X-Industry

All Articles (2444)

Sort by

Triout Spyware Framework

Researchers at Bitdefender have identified a new Android malware titled, Triout which acts as a framework for turning legitimate applications into spyware.  It is used to inject extensive surveillance capabilities into seemingly benign applications.  Triout is found bundled with a repackaged app; with capabilities including recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates. Then broadcasting all of that back to an attacker-cont

Chinese Hacking - Semiconductors

Government researchers believe Chinese state-sponsored actors (APT) are likely to engage in cyber espionage activities targeting the US semiconductor industry.  This to help improve domestic production and reduce China’s reliance on US-made semiconductors, as laid out in its “Made in China” (MIC) 2025 plan.  Recently lifted sanctions against Chinese company ZTE, highlight China’s reliance on US semiconductors.  The US blocking of Chinese acquisition of US semiconductor firms likely undercut Chin

Phished, w/o Clicking

Conventional cyber wisdom says that social engineering and phishing involves a user only clicking on bad links.   A large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with “clicking.”

Some of the most damaging social engineering attacks often consist of a hacker’s patient collection of information,

PHP Code Execution Attack

PHP Code Execution Attack A new exploitation technique has been discovered that allow attackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves web applications open to remote code execution attacks, including websites powered by some popular content management systems like WordPress and Typo3. PHP unserialization was first discovered in 2009 which allows attackers to perform various attacks

ONE YEAR UNDER CHINA’S CYBERSECURITY LAW

China’s newest and broadest Cybersecurity Law went into effect on 1 June 2017. When first implemented, it created significant concerns for foreign businesses in that it directed new cybersecurity practices and data restrictions that appeared to threaten the independence and competitiveness of foreign corporations operating in China.

DeepLocker – An AI Powered Malware

DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system.  DeepLocker was developed and launched by an IBM research group.[1]  Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization.  This positive concept can now theoretically be used in reverse and weaponized by bad actors.  This to power a new generation of malware that can evade even the best cyber-secu

Shellshock Vulnerability Leveraged to Target US Critical Infrastructure

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors.  US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network defense

Foreshadow Attacks

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities.  The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords.

Impact

The three vulnerabilities have been presented in two categories:

Foreshadow:

Fore

419 Scam with a Java Adwind Payload

A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery.  Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1] 

Java Adwind[2] is a very dangerous remote access backdoor trojan that has cross OS capabilities and can potentially run and infect any computer or operating system including

HOW XI JINPING IS TRANSFORMING CHINA

In just five years, Xi Jinping has surprised everyone by altering the vector of China’s development to match his vision for a China that stands as a peer to the United States.  He has done this by methodically concentrating political, economic, and military power into his own hands so that he now stands alone as the supreme leader of China. Xi Jinping has proved different from his predecessors in many ways.  He has gained control over the Communist Party through a deep and wide-ranging anti-c

SAMSAM Ransomware

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully attacked.

71304498?profile=RESIZE_710xInfection Technique

SamSam is radically different from other forms of rans

BuyBaseFactory Carder in the Prvtzone[.]ws Forum

Prvtzone[.]ws is a clear web marketplace and forum. The marketplace primarily sells stolen credit cards. In this forum, members (vendors and buyers) discuss the website purpose regarding stolen information. One seller, BuyBaseFactory (BBF), sells cards and stolen CC/CVV and dumps track 1 (TR1) and track 2 (TR2)[1] from the US, Europe, parts of South America and Africa.

Multiple Antenna House Vulnerabilities

Researchers have identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC).[1]  Antenna House Office Server Document Converter is a product designed to convert Microsoft Office documents into PDF and SVG type documents.  The vulnerabilities are used to remotely execute code on a vulnerable system.  The vulnerabilities identified are exploited to a locally execute code, or can even be accomplished remotely, if the product is used in batch mode by the user.  If co

The Rancor Hacking Group

The Rancor group is involved in highly targeted attacks, which are focused in South East Asia; specifically, in Singapore and Cambodia. Rancor uses two major Windows malware families named, “DDKONG” and “PLAINTEE”.