A Red Sky Alliance member reported a suspicious email to Wapack Labs for analysis. The suspicious email originated from sender: firstname.lastname@example.org. The subject of the email was Pvtromeo Notification N4821. The malicious email was posing as the FedEX company and attempting to get the user to click on a malicious link.
A critical vulnerability has been discovered in the Credential Security Support Provider protocol (CredSSP) that has affected all versions of Windows. CredSSP could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code to take control of the target’s computer.
Multiple vulnerabilities have been discovered in Adobe Flash Player that could allow for remote code execution. Successful Exploitation of these vulnerabilities could result in the attacker gaining control of the affected system.
A new Android malware, named “FakeApp”, has been discovered that steals Facebook credentials, account details, usernames / passwords and other information directly from victim devices. The malware is targeting mainly English-speaking users in Asian Pacific counties. The malware has originated through third-party app stores.
A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer. This vulnerability has been discovered in Adobe Acrobat Reader DC. It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.
A Google security researcher discovered a serious remote code execution vulnerability in both the μTorrent desktop app for Windows and the newly launched ‘μTorrent Web.’ This vulnerability allows users to download and stream torrents directly into their web browser.
Researchers have discovered a 0day vulnerability in Hewlett-Packard (HP) Project and Portfolio Management Center which could allow attackers to read sensitive files and data on the target system and also execute malicious input. These researchers found an XML entity injection vulnerability in the way HP PPM processed import tickets.
AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained. This exploit tool can be troublesome for networks that do not employ sound cyber security practices.
Bosnia and Herzegovina is a country in Southeastern Europe formerly under the Republic of Yugoslavia. After the dissolution of Yugoslavia, Bosnia and Herzegovina has experienced infighting of ethnically and religiously motivated hacktivist groups, as well as commercially motivated hackers. Current cyberlaws are not fully enacted, yet the country completely cooperates to fight cybercrime. Bosnian hackers use Bosnian, Serbian, German, English, and other languages to communicate. Due to recent…
On 08 February 2018, Wapack Labs discovered a user affected by the Azorult malware who may have compromised a major US city’s procurement portal. Analysts identified this infected user through our keylogger collection project. The affected user had their username and password stolen when signing onto the city’s procurement website portal. This city’s portal permits contractors to enter bids for the government’s request for quotes (RFQ).
A vulnerability in a piece of code titled gSOAP, also known as, “Devil’s Ivy,” is widely being exploited in physical security products. This could potentially allow attackers to fully disable or take over thousands of models of internet-connected devices, from security cameras to sensors and access-card readers.
In February 2018, Wapack Labs identified configurations for a Structured Query Language (SQL) injection tool showing attempted exploitation against the site for the 2018 Winter Olympic Games in PyeongChang, South Korea. A Wapack Labs Analyst identified the tool as SQLi Dumper. The developer, “c4rl0s” (for Carlos), states the SQL injection tool supports blind SQL injection, schema dumping, file dumping, MySQL brute forcing, site scanning, and can also hash online cracks. The attempted injection…
A new malware has been discovered targeting institutions in government, technology, education and telecommunications sectors in Asian counties and in the US. This malware performs various tasks, including password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems.
A new strain of point-of-sale (PoS) malware has been discovered by security researchers that disguises itself as a LogMeIn service pack and steals credit card payment information through DNS queries. Since the malware relies on UDP DNS traffic for extraction of data, it was named “UDPoS” by researchers who discovered it.
On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory about an Adobe Flash zero-day vulnerability being exploited in the wild. On 1 February 2018, Adobe released an advisory confirming the vulnerability exists in Adobe Flash Player. The vulnerability is dubbed, “CVE-2018-4878.”
Researchers have unveiled a powerful spyware variant that provides attackers complete control of the target device remotely. The malware was first seen in 2014. It has evolved over time, from simple un-obfuscated malware in the beginning, to sophisticated multi-stage spyware that provides attackers full remote control of the infected device.
The XXIII Olympic Winter Games, hosted in PyeongChang, South Korea, commence on 9 February 2018. Wapack Labs observed two compromised individuals, infected with AZORult malware, logging into the official Olympic Winter Games portal, pyeongchang2018.com. AZORult is a Trojan horse which steals information from a compromised system. After installation, AZORult begins looking for sensitive data; browser cookies, usernames and passwords, system information, and autocomplete fields.