X-Industry

Red Sky Alliance (RSAC) members have reported seeing and, or receiving fake sextortion scams.  These scam emails typically provide old password that was used by the user.  These emails are an attempt to extort money, claiming the sender has compromising information indicating the user was involved in viewing pornographic sites.  The sender claims to have compromising video recordings of the user and alleges to have additional “stolen secrets” of a compromising sexual nature.  An RSAC member in t

US authorities report multiple vulnerabilities identified in Mozilla Thunderbird, the most severe of which could result in arbitrary code execution.  Mozilla Thunderbird is an email service.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are

MIT researchers have developed a system that reduces false positives for credit card frauds. Researchers call it automated feature engineering, which allows them to monitor the spending of an individual and add features based on their spending habits.[1]  To do this, they extract 200 detailed features per individual transaction to provide examples that would be available if the user was present.  It additionally would capture the average spent on certain days and at certain vendors.  This allows

Recently the popular online retail service Craigslist was advertising servers and storage disks.  The seller was marketing Netlink Computer Inc. (NCIX) retail service new and used IT equipment.  The servers and storage disks being marketed included millions of unencrypted confidential records of employees, customers and business partners.   Up until 1 December 2017, when Canadian IT retail services NCIX filed for bankruptcy, they were a privately-held company who sold new and used computer hardw

Cybersecurity researchers have unveiled, the first-ever, UEFI (Unified Extensible Firmware Interface) rootkit being used.  It allows hackers to implant persistent malware on targeted computers that could endure a complete hard-drive wipe.  Titled LoJax, the UEFI rootkit is part of a malware campaign conducted by the Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, who have targeted government organizations in the Balkans as well as in Central and Eastern Europe.[1]  The Sedn

Magento is an open source ecommerce platform that offers flexible solutions, is a vibrant extension marketplace, and has an open global ecosystem.  Magento is based off of the Zend Framework and PHP.  Magento is considered to be the leading platform within the ecommerce market.  In less than 10 years, Magento has had massive success rolling out its solutions to small at home/startup business to multinational conglomerates.  Magento's popularity is similar to that of other popular open-source CMS

Researchers at Bitdefender have identified a new Android malware titled, Triout which acts as a framework for turning legitimate applications into spyware.  It is used to inject extensive surveillance capabilities into seemingly benign applications.  Triout is found bundled with a repackaged app; with capabilities including recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates. Then broadcasting all of that back to an attacker-cont

Government researchers believe Chinese state-sponsored actors (APT) are likely to engage in cyber espionage activities targeting the US semiconductor industry.  This to help improve domestic production and reduce China’s reliance on US-made semiconductors, as laid out in its “Made in China” (MIC) 2025 plan.  Recently lifted sanctions against Chinese company ZTE, highlight China’s reliance on US semiconductors.  The US blocking of Chinese acquisition of US semiconductor firms likely undercut Chin

Conventional cyber wisdom says that social engineering and phishing involves a user only clicking on bad links.   A large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with “clicking.”

Some of the most damaging social engineering attacks often consist of a hacker’s patient collection of information,

DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system.  DeepLocker was developed and launched by an IBM research group.[1]  Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization.  This positive concept can now theoretically be used in reverse and weaponized by bad actors.  This to power a new generation of malware that can evade even the best cyber-secu

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors.  US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network defense

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities.  The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords.

Impact

The three vulnerabilities have been presented in two categories:

Foreshadow:

Fore

A Great Britain researcher has discovered a combination of a 419 scam and a Java Adwind / Java Jrats trojan malware delivery.  Java Adwind delivered by fake financial emails or by fake parcel delivery notices is a common 419 tactic, yet this may be a new approach deploying a traditional scam with the Java Adwind malware.[1] 

Java Adwind[2] is a very dangerous remote access backdoor trojan that has cross OS capabilities and can potentially run and infect any computer or operating system including

SamSam is an example of a manually controlled ransomware, which has been recently identified by researchers.[1]  SamSam ransomware is unique in its nature due to targeted victims and large ransom demands.  The ransomware is active since December 2015 and large organizations including the City of Atlanta, Colorado Department of Transportation, several hospitals and educational institutions, have been successfully attacked.

Infection Technique

SamSam is radically different from other forms of rans