Method: RIG Exploit Kit – Grobios Malware
The use of exploit kits has generally been declining over the past two years, however FireEye has recently observed in March active development of the RIG EK capable of delivering a trojan named Grobios, a type of malware. Victims are first redirected to a compromised domain with an embedded malicious iframe which then redirects […]
METHOD: StalinLocker Malware
MalwareHunterTeam has discovered a new screenlocker malware that threatens to wipe the content of all the drives on a victim’s computer. The malware has been dubbed StalinLocker, because it displays a picture representation of the totalitarian dictator, Joseph Stalin on infected devices. While the USSR anthem is playing in the background, the malware displays a […]
Method: TreasureHunter Point-of-Sale Malware source code leak may spawn new variants
The TreasureHunter Point-of-sale (PoS) malware has appeared to have made a return to the spotlight. A top-tier Russian-speaking forum reportedly leaked the malware’s source code, GUI and admin panel in March 2018. A 2016 investigation by FireEye was able to provide a detailed analysis of the malware, which was first deployed in late 2014. […]
Attack: AWS Route 53 Hijack
In late April, a complex attack was executed in the core internet infrastructure by attackers that redirected users of the MyEtherWallet.com website towards a phishing site. The incident has been described as a BGP or Border Gateway Protocol “leak” that allowed the attackers to wrongly announce protocol (IP) in a space that’s owned by Amazon’s […]
Vulnerability: Twitter passwords stored in plain text
Twitter recently announced that all 300+ million user passwords have been exposed by being stored in plain text, without any encryption technology protecting the data. Twitter uses a password encryption technology known as “bcrypt”. Bcrypt leverages a password hashing functionality so that the system can validate the account authentication without revealing the password. The culprit […]
Method: MassMiner Worm Malware
Cryptocurrency mining malware has been on the rise in 2018. The malware has an especially nasty variant which leverages multiple exploits and hacking tools to spread. The MassMiner worm is a type of mining malware that has been observed propagating from local networks to high value targets, like Microsoft’s SQL servers, with greater mining potential. […]
Vulnerability: KRACK Vulnerability Leaves Medical Devices Exposed
Numerous devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the KRACK key-reinstallation attack directly impacting the integrity and confidentiality of patient records. KRACK could allow a malicious actor to execute a man-in-the-middle attack, allowing the attacker within radio range to replay, decrypt or spoof frames leaving PHI exposed to unauthorized […]
Vulnerability: CVE-2018-0228 – Cisco ASA DOS Vulnerability
A vulnerability has been discovered in the ingress flow creation functionality of the Cisco Adaptive Security Appliance (ASA). This vulnerability could potentially allow an unauthenticated, remote attacker to send a steady stream of malicious IP packets to DoS (denial of service) and infect the system by maxing out CPU usage. A DoS of this type […]
Method: Roaming Mantis Malware
Kaspersky Labs has detailed Android malware mainly targeting Chinese and Korean users. The malware is designed to steal two-factor authentication codes for Google accounts sent via SMS/MMS. Kaspersky Labs has detailed a lot of the interesting technical elements of the malware. For example, command and control for samples analyzed were found to lookup strings of […]
Target: Ikea TaskRabbit – Security Breach
The Ikea owned application TaskRabbit announced a security breach had occurred that could have left user account credentials vulnerable. Unauthorized attackers gained access to the system exposing account details such as usernames and passwords. It is still unclear if any user personal payment information had been exploited. The application was taken offline and the situation […]
Attacker: Grizzly Steppe
Russian state-sponsored cyber actors appear to be performing worldwide cyber exploitation of enterprise-class and SOHO/residential network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices). This campaign, particularly the choice of protocols and devices appears to have some overlap with earlier reports detailing the vulnerability CVE-2018-0171, as well as, reports detailing cyber-attacks […]
Vulnerability: Trustjacking
A new iPhone vulnerability was disclosed at the RSA Conference in San Francisco. The vulnerability allows persistent control over an iPhone device without it being physically connected to a computer. With just a simple tap by the iOS device owner when connected to the same network as the attacker, the network link grants permanent control […]
