributor, were hit by a cyber attack disrupting operations, according to the Ukrainian National bank who said an “unknown virus” was to blame. We will share some of our findings, explaining why Votiro’s customers are protected from that attack. Today, the…
The Necurs botnet, mentioned in our blog last month, has been used as a way to spread the JAFF ransomware and, has since been spotted once again. This time it’s spreading the TrickBot banking Trojan. The infection chain is still the same as it was with the JAFF campaign, by using an email with a…
Early May 2017, members of Google’s Project Zero discovered critical flaws in Windows Defender – specifically in MsMpEng.exe, which is the Windows AntiMalware Service Executable. These flaws leave users exposed to severe risks from various attack vectors. Tavis Ormandy, a Google Project-Zero [1] researcher explained: On workstations, attackers can access MsMpEng by sending emails to…
Early May 2017, members of Google’s Project Zero discovered critical flaws in Windows Defender – specifically in MsMpEng.exe, which is the Windows AntiMalware Service Executable. These flaws leave users exposed to severe risks from various attack vectors. Tavis Ormandy, a Google Project-Zero [1] researcher explained: On workstations, attackers can access MsMpEng by sending emails to…
A new trick utilizing PDF attachments is enabling a widespread bot network to become even more widespread. The trick, which cleverly conscripts PDF files to spread malware, has been used to great effect by the hackers behind the Necurs botnet. Long-known and long-used by hackers, Necurs is an especially versatile botnet that is able to…
Earlier this month, we a massive campaign, that affected tens of thousands of businesses and organizations in over 100 countries around the world. And, just like every other attack, encrypted the machines of its victims demanding an initial ransom of $300 in and more than double that amount after the initial 72 hours had passed….
Introduction the last couple of months, we’ve seen several new waves of Dridex banking malware where on the latest c, a new RTF 0-day vulnerability was successfully exploited and used against millions of targets, mainly in Australia, as spotted in the wild. The primary objective of Dridex malware is to steal banking information from users…
Introduction Hackers have many tricks up their sleeves, from large exploits to small – and Flanker017, a security researcher from China has recently discovered one of the smallest – a remote code execution triggered by malformed GIF that allows a hacker to install a malware “on the sly.” The vulnerability means that, once again, users…
The first few months of 2016 have turned out to be quite fruitful for malicious groups and individuals launching ransomware attacks. Among the organizations that have been hit are the New York Times, the BBC, the NFL, and AOL. Although this type of attack has always been a favorite tool among hackers, the rise of…