Implication of Russian Sanctions
During March-April 2018, dozens of Russian diplomats were expelled; hundreds of Russian Troll Factory-related accounts banned; new travel and economic sanctions levied and more are expected. While Russia did expel diplomats symmetrically, it explores options for an asymmetric response ranging from intellectual property violations to cyberattacks.
Blows Targeting Russia
In March 2018, 25 countries and NATO expelled dozens of Russian diplomats…
Wapack Labs is providing this report as a situational awareness for Linux users. The Linux openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. These updates are important for proper security and function.
The following security bugs were fixed:
• CVE-2018-1091: In the “flush_tmregs_to_thread” function in
arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged user space during a core dump on a POWER host. This due to a missing…
RCE in LG Network Storage Devices
A flaw has been discovered in LG Network attached Storage Devices that allow attackers to execute remote code and steal data from the device without authentication.
A pre-authenticated remote command injection vulnerability exists, which can allow attacker to perform virtually full computer functioning to include access to sensitive data and tamper with the user data and content. Attackers can then upload and distribute malware across the network using this…
Microsoft Outlook Vulnerability
A vulnerability has been disclosed in Microsoft Outlook that allows attackers to steal credentials just by convincing the victim to view an email. This in turn will not permit a user further interaction.
The Microsoft outlook vulnerability titled as CVE-2018-0950 allows attackers to steal sensitive information by convincing the victim to view or preview the email in Outlook. The vulnerability exploits the way Microsoft Outlook renders remotely hosted OLE…
Intel will not fix all Processor Models affected by Spectre v2
The Intel Corporation has publicly admitted they will not fix all of the processor models which were affected by the Spectre (variant 2, V2) side channel analysis attack.
In a recent Microcode Revision Guidance update published by Intel, various models of CPUs will not receiving fixes. Intel stated they it would not be possible to address the Spectre design flaw in their old CPUs. This because it requires changes to the processor…
A vulnerability has been identified in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the targeted network and subsequently intercept sensitive traffic.
A highly critical flaw has been discovered in Drupal’s CMS platform that could allow attackers to take control of the site by simply visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS platforms.
Security researchers have discovered 13 critical vulnerabilities, similar to Meltdown & Spectre, throughout AMD’s Ryzen and EPYC line of processors. These vulnerabilities could allow attackers to access to sensitive data, install backdoors/malware and gain full access to compromised systems.
Cybercriminals in the Middle East/North Africa (MENA) region are some of the most cooperative and united group of hackers in the world when their goal is to attack the West. Hacktivists collaborate for finanical and political gain, as well as for religious righteousness. Wapack Labs believe MENA bad actors will remain active and successful in various cyber campaigns against the West until the West attains a better understanding of the region’s language, culture, and religions.
Wapack Labs CTAC has exposed a large number of cyber events regarding the oil rich country of Kuwait and their oil and gas industry. Among targeted industries are a shipping company (merchantkuwait.com), which is a supplier for oil and gas, petrochemical, marine, and other industries (globalvision-kw.com), and a regional Kuwaiti construction company servicing oil, education and other sectors (cgc-kw.com). More incidents were discovered via CTAC are being further analyzed.
A Red Sky Alliance member reported a suspicious email to Wapack Labs for analysis. The suspicious email originated from sender: firstname.lastname@example.org. The subject of the email was Pvtromeo Notification N4821. The malicious email was posing as the FedEX company and attempting to get the user to click on a malicious link.
A critical vulnerability has been discovered in the Credential Security Support Provider protocol (CredSSP) that has affected all versions of Windows. CredSSP could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code to take control of the target’s computer.
Multiple vulnerabilities have been discovered in Adobe Flash Player that could allow for remote code execution. Successful Exploitation of these vulnerabilities could result in the attacker gaining control of the affected system.
A new Android malware, named “FakeApp”, has been discovered that steals Facebook credentials, account details, usernames / passwords and other information directly from victim devices. The malware is targeting mainly English-speaking users in Asian Pacific counties. The malware has originated through third-party app stores.
A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer. This vulnerability has been discovered in Adobe Acrobat Reader DC. It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.
A Google security researcher discovered a serious remote code execution vulnerability in both the μTorrent desktop app for Windows and the newly launched ‘μTorrent Web.’ This vulnerability allows users to download and stream torrents directly into their web browser.
Researchers have discovered a 0day vulnerability in Hewlett-Packard (HP) Project and Portfolio Management Center which could allow attackers to read sensitive files and data on the target system and also execute malicious input. These researchers found an XML entity injection vulnerability in the way HP PPM processed import tickets.
AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained. This exploit tool can be troublesome for networks that do not employ sound cyber security practices.