All Articles - X-Industry - Red Sky Alliance

Shellshock Vulnerability Leveraged to Target US Critical Infrastructure

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors. US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network defense

Foreshadow Attacks

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords.

Impact

The three vulnerabilities have been presented in two categories:

Foreshadow:

Fore

419 Scam with a Java Adwind Payload

A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery. Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1]

Java Adwind[2] is a very dangerous remote access backdoor trojan that has cross OS capabilities and can potentially run and infect any computer or operating system including

HOW XI JINPING IS TRANSFORMING CHINA

In just five years, Xi Jinping has surprised everyone by altering the vector of China’s development to match his vision for a China that stands as a peer to the United States. He has done this by methodically concentrating political, economic, and military power into his own hands so that he now stands alone as the supreme leader of China. Xi Jinping has proved different from his predecessors in many ways. He has gained control over the Communist Party through a deep and wide-ranging anti-c

SAMSAM Ransomware

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1] SamSam ransomware is unique in its nature due to targeted victims and large ransom demands. The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully attacked.

Infection Technique

SamSam is radically different from other forms of rans

Predator Pain and Hawkeye; Still at It

From July 2017 to July 2018, there were 242,806 Predator Pain Key Recorder detection seen through Wapack Labs proprietary data.

Vulnerabilities in Google Chrome Allow for Arbitrary Code Execution

Hacked Passwords Lead to Extortion Hoax

An old, yet proven extortion hoax is making a return. Hacked emails and passwords are being used to trick, phish and actually extort a user to paying a ransom to suspect Bitcoin addresses.

Persistent XSS Vulnerability in Multiple Asus Routers

Researchers have discovered a persistent Cross-Site Scripting (XSS) vulnerability in multiple Asus routers.

BuyBaseFactory Carder in the Prvtzone[.]ws Forum

Prvtzone[.]ws is a clear web marketplace and forum. The marketplace primarily sells stolen credit cards. In this forum, members (vendors and buyers) discuss the website purpose regarding stolen information. One seller, BuyBaseFactory (BBF), sells cards and stolen CC/CVV and dumps track 1 (TR1) and track 2 (TR2)[1] from the US, Europe, parts of South America and Africa.

Multiple Antenna House Vulnerabilities

Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1] Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents. The vulnerabilities are used to remotely execute code on a vulnerable system. The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely, if the product is used in batch mode by the user. If co

The Rancor Hacking Group

The Rancor group is involved in highly targeted attacks, which are focused in South East Asia; specifically, in Singapore and Cambodia. Rancor uses two major Windows malware families named, “DDKONG” and “PLAINTEE”.

Mozilla Thunderbird Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.

Dridex adds new capability - Atom Bombing

Atom Bombing (AB) works on all versions of Windows and is undetectable by most current security solutions. The current unknown actors behind the banking trojan Dridex, implemented AB almost immediately after it was released in open source. This report examines the AB technique and its use by the authors of Dridex.

Data Breach of FastBooking Hotel Booking Service

FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, had all its data stolen this month by an unknown attacker. Hotel guest personal identifying information (pii), travel dates and credit card information was taken. The breach took place on 14 June 2018 and took personal data in 58,003 leaks while credit card information was stolen in the remaining 66,960 cases.

Mylobot

A new form of malware was recently discovered by researchers. The new malware is known as Mylobot and is a botnet. Mylobot specifically targets devices running on Windows. Mylobot has a variety of tools to stay undetected and can completely take over an infected device.

WHAT DO I NEED TO GUARD AGAINST CYBER THREATS?

Cybersecurity threats are always changing. Threats that target businesses are malware, phishing, ID theft, Distributed Denial of Service (DDoS) attacks, software threats, data diddling, password attacks, Man-In-The-Middle (MITM) attacks, salami-slicing, IoT hacking, and cyber extortion. These are the most common cyber threats that small business companies need to be protected against. It is highly likely your business can reasonably prevent and mitigate many of these type cyber threats.

MALWA

Lazy FP State Restore Vulnerability

A vulnerability has been identified in Intel chips that affects processor’s speculative code execution similar to Meltdown and Spectre. This could potentially can be exploited to gain access to sensitive information and encrypted data.

Operation Prowli

Operation Prowli Operation Prowli is a traffic manipulation and cryptocurrency mining campaign infecting a wide number of organizations in critical infrastructure sectors such as finance, education and government. This campaign spreads malware and malicious code to servers and websites and has compromised more than 40,000 machines in multiple areas of the world. Impact The malware has already hit more than 40,000 victim machines from over 9,000 businesses in various domains; to include finance,

Patch Issued for Critical Adobe Flash Vulnerability

Patch Issued for Critical Adobe Flash Vulnerability Adobe has released a security patch update for a critical vulnerability in its Flash Player software. The malware is actively exploiting targeted attacks against Windows users. Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet. The stack-based buffer overflow vulnerability, explained in CVE-2018-5002 , impacts Adobe Flash Player 29.0.0.171 and earlier versions

X-Industry

All Articles (2238)