Browsing tag
Today, criminal organizations no longer attack corporations and businesses physically with weapons. Instead, they use computers and malware, aiming to steal vital information that can be used for malicious means. Professional cybercriminal organizations know what they are looking for and will find ways to get it. This is what makes an advanced persistent threat (APT) […]
Here in hackercombat.com, we have covered stories about bank trojans on a fairly regular basis. Blackhat hackers are after people’s money, profit is their main if not their only motivation for their campaigns. Of course, as the cybersecurity vendors rebuild their products and services to address a specific security concern, the threat actors resourcefulness are […]
A malicious code has infected Event-stream JavaScript library with the intention of stealing cryptocurrency from digital wallets. The popular JavaScript library is created to ease working with Node.js streaming modules, and is available via npmjs.com repository. The malicious code in the package caught the eye of researchers last week. Today, it has been revealed that […]
Hackers could abuse a feature that allows you to attach a video directly to a Word document for the victim to download and run malware on their computer Cybersecurity and digital forensics researchers from the International Institute of Cyber Security report the emergence of a malware campaign that abuses the feature to attach videos to […]
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe. But some samples employ other interesting methods. We’re […]
Windows Digital Signature check is a mechanism included in Microsoft Windows to make sure that the software or driver you’re trying to install is signed by a trusted entity, and the integrity of its binary file is preserved. This digital frisking is done with the help of their home-grown code-signing tech called Authenticode. It’s possible […]
Publicly known “magic string” lets any site run malicious code, no questions asked. The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit. A […]
Researchers at Fox-IT warn that the website of security certification provider EC Council has been compromised to host the malicious Angler Exploit Kit. No one is secure, we are all potential targets, even if you are a skilled expert and the fact that I’m going to tell you demonstrates it. The website of security certification provider […]