Dota3: Is your Internet of Things device moonlighting?

Dissecting the evolution of malware gives researchers insights into the knowledge of, and development processes used by, malware authors. Dota3, active in the wild, offers a unique opportunity to examine

Share
GoMiner Mutates and Spreads via Public Cloud Storage Providers

Juniper Threat Labs discovered a family of Monero Miners that spreads through cloud storage providers such as OneDrive, Google Drive and Dropbox. It also has the ability to mutate or

Share
MageCart Skims Credit Cards from FocusCamera.com

Late in December 2019, someone I know received a notification from their credit card company stating a transaction for a purchase of substantial value was pending. Not recognizing the transaction,

Share
Stalking Stalkerware: A Deep Dive Into FlexiSPY

In October, the FTC announced it had reached a settlement effectively shutting down Retina-X Studios, maker of MobileSpy, PhoneSheriff and TeenShield. According to the FTC: “Retina-X did not make sure

Share
CVE-2019-3398: Atlassian Confluence Download Attachments Remote Code Execution

Atlassian Confluence is a collaboration tool that is used by organizations to create and share various documents related to marketing, design specifications, project planning, etc. It can be licensed both

Share
Growing attacks using Accept-Charset exploit

Juniper Threat Labs is seeing a growing attack on Accept-Charset HTTP Header. This request header allows the client to indicate what character sets, i.e., ISO-8859-1 or utf-8,  are available for

Share
How to defend against every day IOT threats

“Alexa, can you tell me which of my Internet of Things devices are vulnerable to an attack?” Echo: “Hmmm, I don’t know that one.” “Alexa, can anyone access my camera

Share
Masad Stealer: Exfiltrating using Telegram

Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Using Telegram as a Command and Control (C&C) channel allows the malware some anonymity, as

Share
RCE Attacks Targeting Misconfigured Open PHP-FPM

On August 7, 2019, Juniper Threat Labs started seeing attacks on PHP-FPM (FastCGI Process Manager) on port 9000. This attack works by passing PHP configuration options that allows injection of

Share
Security Pitfalls with Multicloud Deployments

I recently had the pleasure of participating in a panel discussion at the Cyber Security Summit USA in Denver, CO, on the topic of cloud INsecurity. The panel needed to

Share