Intelligence Reporting

All Articles (100)

DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system.  DeepLocker was developed and launched by an IBM research group.[1]  Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization.  This positive concept can now theoretically be used in reverse and weaponized by bad actors.  This to…

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors.  US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network…

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities.  The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or…

Small businesses account for almost 50% of all current cyber-attacks.  This is a growing trend.  Proper cyber protection is needed.

Some small-business owners assume that the size of their company makes it an unlikely target for cyber adversaries.  That may have been true in the past, but it is no longer the case.  The increase in targeting small business began around 2011 and counted for approximately one-fifth of all cyber-attacks.  Currently this number has risen to almost a half of…

A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery.  Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1] 

Java Adwind[2] is a very…

In just five years, Xi Jinping has surprised everyone by altering the vector of China’s development to match his vision for a China that stands as a peer to the United States.  He has done this by methodically concentrating political, economic, and military power into his own hands so that he now stands alone as the supreme leader of China. Xi Jinping has proved different from his predecessors in many ways.  He has gained control over the Communist Party through a deep and wide-ranging…

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…

Prvtzone[.]ws is a clear web marketplace and forum. The marketplace primarily sells stolen credit cards. In this forum, members (vendors and buyers) discuss the website purpose regarding stolen information. One seller, BuyBaseFactory (BBF), sells cards and stolen CC/CVV and dumps track 1 (TR1) and track 2 (TR2)[1] from the US, Europe, parts of South America and Africa.

Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1]  Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents.  The vulnerabilities are used to remotely execute code on a vulnerable system.  The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely,…

FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, had all its data stolen this month by an unknown attacker. Hotel guest personal identifying information (pii), travel dates and credit card information was taken. The breach took place on 14 June 2018 and took personal data in 58,003 leaks while credit card information was stolen in the remaining 66,960 cases.

Cybersecurity threats are always changing.  Threats that target businesses are malware, phishing, ID theft, Distributed Denial of Service (DDoS) attacks, software threats, data diddling, password attacks, Man-In-The-Middle (MITM) attacks, salami-slicing, IoT hacking, and cyber extortion.  These are the most common cyber threats that small business companies need to be protected against.  It is highly likely your business can reasonably prevent and mitigate many of these type…