New ransomware, old techniques: Petya adds worm capabilities
On June 27, 2017 reports of a ransomware infection began spreading across Europe.
-
-
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security
On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. -
WannaCrypt ransomware worm targets out-of-date systems
In this blog, we provide an early analysis of the end-to-end ransomware attack. -
Tech support scams persist with increasingly crafty techniques
Technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims. -
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. -
Uncovering cross-process injection with Windows Defender ATP
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. -
Breaking down a notably sophisticated tech support scam M.O.
The cornerstone of tech support scams is the deception that there is something wrong with your PC. -
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. -
Office 2013 can now block macros to help prevent infection
In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet. -
Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. -
Kovter becomes almost fileless, creates a new file type, and gets some new certificates
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs.
