X-Industry

All Articles (167)

Cybersecurity researchers have unveiled, the first-ever, UEFI (Unified Extensible Firmware Interface) rootkit being used.  It allows hackers to implant persistent malware on targeted computers that could endure a complete hard-drive wipe.  Titled LoJax, the UEFI rootkit is part of a malware campaign conducted by the Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, who have targeted government organizations in the Balkans as well as in Central and Eastern Europe.…

Magento is an open source ecommerce platform that offers flexible solutions, is a vibrant extension marketplace, and has an open global ecosystem.  Magento is based off of the Zend Framework and PHP.  Magento is considered to be the leading platform within the ecommerce market.  In less than 10 years, Magento has had massive success rolling out its solutions to small at home/startup business to multinational conglomerates.  Magento's popularity is similar to that of other popular open-source…

Researchers at Bitdefender have identified a new Android malware titled, Triout which acts as a framework for turning legitimate applications into spyware.  It is used to inject extensive surveillance capabilities into seemingly benign applications.  Triout is found bundled with a repackaged app; with capabilities including recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates. Then broadcasting all of that back to an…

Government researchers believe Chinese state-sponsored actors (APT) are likely to engage in cyber espionage activities targeting the US semiconductor industry.  This to help improve domestic production and reduce China’s reliance on US-made semiconductors, as laid out in its “Made in China” (MIC) 2025 plan.  Recently lifted sanctions against Chinese company ZTE, highlight China’s reliance on US semiconductors.  The US blocking of Chinese acquisition of US semiconductor firms likely undercut…

Conventional cyber wisdom says that social engineering and phishing involves a user only clicking on bad links.   A large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with “clicking.”

Some of the most damaging social engineering attacks often consist of a hacker’s patient collection of…

PHP Code Execution Attack A new exploitation technique has been discovered that allow attackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves web applications open to remote code execution attacks, including websites powered by some popular content management systems like WordPress and Typo3. PHP unserialization was first discovered in 2009 which allows attackers to perform various attacks…

DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system.  DeepLocker was developed and launched by an IBM research group.[1]  Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization.  This positive concept can now theoretically be used in reverse and weaponized by bad actors.  This to…

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors.  US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network…

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities.  The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or…

Small businesses account for almost 50% of all current cyber-attacks.  This is a growing trend.  Proper cyber protection is needed.

Some small-business owners assume that the size of their company makes it an unlikely target for cyber adversaries.  That may have been true in the past, but it is no longer the case.  The increase in targeting small business began around 2011 and counted for approximately one-fifth of all cyber-attacks.  Currently this number has risen to almost a half of…

A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery.  Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1] 

Java Adwind[2] is a very…

In just five years, Xi Jinping has surprised everyone by altering the vector of China’s development to match his vision for a China that stands as a peer to the United States.  He has done this by methodically concentrating political, economic, and military power into his own hands so that he now stands alone as the supreme leader of China. Xi Jinping has proved different from his predecessors in many ways.  He has gained control over the Communist Party through a deep and wide-ranging…

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully…

Prvtzone[.]ws is a clear web marketplace and forum. The marketplace primarily sells stolen credit cards. In this forum, members (vendors and buyers) discuss the website purpose regarding stolen information. One seller, BuyBaseFactory (BBF), sells cards and stolen CC/CVV and dumps track 1 (TR1) and track 2 (TR2)[1] from the US, Europe, parts of South America and Africa.

Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1]  Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents.  The vulnerabilities are used to remotely execute code on a vulnerable system.  The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely,…