October 17, 2016 - In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.
October 17, 2016 - We mobile researchers sometimes classify apps in order to warn users of its presence because of its potential harm, but leave it up to the users' discretion to remove. This is the case when it comes to a subcategory of PUPs called monitors. Monitoring apps are those that can be great tools if you lose your phone, but could also be easily used to spy on an unsuspecting target.
October 17, 2016 - A compilation of notable security news and blog posts from the 9th of October to the 15th. This week, we touched on threat modeling, a PUP, IRS fraud, and laws concerning the usage of social media in the UK.
October 14, 2016 - The UK’s Crown Prosecution Services (CPS) has recently updated its social media guidelines for prosecutors and law enforcement in an effort to aid them in deciding on whether charges can be pressed against internet users based on certain online behaviors.
October 12, 2016 - There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. These models are great, they are thorough, and nobody ever uses them.