Summary
US federal authorities are assessing cyber criminals are likely using Internet query (IQY) files in their phishing campaign emails targeting US businesses, indicating a new tactic, technique, and procedure (TTP). IQY files are a specific file format used to import data from external sources such as remote servers into Excel spreadsheets, where it is then executed on the computers. In cybercriminal phishing attempts, a malicious web server URL was put…
SUMMARY
Meng Wanzhou, the Chief Financial Officer of Huawei Technologies, was arrested at the Vancouver Airport on 1 December 2018 at the request of US authorities. The US seeks her extradition so that she can face charges of US sanction violations in America court. After being held for ten days, Meng was released on bail and is staying in Vancouver while the extradition request is adjudicated by the Canadian government.…
Below is the Executive Summary regarding the recent email bomb threats sent internationally. Our good friends from Global Guardian shared their threat assessment for situational awareness.
Summary - On 13 December 2018, hundreds of businesses, law enforcement agencies and public services across the United States and Canada received email threats demanding a bitcoin payment of $20,000 in the early afternoon, prompting evacuations, building sweeps and overloading…
Introduction:
Wapack Labs SOC identified JexBoss exploit attempts against an HVAC Controller, a NetScaler device, and the CEO of the company. This exploit is known to be a delivery mechanism of SamSam ransomware --and it would have been the second time this company would have suffered a large scale ramsomware attack.
Summary
Wapack Labs observed multiple attempts to exploit JBoss Application Servers using the…
In a recent blog by Nitzan Daube, CTO of NanoLock¸ he provides an explanation regarding the importance of security focus on both IT hardware, physical security and cyber security consequences. Wapack Labs agrees whole heartedly, and is providing solutions.
Wapack Labs participated in a recent lecture at the October 2018 ASIS Conference, held in Las Vegas NV. Our joint lecture specifically addressed hardware compromise, adherence to physical security and the psychology of…
The Air Force Institute of Technology[1] (AFIT) has releases free “Blockchain for Supply Chain” tools for supply chain professionals to learn about and use the power of block chain technology. AFIT recently published a live blockchain application that can be accessed from any computer or smart phone, along with a complementary series of tutorial videos that presents blockchain simulation. These videos can be used as a stand-alone…
Cyber security professionals often get focused on dangers which appear inside their networks or within company messages, sometimes overlooking physical threats. Laptops and devices routinely leave the confines of network cyber security parameters. In this circumstance, a hacker can easily get physically next to a vulnerable laptop, which may permit firewall rules and DNS Security inoperable to a bad guy hacking into “your” laptop.…
This report is an update to previous Wapack Labs postings regarding the SamSam malware. US federal authorities are providing current information about the vulnerabilities and exploits used to deploy SamSam ransomware, also known as MSIL/Samas.A. This malware was being deployed by cyber criminals Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi. On 26 November 2018, the District of New Jersey indicted Mansouri and Savandi for developing and deploying SamSam…
SUMMARY
China hosted its World Internet Conference on 7-9 November 2018 in Wuzhen, the fifth conference in this series. As in past years, the conference was attended by Chinese political and corporate figures as well as representatives from several major Silicon Valley companies. However, the level of foreign participation was significantly reduced from last year. Tim Cook of Apple and Sundar Pichai of Google, featured speakers in 2017, skipped the…
The US, Department of Homeland Security (DHS), Cyber Intelligence Network (CIN) is aware of a Thanksgiving Day-themed phishing email campaign with at least two variants targeting US government entities. The campaign began on 19 November 2018, and the phishing emails include Thanksgiving Day-themed subject lines with holiday-themed titled documents. The emails spoof legitimate government senders and attempt to deliver malware to legitimate government entities. The reported…
Summary
On 10 October 2018, the FBI announced the arrest of Xu Yanjun, a Chinese intelligent agent who had been targeting an employee of GE Aviation to acquire trade secrets on the company’s jet engines. The target employee had cooperated with the FBI during this operation, and when Xu arranged a meeting with the employee in Europe in April 2018, Xu was arrested. He was extradited from Belgium to the United States in October and charged with economic…
Red Sky Alliance (RSAC) members have reported seeing and, or receiving fake sextortion scams. These scam emails typically provide old password that was used by the user. These emails are an attempt to extort money, claiming the sender has compromising information indicating the user was involved in viewing pornographic sites. The sender claims to have compromising video recordings of the user and alleges to have additional “stolen secrets” of a compromising sexual nature. An RSAC member…
US authorities report multiple vulnerabilities identified in Mozilla Thunderbird, the most severe of which could result in arbitrary code execution. Mozilla Thunderbird is an email service. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts…
MIT researchers have developed a system that reduces false positives for credit card frauds. Researchers call it automated feature engineering, which allows them to monitor the spending of an individual and add features based on their spending habits.[1] To do this, they extract 200 detailed features per individual transaction to provide examples that would be available if the user was present. It additionally would capture the average…
Recently the popular online retail service Craigslist was advertising servers and storage disks. The seller was marketing Netlink Computer Inc. (NCIX) retail service new and used IT equipment. The servers and storage disks being marketed included millions of unencrypted confidential records of employees, customers and business partners. Up until 1 December 2017, when Canadian IT retail services NCIX filed for bankruptcy, they were a…
Cybersecurity researchers have unveiled, the first-ever, UEFI (Unified Extensible Firmware Interface) rootkit being used. It allows hackers to implant persistent malware on targeted computers that could endure a complete hard-drive wipe. Titled LoJax, the UEFI rootkit is part of a malware campaign conducted by the Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, who have targeted government organizations in the Balkans as well as in Central and Eastern Europe.…
Magento is an open source ecommerce platform that offers flexible solutions, is a vibrant extension marketplace, and has an open global ecosystem. Magento is based off of the Zend Framework and PHP. Magento is considered to be the leading platform within the ecommerce market. In less than 10 years, Magento has had massive success rolling out its solutions to small at home/startup business to multinational conglomerates. Magento's popularity is similar to that of other popular open-source…
