Method: PyRoMine Malware
In early April, Fortinet’s FortiGuard Labs discovered a cryptocurrency mining malware that leverages EternalRomance, a remote code execution attack, that was coined, PyRoMine. The EternalRomance exploit was initially discovered in the giant “treasure trove” that was the NSA data leak last year thanks to the ShadowBrokers. The malware can be found in the form of […]
Vulnerability: CVE-2018-0171 – Cisco IOS and IOS XE Software Smart Install – Remote Code Execution
Cisco has disclosed a vulnerability in the Smart Install feature of the Cisco IOS Software and Cisco IOS XE Software. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on affected switches as well as leverage this vulnerability to cause the devices to reload, which will result in a temporary DoS while […]
Vulnerability: CVE-2018-7600 – Drupal core – Remote Code Execution
A vulnerability has been discovered that could allow criminals to execute code remotely on websites that are running Drupal. Drupal is a Content Management System (CMS) that is used by more than 1 million websites worldwide. According to W3techs.com, Drupal is third most popular CMS, only behind Joomla and WordPress. The discovered vulnerability can be […]
Attacker: Actor – Mabna Institute / Silent Librarian
The Mabna Institute, also known as the threat actor “Silent Librarian” (Phishlabs), is a group of nine Iranian citizens that have been charged in a computer hacking campaign. The campaign compromised various targets, such as US and foreign universities, private companies, and US government entities. Several specific targets were identified by PhishLabs and the FBI, […]
Target: Expedia Orbitz – 880K data breach
Travel giant Expedia Orbitz, has disclosed a security data breach that’s affected at least 880,000 customer payment cards. It appears that the attackers had potential access to the data between the Oct. 1, 2017 and Dec. 22, 2017. The investigation revealed that the attackers had potentially exposed customer names, addresses, payment card information and email […]
Method: TA 18-086A: Brute Force Attacks / Password Spraying
In March 2018, the Department of Justice indicted nine Iranian nationals for conducting brute force style attacks against organizations in the United States utilizing a technique referred to as “Password Spraying”. Characteristically, brute force attacks attempt to authenticate credentials by guessing the password of a single user account, however accounts now will typically lock out […]
MyFitnessPal Hack – 150 million users were affected
Athletic Apparel & Footwear mogul Under Armour announced that their popular fitness app, MyFitnessPal, has suffered from a massive data breach. Investigation has revealed that somewhere close to 150 million accounts have been compromised. The account information exposed includes: usernames, email addresses and hashed passwords. Under Armour revealed that no credit card information or other […]
Method: Linux Malware – GoScanSSH
Researchers at Cisco Talos during an incident response engagement have identified a new malware family being used to compromise SSH servers exposed to the internet, called GoScanSSH. The malware is written in Go, a programming language created at Google in 2009. The infection methods being used were SSH brute force attacks against public facing SSH […]
Method: Android Malware – RottenSys
Researchers at Check Point have identified a new type of mobile adware, called RottenSys, that has infected nearly 5 million devices since 2016. The application disguises itself as a “System Wi-Fi Service” on the Android OS and was likely inserted on the devices before they were purchased. The package has the ability to participate in […]
Vulnerability: Apache – CVE-2017-5638 – Apache Struts Jakarta Parser
In March of 2017, attackers began exploiting a bug in the Apache Struts Jakarta Multipart parser. The attack resulted in attackers being able to execute arbitrary commands on HTTP servers with specially crafted HTTP requests. This vulnerability has recently gained additional buzz because there has been a recently named campaign (Zealot) that uses this vulnerability […]
Attacker: Actor – TEMP.Periscope / Leviathan
The threat actor TEMP.Periscope (FireEye) / Leviathan (Proofpoint) has been observed running targeted spear phishing campaigns against maritime and engineering targets. The threat actors appear to be tied to Chinese espionage. The TTPs of this threat actor are what are normally expected from a state sponsored level threat actor. Some of the interesting tools used […]
Target: Attack – Atlanta Government Ransomware Attack
March 27th – The City of Atlanta is currently dealing with a ransomware attack. The systems are being held ransom for $51,000. The hack has been ongoing for six days. The systems infected had an effect on some of the city’s critical functions including residents unable to pay electric bills, city employees with no email […]
