TARGET: Two Major Canadian Banks Breached
Two Canadian banks claim to have been breached by attackers this week. Simplii Financial which is owned by CIBC, has claimed that it may have lost personal and account information for over 40,000 bank customers. The Bank of Montreal then followed this news by claiming that they too had been breached and lost up to […]
TARGET: Nuance Communications – Lost Revenue and PHI
Nuance Communications, a healthcare software company which specializes in speech and imaging, has had a run of bad luck with external and internal incidents in 2017. Last year NotPetya malware cost the company $92 million in revenue, mainly from the disruption of transcription services and systems used by healthcare customers. Nuance quickly attempted to restore […]
TARGET: Coca-Cola Data Breach
Things are starting to fizz up! Back in September 2017, a disgruntled former employee of the soda pop conglomerate, Coca-Cola, managed to walk out the door of their global headquarters with an external hard drive containing over 8,000 confidential employee records. Although they would not disclose the specifics of the information stolen, the company did […]
Attacker: Xenotime and Trisis ICS Attacks
Dragos, an information security consulting firm that specializes in industrial control system (ICS) security consulting, reported that the threat actor known as “Xenotime” has expanded its presence in compromising ICS systems beyond the Middle East. In late 2017, FireEye and Dragos reported a threat actor had released TRISIS malware that had targeted a Middle East […]
Vulnerability: Variants 3a and 4 of Side Channel Vulnerabilities
On May 21st, two vulnerabilities (CVE-2018-3640 – Variant 3A- Rogue System Register Read and CVE-2018-3639 – Variant 4 – Speculative Store Bypass) were publicly disclosed. These vulnerabilities indicate new variants of the Spectre and Meltdown class of hardware vulnerabilities and use “side-channel attacks” against speculative execution on many CPU architectures. Each of the vulnerabilities, Variants […]
Method: VPNFilter Malware responsible for botnet army of 500,000 devices
Researchers from Cisco Talos with the help of numerous threat intelligence partners, have identified at least 500,000 devices worldwide that have been infected with VPNFilter malware. Large segments of the malware’s code were repurposed from the notorious BlackEnergy malware, which was responsible for massive DDoS attacks targeting Ukrainian infrastructure resulting in widespread power outages. The […]
METHOD: HIDDEN COBRA Joanap and Brambul Malware Activity
US-CERT has released a technical advisory regarding a RAT (remote access tool) and an SMB (server message block) worm dubbed respectively Joanap and Brambul. Both claimed to be leveraged by the North Korea’s threat actor HIDDEN COBRA (aka Lazarous) since 2009. HIDDEN COBRA is an alias used to describe global hacking performed by a group […]
Vulnerability: Red Hat DHCP Client Script Code Execution – CVE-2018-1111
A vulnerability affecting Red Hat DHCP Services was released via Twitter on May 16th. The exploit, tagged as Dynoroot by the research community and cataloged as CVE-2018-1111, allows an attacker to spoof a DHCP response and execute arbitrary commands with root privileges on a vulnerable Red Hat host. The vulnerability was discovered by Felix Wilhelm […]
Method: RIG Exploit Kit – Grobios Malware
The use of exploit kits has generally been declining over the past two years, however FireEye has recently observed in March active development of the RIG EK capable of delivering a trojan named Grobios, a type of malware. Victims are first redirected to a compromised domain with an embedded malicious iframe which then redirects […]
METHOD: StalinLocker Malware
MalwareHunterTeam has discovered a new screenlocker malware that threatens to wipe the content of all the drives on a victim’s computer. The malware has been dubbed StalinLocker, because it displays a picture representation of the totalitarian dictator, Joseph Stalin on infected devices. While the USSR anthem is playing in the background, the malware displays a […]
Method: TreasureHunter Point-of-Sale Malware source code leak may spawn new variants
The TreasureHunter Point-of-sale (PoS) malware has appeared to have made a return to the spotlight. A top-tier Russian-speaking forum reportedly leaked the malware’s source code, GUI and admin panel in March 2018. A 2016 investigation by FireEye was able to provide a detailed analysis of the malware, which was first deployed in late 2014. […]
Attack: AWS Route 53 Hijack
In late April, a complex attack was executed in the core internet infrastructure by attackers that redirected users of the MyEtherWallet.com website towards a phishing site. The incident has been described as a BGP or Border Gateway Protocol “leak” that allowed the attackers to wrongly announce protocol (IP) in a space that’s owned by Amazon’s […]