News May 22, 2023

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7…

News March 29, 2023

Hack-for-Hire Groups May Be the New Face of Cybercrime

4 min read - Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns.…

Cloud Security October 13, 2022

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

5 min read - IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides…

Data Protection June 28, 2022

Digital Shadows Weaken Your Attack Surface

4 min read - Every tweet, text, bank transaction, Google search and DoorDash order is part of your digital shadow. We all have one, and the contents of your shadow aren’t always private. For example, in April 2021 attackers leaked data containing the personal information…

Advanced Threats June 23, 2021

Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy

9 min read - Contributed to this research: Segev Fogel, Amir Gendler and Nethanella Messer. IBM Trusteer researchers continually monitor the evolution and attack tactics in the banking sector. In a recent analysis, our team found that an Ursnif (aka Gozi) banking Trojan variant…

News April 21, 2021

Google Blocks Remote Access Trojan Targeting Android

2 min read - Clast82, a malware dropper that helps attackers spread the AlienBot mobile remote access Trojan and malware-as-a-service, has been detected on Google’s Play Store. After Clast82 sought to evade Google’s detection, it was patched in February. Read on to find how enterprise can…

June 2, 2020

Trickbot Using BazarBackdoor to Gain Full Access to Targeted Networks

2 min read - Security researchers observed the Trickbot operators using a new backdoor called "BazarBackdoor" to gain full access to targeted networks.

May 12, 2020

Astaroth Trojan Employed YouTube Channels as C&C to Evade Detection

2 min read - A new variant of the Astaroth Trojan family employed YouTube channels for command-and-control (C&C) functionality in order to evade detection.

Malware April 13, 2020

Grandoreiro Malware Now Targeting Banks in Spain

6 min read - A familiar malware threat called Grandoreiro, a remote-overlay banking Trojan that typically affects bank customers in Brazil, has spread to attack banks in Spain.

March 30, 2020

Weekly Security News Roundup: 24 Children’s Gaming Apps Laden With Tekya Clicker

2 min read - Researchers found a new clicker malware called "Tekya" hidden within 24 children's games on the Google Play store. Read on to learn what else happened last week in security news.