In this blog post I will talk about Microsoft’s example of how to implement a multithreaded pipe server on Windows, and specifically about a race condition in that code which has security implications for applications that use it.
New Petya Ransomware is spreading fast and appears to be more lethal than ransomware we’ve seen before. Learn more in this latest blog post and see how it can be prevented with Minerva
RATs are like the attackers' Swiss Army Knife. Learn how they sneak past your security products.
How the UIWIX ransomware uses evasion techniques to bypass existing security defenses to target endpoints.
The outbreak of WannaCry ransomware has caused enterprises to examine their approach to safeguarding endpoints. Lenny Zeltser, our VP Products, reflects on endpoint security architecture in the aftermath of WannaCry
Caught in the middle of a malware outbreak without sufficient preventative mechanisms, how can the organization contain the malicious program, to give itself the opportunity to remediate the underlying issues and restore business operations? Read More…
To assist organizations and individuals who may be concerned that human error may infect their endpoints with WannaCry, we have released a free, downloadable tool that automatically immunizes your endpoints.
A common strategy used in ransomware attacks is to cloak malicious actions within legitimate looking programs. This combination allows the ransomware to bypass existing security defenses and avoid detection.
Spora is presently among the most common ransomware families. We released a free tool, which offers a proof-of-concept approach for generating the Spora infection marker, preventing all Spora infections that we’ve seen to date.
Last week, Minerva prevented a new malware variant that was distributed via phishing emails in south-east Asia. This threat is not an impressive APT, yet – during the first couple of days after its release it wasn't detected by the vast majority of security solutions.
Protecting an enterprise from advanced cybercriminals is a major challenge. Carbanak-style attacks emphasize the difference between existing products which detect a compromise in a machine, unfortunately after it is already too late and the Minerva Anti-Evasion Platform, which prevents the infection before any damage is done.
CryptoLuck is a new ransomware variant, hiding within a legitimate Google-signed application. Minerva's innovative solution prevents this attack.
The Ohagi campaign was exposed by Minerva about six months ago. After reaching a dead-end in our investigation we shared the information we collected with the infosec community, asking researchers all around the world to contact us if they can shed light on Ohagi’s purpose. Our patience has finally been rewarded.
Hancitor is a downloader-type malware that's been out there for almost two years. Minerva's malware research team has recently detected a new Hancitor variant, spread via a massive phishing campaign.
Six weeks ago both Palo Alto Networks and CrowdStrike released reports regarding a highly advanced attack by a group dubbed APT28, Sofacy or COZY BEAR, linked to an unknown Russian intelligence agency. This was the same malware that hit the DNC. Minerva stops this malware variant without any prior knowledge whatsoever!
This ransomware “population explosion” is making life very difficult for security vendors. Because of the way some security vendors designed and engineered their products, they are forced to chase each new ransomware family and its unique characteristics.
Malware authors imagination works extra-hours when it comes to creating new ransomware strains. In the saturated underground market of this specific malware type they constantly try to improve and "brand" their product in various creative ways.
During the last couple of decades, the healthcare industry went through a big transformation – integrating advanced computer solutions almost in all of their services. Unfortunately, cyber-criminals are always looking for new opportunities – and the Healthcare sector became a prime target for cyber attacks.
In order to control spending there has to be a paradigm shift from Detection and Response to Prevention which will in turn help lower security spending.
Minerva Anti-Evasion Platform uses the malware’s strength of circumventing other security solutions against itself prior to malicious code being installed at the endpoint. This gives our customers the peace of mind of knowing the malware is stopped prior to any damaging being done.
IronGate is a multi-stage malware, written in Python and compiled to a windows executable by PyInstaller. In order to evade detection, it uses virtual machine detection techniques. This enables the malware to sneak through sandbox solutions which fail to hide the fact that they are running over virtualization infrastructure.
Security researcher @benkow recently spotted the appearance of the Mossad’s emblem in very different and odd context – the command and control infrastructure of a POS malware called TreasureHunter which contained what he called a "funny Jewish C&C".
Fileless malware is a rapidly rising trend that Kaspersky Labs highlighted in their predictions for 2016. Bedep belongs this class of malware, as it runs within the browser process and leaves practically no traces of its activity, making its detection and analysis a real challenge.
An exploit kit (EK) is a software product sold on the underground market, designed to run on top of web servers in order to spread malware to victims browsing to infected websites. EKs first try to detect vulnerabilities in the victim's browser or its plugins, and then try to execute an exploit against the specific detected product configuration.
USB Thief, utilizes a unique method to infect its victims – spreading through portable apps and disguising itself as one of the app’s DLLs. The “USB Thief” deploys in four different stages, each designed to prevent the malware from executing in hostile environments.
Minerva's Research team have been on the hunt for emerging threats. In recent months we have observed the use of new reconnaissance and cookie stealer malware. This type of activity might suggest an ongoing intelligence gathering operation in preparation of future infiltration. In order to shed more light on this activity we decided to share our findings with the rest of the community.
At the moment, Ransomware is the hot button issue for information security professionals world wide. Malware authors are aware of this, and know that each minute their ransomware remains undetected can translate to thousands of dollars in ill-gotten gains. For ransomware “flying under the radar” is a unique challenge. Unlike Trojans which are “silent” by definition, ransomware actually notifies the intended victim of its’ infection...
Since 2012 ransomware has been an ever-growing threat. It inflicts catastrophic damage to endpoints, making it one of the most familiar types of computer threats and is well-recognized even by non-techies.
Ransomware are an awful damaging threat to every enterprise. Therefore we developed a unique patent pending, new method for remediating damage done by ransomware, such as Cryptolocker, Cryptowall, CTB-Locker, Teslacrypt, Valutcrypt etc.
Crypters are tools used by attackers to change the binary signature of a malware while keeping its original functionality intact. The main reason for using them is to evade detection. Last week Joe Giron, a security researcher, released a new crypter (joecrypter). We decided to check it out.
Duuzer is a backdoor detected by Symantec’s researchers, targeting mostly the manufacturing industry in South Korea.
The Middle East has been a cyber warfare hotspot for almost a decade now, a theatre for some of the most advanced threats the world has ever witnessed. In between those highly advanced attacks, more and more attackers possessing only a basic set of skills started to pop up – spreading well known RATs, obfuscated with generic publicly-available packers.