Proficio logo
Request A Demo

Category: Threat Intel

Target: Expedia Orbitz – 880K data breach

Travel giant Expedia Orbitz, has disclosed a security data breach that’s affected at least 880,000 customer payment cards. It appears that the attackers had potential access to the data between the Oct. 1, 2017 and Dec. 22, 2017. The investigation revealed that the attackers had potentially exposed customer names, addresses, payment card information and email […]

Method: TA 18-086A: Brute Force Attacks / Password Spraying

In March 2018, the Department of Justice indicted nine Iranian nationals for conducting brute force style attacks against organizations in the United States utilizing a technique referred to as “Password Spraying”. Characteristically, brute force attacks attempt to authenticate credentials by guessing the password of a single user account, however accounts now will typically lock out […]

MyFitnessPal Hack – 150 million users were affected

Athletic Apparel & Footwear mogul Under Armour announced that their popular fitness app, MyFitnessPal, has suffered from a massive data breach. Investigation has revealed that somewhere close to 150 million accounts have been compromised. The account information exposed includes: usernames, email addresses and hashed passwords. Under Armour revealed that no credit card information or other […]

Method: Linux Malware – GoScanSSH

Researchers at Cisco Talos during an incident response engagement have identified a new malware family being used to compromise SSH servers exposed to the internet, called GoScanSSH. The malware is written in Go, a programming language created at Google in 2009. The infection methods being used were SSH brute force attacks against public facing SSH […]

Method: Android Malware – RottenSys

Android mascot

Researchers at Check Point have identified a new type of mobile adware, called RottenSys, that has infected nearly 5 million devices since 2016. The application disguises itself as a “System Wi-Fi Service” on the Android OS and was likely inserted on the devices before they were purchased. The package has the ability to participate in […]

Vulnerability: Apache – CVE-2017-5638 – Apache Struts Jakarta Parser

In March of 2017, attackers began exploiting a bug in the Apache Struts Jakarta Multipart parser. The attack resulted in attackers being able to execute arbitrary commands on HTTP servers with specially crafted HTTP requests. This vulnerability has recently gained additional buzz because there has been a recently named campaign (Zealot) that uses this vulnerability […]

Attacker: Actor – TEMP.Periscope / Leviathan

The threat actor TEMP.Periscope (FireEye) / Leviathan (Proofpoint) has been observed running targeted spear phishing campaigns against maritime and engineering targets. The threat actors appear to be tied to Chinese espionage. The TTPs of this threat actor are what are normally expected from a state sponsored level threat actor. Some of the interesting tools used […]

Target: Attack – Atlanta Government Ransomware Attack

March 27th – The City of Atlanta is currently dealing with a ransomware attack. The systems are being held ransom for $51,000. The hack has been ongoing for six days. The systems infected had an effect on some of the city’s critical functions including residents unable to pay electric bills, city employees with no email […]

Method: Windows Malware – ThreatKit

March 25th – Researchers at Proofpoint have discovered a new type of exploit kit, called ThreatKit, that allows attackers to craft malicious Office Documents and attempt to exploit CVE-2017-8570, CVE-2017-11882, and CVE-2018-0802. The Word Document comes with an embedded executable that is decoded as a result of successful exploitation of the system. In some instances […]

Proficio Observes New Bluetooth Vulnerabilities

Bluetooth-blue-logo

Proficio has observed several open sources of intelligence that have detailed the release of multiple critical vulnerabilities for Bluetooth and an attack vector utilizing those vulnerabilities known as “BlueBorne.” Here are the details we have gathered so far. BlueBorne Summary Multiple news outlets have reported the discovery of several important vulnerabilities in both the design […]

How to Combat the Rise of “Hacktivism”

In today’s politically charged climate in the United States and around the world, political activists increasingly are putting down their protest signs and going online to carry out cyber attacks in the name of their causes. The combination of hacking and activism is nothing new; the first such attacks date back to the 1980s and […]

Latest Ransomware Attack Cripples Networks Worldwide

world map with network overlaid

For the second time in as many months, hackers have unleashed a massive ransomware attack targeting thousands of computer networks across the world. The latest attack, nicknamed the GoldenEye strain of Petya ransomware, began on Monday June 27 and continued to unfold into Tuesday June 28, officials said. Investigators suspect it originated in the Ukraine […]