malicious code - Security Intelligence

A long hallway in a computer-server room.

news

WordPress Sites at Risk From PHP Code Execution

New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.

July 18, 2017 | By Mark Samuels

news

A smartphone with application icons coming out of the screen.

news

New Malware Gets Stronger by Using Real Apps in Banking Attacks

New malware is infiltrating bona fide apps, making banking Trojans harder to detect. Fortunately, it can be shut down if it is detected in time.

July 17, 2017 | By Shane Schick

news

Padlock and credit card on white keyboard

news

Let’s Get Physical: Malicious Script Magecart Expands Impact With Fraudulent Mail Forwarding

Malicious script Magecart is still going strong, allowing threat actors to hire U.S. mules to ship fraudulently purchased goods.

July 13, 2017 | By Douglas Bonderud

news

A blue door against the tan siding of a house.

article

Did Your Developer Leave a Website Backdoor?

A Dutch developer stole e-commerce customers' login credentials using a website backdoor and admin access that former employers had neglected to revoke.

February 9, 2017 | By Christopher Burgess

article

IBM Research's anti-ROP solution acts like a moving target, randomizing files to prevent attackers from misusing legitimate code. Criminals building an ROP attack can no longer calculate the shift of one gadget to infer that of another.

article

Anti-ROP: A Moving Target Defense

IBM Research — Haifa recently developed a solution that acts like a moving target, randomizing files to safeguard against ROP attacks.

September 1, 2016 | By Ayman Jarrous

article

Code hooking can be used for both good and evil. While security teams can use the technique to detect malware, malware authors can implement it to make it more difficult for security systems to detect their criminal activities.

article

The Increasing Dangers of Code Hooking

Cybercriminals use code hooking to intercept OS function calls to alter or augment their behavior. The technique is becoming more popular and dangerous.

August 29, 2016 | By David Strom

article

Pastejacking is a threat vector allowing cybercriminals to infect machines through the use of hidden malicious code. Users are tricked into pasting this code onto their devices, which leaves the door open for actors to wreak havoc.

news

Pastejacking: The Clipboard Copy Concern?

A new exploit called pastejacking results in victims unwittingly infecting their own machines thanks to malicious code hidden in seemingly normal text.

May 26, 2016 | By Douglas Bonderud

news

Cybercriminals are using cross-site scripting to trick browsers into thinking that malicous code is actually legitimate. This type of attack has been around since 1995, when the JavaScript computer language was first introduced and used.

article

Cross-Site Scripting Attacks Pose Ongoing Threat

Cross-site scripting (XSS) attacks exploit Web design tools to sneak malicious scripts onto users' browsers. Preventive measures can minimize the risk.

January 19, 2015 | By Rick M Robinson

article

Rising Use of Malicious Java Code for Enterprise Infiltration

Fifty percent of the exploits observed by Trusteer and IBM X-Force Research in December 2013 targeted Java vulnerabilities.

March 3, 2014 | By Dana Tamir

article

Half a Billion Reasons Why Data Security Still Faces Major Challenges

Latest security trends—from malware delivery to mobile device risks—based on data and ongoing research from the IBM X-Force Research team on today’s security threat landscape. Wherever you go, attackers will follow as security attacks are...

February 24, 2014 | By Leslie Horacek

article

Tag: malicious code