Cybercrime

Pierluigi Paganini February 17, 2013
Zeus hit five major banks in Japan

Zeus malware is considered the most popular and prolific malicious code for banking, it is one of the privilege agent by cybercrime the use to sell various customized version in the underground to conduct sophisticated frauds. Security community has found it in different occasion and anyway it was a surprice, the malware has evolved in […]

Pierluigi Paganini February 14, 2013
Botnets for rent, criminal services sold in the underground market

Internet is becoming a mine for criminals that in easy way are able to access to any kind of resources to arrange a cyber attacks, a cyber espionage campaign or a complex banking fraud. What is very scaring is the simplicity with which it is possible to acquire any kind of criminal services in the underground […]

Pierluigi Paganini February 09, 2013
Whitehole Exploit Kit in the wild

Exploit kit, a name which has become depressingly familiar, crimaware kit that contains malicious code to exploit principal vulnerabilities in large consume product such as browsers, last news is that a new kit named Whitehole has emerged on the underground market. Generally the exploit kits are malicious Web-based applications designed to install malware on computers […]

Pierluigi Paganini January 31, 2013
How PokerAgent botnet has stolen Facebook credentials

We never tire of repeating, social networks are an ideal conduit, due their large diffusion, for the spread of malware, they are used by cybercrime to realize complex fraud schema and by military to conduct offensive operations or cyber espionage campaigns. ESET Security Research has published an interesting analysis on the ‘PokerAgent’ botnet detected during 2012 […]

Pierluigi Paganini January 28, 2013
Dissecting a mobile malware

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm […]

Pierluigi Paganini January 19, 2013
Bouncer, new phishing variant from RSA

Despite simplicity of the schema phishing attacks have increased exponentially in the last years targeting every sector,both public and private. RSA’s October Online Fraud Report 2012 revealed a worrying scenario, phishing attacks increased up 19% over the second half of 2011, the total loss for various organizations has been estimated to $2.1 billion over the last […]

Pierluigi Paganini January 17, 2013
Red October, RBN and too many questions still unresolved

The recently discovered cyber espionage campaign “Red October” has shocked world wide security community, the principal questions raised are: Who is behind the attacks? How is possible that for so long time the campaign went undetected? Which is the role of AV company in these operations? To try to understand who is behind the attacks […]

Pierluigi Paganini January 12, 2013
New security problem for Oracle Java software

The year is start way for Oracle Java platform, a new Java 0-day vulnerability has been discovered and worldwide security community is very concerned on the potential effect of the bug. We have discovered how much dangerous could be the exploit of a zero-day vulnerability especially against institutional targets and governments (e.g. Elderwood project), state-sponsored hackers […]

Pierluigi Paganini January 09, 2013
My reading of the “ENISA Threat Landscape” report

The European Network and Information Security Agency (ENISA) is the EU’s agency responsible for cyber security issues of the European Union, its last report “ENISA Threat Landscape – Responding to the Evolving Threat Environment”, summarizing the principal threats and providing also useful indication on the emerging trends. The report proposes the list of top threats […]

Pierluigi Paganini January 03, 2013
Hackers, a need for cyber security

Ten years, that is the time interval that has totally changed the worldwide perception for the role of hacker, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors. Which are the reasons for their success? The world has acquired awareness on […]