Webinjection - Security Intelligence

article

BackSwap Malware Now Targets Six Banks in Spain

IBM X-Force researchers discovered that BackSwap, a banking Trojan that had previously only targeted Polish banks, now has its sights set on six banks in Spain.

August 22, 2018 | By Limor Kessem

article

Bitcoin wallet hacked message on smart phone screen.

article

TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets

TrickBot is getting in on the cryptocurrency gold rush, expanding its operations to target digital wallets and exchanges using serverside injections and other malicious tactics.

February 15, 2018 | By Ophir Harpaz

article

article

New Banking Trojan IcedID Discovered by IBM X-Force Research

IBM X-Force identified a new Trojan, dubbed IcedID, that uses advanced browser manipulation tactics to target financial institutions in the U.S. and U.K.

November 13, 2017 | By Limor Kessem

article

article

Diving Into Zberp’s Unconventional Process Injection Technique

IBM X-Force Research discovered a new variant of Zberp that evades API threat detection tools using a code injection technique it borrowed from Carberp.

October 16, 2017 | By Pavel Asinovsky

article

A notebook and pen with a list of school supplies.

article

The Educator’s Back-to-School Cybersecurity Checklist: Make Mitigating Command Injection a Priority

To protect students, parents and teachers from data theft, academic institutions must adopt comprehensive strategies to mitigate command injection attacks.

August 30, 2017 | By Michelle Alvarez

article

article

A Primer on Cross-Site Scripting (XSS)

XSS is a prevalent web-based exploit in which threat actors inject malicious code into webpages to compromise data or facilitate phishing scams.

July 10, 2017 | By David Strom

article

A chef using a digital tablet while preparing a meal.

article

Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking?

Amid a period of targetless activity, IBM X-Force researchers are wondering where the operators behind the Zeus Sphinx Trojan are planning to strike next.

June 15, 2017 | By Limor Kessem

article

Dark Web Suppliers and Organized Cybercrime Gigs

Suppliers offering cybercrime-as-a-service on the Dark Web are helping organized groups achieve more effective bank fraud schemes.

February 11, 2016 | By Limor Kessem

article

Security researchers recently discovered new variants of Zeus Sphinx and the Kronos banking Trojan in the wild, where they are targeting banks in the U.K. and a few other countries. This malware aims to steal user credentials for fraudulent transactions.

article

UK Banks Hit With New Zeus Sphinx Variant and Renewed Kronos Banking Trojan Attacks

IBM Security X-Force researchers have discovered instances of the Kronos banking Trojan and Zeus Sphinx malware being used by cybercriminals in the wild.

October 2, 2015 | By Limor Kessem

article

Protecting data is always of paramount importance, and the need to secure information could encourage Internet users to switch from the RC4 encryption algorithm to other forms of protection — especially now that NOMORE attacks are entering the spotlight.

news

NOMORE Attack Method Shows RC4 May No Longer Be a Reliable Way to Encrypt Data

Researchers say it may be time to look beyond the RC4 algorithm to secure Web connections after they discovered an attack method called NOMORE.

July 22, 2015 | By Shane Schick

news

Tag: Webinjection