Attacker: Xenotime and Trisis ICS Attacks
Dragos, an information security consulting firm that specializes in industrial control system (ICS) security consulting, reported that the threat actor known as “Xenotime” has expanded its presence in compromising ICS systems beyond the Middle East. In late 2017, FireEye and Dragos reported a threat actor had released TRISIS malware that had targeted a Middle East […]
Vulnerability: Variants 3a and 4 of Side Channel Vulnerabilities
On May 21st, two vulnerabilities (CVE-2018-3640 – Variant 3A- Rogue System Register Read and CVE-2018-3639 – Variant 4 – Speculative Store Bypass) were publicly disclosed. These vulnerabilities indicate new variants of the Spectre and Meltdown class of hardware vulnerabilities and use “side-channel attacks” against speculative execution on many CPU architectures. Each of the vulnerabilities, Variants […]
Method: VPNFilter Malware responsible for botnet army of 500,000 devices
Researchers from Cisco Talos with the help of numerous threat intelligence partners, have identified at least 500,000 devices worldwide that have been infected with VPNFilter malware. Large segments of the malware’s code were repurposed from the notorious BlackEnergy malware, which was responsible for massive DDoS attacks targeting Ukrainian infrastructure resulting in widespread power outages. The […]
METHOD: HIDDEN COBRA Joanap and Brambul Malware Activity
US-CERT has released a technical advisory regarding a RAT (remote access tool) and an SMB (server message block) worm dubbed respectively Joanap and Brambul. Both claimed to be leveraged by the North Korea’s threat actor HIDDEN COBRA (aka Lazarous) since 2009. HIDDEN COBRA is an alias used to describe global hacking performed by a group […]
Vulnerability: Red Hat DHCP Client Script Code Execution – CVE-2018-1111
A vulnerability affecting Red Hat DHCP Services was released via Twitter on May 16th. The exploit, tagged as Dynoroot by the research community and cataloged as CVE-2018-1111, allows an attacker to spoof a DHCP response and execute arbitrary commands with root privileges on a vulnerable Red Hat host. The vulnerability was discovered by Felix Wilhelm […]
Method: RIG Exploit Kit – Grobios Malware
The use of exploit kits has generally been declining over the past two years, however FireEye has recently observed in March active development of the RIG EK capable of delivering a trojan named Grobios, a type of malware. Victims are first redirected to a compromised domain with an embedded malicious iframe which then redirects […]
METHOD: StalinLocker Malware
MalwareHunterTeam has discovered a new screenlocker malware that threatens to wipe the content of all the drives on a victim’s computer. The malware has been dubbed StalinLocker, because it displays a picture representation of the totalitarian dictator, Joseph Stalin on infected devices. While the USSR anthem is playing in the background, the malware displays a […]
Method: TreasureHunter Point-of-Sale Malware source code leak may spawn new variants
The TreasureHunter Point-of-sale (PoS) malware has appeared to have made a return to the spotlight. A top-tier Russian-speaking forum reportedly leaked the malware’s source code, GUI and admin panel in March 2018. A 2016 investigation by FireEye was able to provide a detailed analysis of the malware, which was first deployed in late 2014. […]
Attack: AWS Route 53 Hijack
In late April, a complex attack was executed in the core internet infrastructure by attackers that redirected users of the MyEtherWallet.com website towards a phishing site. The incident has been described as a BGP or Border Gateway Protocol “leak” that allowed the attackers to wrongly announce protocol (IP) in a space that’s owned by Amazon’s […]
Vulnerability: Twitter passwords stored in plain text
Twitter recently announced that all 300+ million user passwords have been exposed by being stored in plain text, without any encryption technology protecting the data. Twitter uses a password encryption technology known as “bcrypt”. Bcrypt leverages a password hashing functionality so that the system can validate the account authentication without revealing the password. The culprit […]
Method: MassMiner Worm Malware
Cryptocurrency mining malware has been on the rise in 2018. The malware has an especially nasty variant which leverages multiple exploits and hacking tools to spread. The MassMiner worm is a type of mining malware that has been observed propagating from local networks to high value targets, like Microsoft’s SQL servers, with greater mining potential. […]
Vulnerability: KRACK Vulnerability Leaves Medical Devices Exposed
Numerous devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the KRACK key-reinstallation attack directly impacting the integrity and confidentiality of patient records. KRACK could allow a malicious actor to execute a man-in-the-middle attack, allowing the attacker within radio range to replay, decrypt or spoof frames leaving PHI exposed to unauthorized […]