All Articles - Finished Intelligence

HOW XI JINPING IS TRANSFORMING CHINA

In just five years, Xi Jinping has surprised everyone by altering the vector of China’s development to match his vision for a China that stands as a peer to the United States. He has done this by methodically concentrating political, economic, and military power into his own hands so that he now stands alone as the supreme leader of China. Xi Jinping has proved different from his predecessors in many ways. He has gained control over the Communist Party through a deep and wide-ranging…

SAMSAM Ransomware

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1] SamSam ransomware is unique in its nature due to targeted victims and large ransom demands. The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…

Predictor Pain and Hawkeye; Still at It

From July 2017 to July 2018, there were 242,806 Predator Pain Key Recorder detection seen through Wapack Labs proprietary data.

Vulnerabilities in Google Chrome Allow for Arbitrary Code Execution

Hacked Passwords Lead to Extortion Hoax

An old, yet proven extortion hoax is making a return. Hacked emails and passwords are being used to trick, phish and actually extort a user to paying a ransom to suspect Bitcoin addresses.

Persistent XSS Vulnerability in Multiple Asus Routers

Researchers have discovered a persistent Cross-Site Scripting (XSS) vulnerability in multiple Asus routers.

BuyBaseFactory Carder in the Prvtzone[.]ws Forum

Prvtzone[.]ws is a clear web marketplace and forum. The marketplace primarily sells stolen credit cards. In this forum, members (vendors and buyers) discuss the website purpose regarding stolen information. One seller, BuyBaseFactory (BBF), sells cards and stolen CC/CVV and dumps track 1 (TR1) and track 2 (TR2)[1] from the US, Europe, parts of South America and Africa.

Multiple Antenna House Vulnerabilities

Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1] Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents. The vulnerabilities are used to remotely execute code on a vulnerable system. The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely,…

The Rancor Hacking Group

The Rancor group is involved in highly targeted attacks, which are focused in South East Asia; specifically, in Singapore and Cambodia. Rancor uses two major Windows malware families named, “DDKONG” and “PLAINTEE”.

Mozilla Thunderbird Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.

Dridex adds new capability - Atom Bombing

Atom Bombing (AB) works on all versions of Windows and is undetectable by most current security solutions. The current unknown actors behind the banking trojan Dridex, implemented AB almost immediately after it was released in open source. This report examines the AB technique and its use by the authors of Dridex.

Data Breach of FastBooking Hotel Booking Service

FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, had all its data stolen this month by an unknown attacker. Hotel guest personal identifying information (pii), travel dates and credit card information was taken. The breach took place on 14 June 2018 and took personal data in 58,003 leaks while credit card information was stolen in the remaining 66,960 cases.

Mylobot

A new form of malware was recently discovered by researchers. The new malware is known as Mylobot and is a botnet. Mylobot specifically targets devices running on Windows. Mylobot has a variety of tools to stay undetected and can completely take over an infected device.

WHAT DO I NEED TO GUARD AGAINST CYBER THREATS?

Cybersecurity threats are always changing. Threats that target businesses are malware, phishing, ID theft, Distributed Denial of Service (DDoS) attacks, software threats, data diddling, password attacks, Man-In-The-Middle (MITM) attacks, salami-slicing, IoT hacking, and cyber extortion. These are the most common cyber threats that small business companies need to be protected against. It is highly likely your business can reasonably prevent and mitigate many of these type…

Lazy FP State Restore Vulnerability

A vulnerability has been identified in Intel chips that affects processor’s speculative code execution similar to Meltdown and Spectre. This could potentially can be exploited to gain access to sensitive information and encrypted data.

Operation Prowli

Operation Prowli Operation Prowli is a traffic manipulation and cryptocurrency mining campaign infecting a wide number of organizations in critical infrastructure sectors such as finance, education and government. This campaign spreads malware and malicious code to servers and websites and has compromised more than 40,000 machines in multiple areas of the world. Impact The malware has already hit more than 40,000 victim machines from over 9,000 businesses in various domains; to include finance,…

Patch Issued for Critical Adobe Flash Vulnerability

Patch Issued for Critical Adobe Flash Vulnerability Adobe has released a security patch update for a critical vulnerability in its Flash Player software. The malware is actively exploiting targeted attacks against Windows users. Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet. The stack-based buffer overflow vulnerability, explained in CVE-2018-5002 , impacts Adobe Flash Player 29.0.0.171 and earlier versions…

Anonymous Cyber Actors Claim Website Disruptions

A month ago, Anonymous (Anon #OpUSA) cyber actors reported they caused service outages on the websites of various US Government agencies, to include Department of Defense agencies. These claims were alleged by showing service outages for the public-facing websites of these US federal agencies. The alleged outages were false. The false reports are likely intimidation and propaganda techniques against the US government. In December 2017, Anon #OpUSA organizers initiated a call for action to plan…

To Reboot or Not, that is the Question: VPNFilter

Summary Wapack Labs highly recommends following US government guidelines to any owner of a small business or personal home office routers; to power cycle (reboot) their devices. International bad actors have compromised hundreds of thousands of home and office routers and other networked devices. These bad actors use the VPNFilter malware to target small office and home office routers. This malware is able to perform multiple functions, including potential information collection, device…

Lazarus Group Update

The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a current technical alert on the North Korea-linked threat group known as the government name: Hidden Cobra, or the cyber security name of the Lazarus Group. The Lazarus Group is highly suspected or conducting numerous high-profile attacks; to include targeting Sony Pictures, Bangladesh’s Central Bank and various financial organizations. The Lazarus Group’s campaigns are traced as Operation…

Red Sky Alliance

Finished Intelligence

All Articles (115)