Target – FAPD Phishing HIPAA Breach
On June 1st, the Florida Agency for Persons with Disabilities (FAPD) disclosed that a phishing attack had compromised a single email account. The email account contained information that had PHI of over 1,951 customers and/or guardians. Although no evidence was gathered that indicated the information was accessed, FAPD could not completely rule out that it […]
Method: Hidden Cobra TYPEFRAME Malware Activity
On June 14th, US-CERT released a Malware Analysis Report (AR18-165A) that details a set of malware, code-named TYPEFRAME, with the earliest observed sample dating back to 2015. This malware appears to have been leveraged by North Korea’s threat actor HIDDEN COBRA (aka Lazarus). The Trojan has the capability to download and install malware, proxies and […]
Vulnerability: Zero-Day Flash Flaw
June 7, 2018 – Security Firm Qihoo 360 identified a brand new zero-day flaw in Adobe Flash that could leave users vulnerable to executing malicious software without permission. Attackers have been able to gain access to victim’s devices by sending emails that contain exploited Flash content that has been disguised as a Microsoft Office document. […]
Vulnerability: Google Chrome Browser – CVE-2018-6148: Incorrect handling of CSP header
On May 23rd, a security researcher reported a vulnerability in the Chrome Desktop Browser (Pre-Version 67.0.3396.79) that allows for the mishandling of the Content Security Policy (CSP) header. The CSP header allows website developers to implement a 2nd layer of security on their websites to prevent possible malicious activity. The vulnerability bypasses the SECURITY_CHECK in […]
TARGET: Two Major Canadian Banks Breached
Two Canadian banks claim to have been breached by attackers this week. Simplii Financial which is owned by CIBC, has claimed that it may have lost personal and account information for over 40,000 bank customers. The Bank of Montreal then followed this news by claiming that they too had been breached and lost up to […]
TARGET: Nuance Communications – Lost Revenue and PHI
Nuance Communications, a healthcare software company which specializes in speech and imaging, has had a run of bad luck with external and internal incidents in 2017. Last year NotPetya malware cost the company $92 million in revenue, mainly from the disruption of transcription services and systems used by healthcare customers. Nuance quickly attempted to restore […]
TARGET: Coca-Cola Data Breach
Things are starting to fizz up! Back in September 2017, a disgruntled former employee of the soda pop conglomerate, Coca-Cola, managed to walk out the door of their global headquarters with an external hard drive containing over 8,000 confidential employee records. Although they would not disclose the specifics of the information stolen, the company did […]
Attacker: Xenotime and Trisis ICS Attacks
Dragos, an information security consulting firm that specializes in industrial control system (ICS) security consulting, reported that the threat actor known as “Xenotime” has expanded its presence in compromising ICS systems beyond the Middle East. In late 2017, FireEye and Dragos reported a threat actor had released TRISIS malware that had targeted a Middle East […]
Vulnerability: Variants 3a and 4 of Side Channel Vulnerabilities
On May 21st, two vulnerabilities (CVE-2018-3640 – Variant 3A- Rogue System Register Read and CVE-2018-3639 – Variant 4 – Speculative Store Bypass) were publicly disclosed. These vulnerabilities indicate new variants of the Spectre and Meltdown class of hardware vulnerabilities and use “side-channel attacks” against speculative execution on many CPU architectures. Each of the vulnerabilities, Variants […]
Method: VPNFilter Malware responsible for botnet army of 500,000 devices
Researchers from Cisco Talos with the help of numerous threat intelligence partners, have identified at least 500,000 devices worldwide that have been infected with VPNFilter malware. Large segments of the malware’s code were repurposed from the notorious BlackEnergy malware, which was responsible for massive DDoS attacks targeting Ukrainian infrastructure resulting in widespread power outages. The […]
METHOD: HIDDEN COBRA Joanap and Brambul Malware Activity
US-CERT has released a technical advisory regarding a RAT (remote access tool) and an SMB (server message block) worm dubbed respectively Joanap and Brambul. Both claimed to be leveraged by the North Korea’s threat actor HIDDEN COBRA (aka Lazarous) since 2009. HIDDEN COBRA is an alias used to describe global hacking performed by a group […]
Vulnerability: Red Hat DHCP Client Script Code Execution – CVE-2018-1111
A vulnerability affecting Red Hat DHCP Services was released via Twitter on May 16th. The exploit, tagged as Dynoroot by the research community and cataloged as CVE-2018-1111, allows an attacker to spoof a DHCP response and execute arbitrary commands with root privileges on a vulnerable Red Hat host. The vulnerability was discovered by Felix Wilhelm […]
