All Articles - X-Industry - Red Sky Alliance

Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader.[1] The most severe could allow for arbitrary code execution. In computer security, "arbitrary code execution" is used to describe an attacker's ability to execute any command of the attacker's choice on a target machine or in a target process. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most severe of these

TLP: WHITE MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER: 2018-056 DATE(S) ISSUED: 05/14/2018 SUBJECT: Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB18-09) OVERVIEW: Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most seve

Cryptocurrency Mining Virus Spreading Through Facebook

Cryptocurrency Mining Virus Spreading Through Facebook Clicking on videos and links in Facebook may not always be safe. Caution should always be used when opening links, especially if they are from an unknown recipient. Researchers recently reported on a malicious Chrome extension which is spreading through Facebook Messenger to target users of cryptocurrency trading platforms to steal their credentials.

What is Process Doppelgänging and Why is it a Cyber Risk?

Doppelgänger is a German derived word for an apparition or double of a living person. Doppelgänging is a complex form of typosquatting. Process Doppelgänging is a code injection technique that disrupts the Microsoft Windows mechanism of New Technology File System (NTFS) transactions which create and hide malicious IT processes. This all in an attempt to avoid detection by antivirus software. Process Doppelgänging is a technique similar to the old Process Hollowing. The Process Doppelgänging tech

CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability

CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability Security Vulnerability The VBScript Engine is a remote code execution vulnerability and if executed in a victim computer would operate undetected in its memory (RAM). An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of

Rowhammer and Android Glitch Attacks

"Rowhammer” is a hacking technique that researches have been experimenting with for the past four years. Rowhammer is designed to break the security of a computer by manipulating the physical electric charge of computer memory chips. This may then corrupt the computer data. Unfortunately, black hat hackers are exploiting Rowhammer by targeting Android phones though the Internet. As of this date, there is no specific software patch to fix Rowhammer

Ubuntu Security Notices

Ubuntu Security Notices Ubuntu 3631-1: Linux Kernel (Azure) Vulnerabilities This patch is for Ubuntu 16.04 and addresses vulnerabilities affecting the following : • linux • linux-aws • linux-kvm • linux-raspi2 • linux-snapdragon Ubuntu 3631-2: Lunux Kernel (Xenial HWE) Vulnerabilities This patch is for Ubuntu 14.04 LTS – Ubuntu 16.04 LTS and addresses vulnerabilities affecting the following : • linux-LTS-Xenial • linux-aws The following CVE’s are addressed with USN-3631-1 and USN-3631-2 patches.

Millions of Drupal Sites vulnerable to Remote Code Execution 2.0

A highly critical flaw has been discovered in Drupal’s CMS platform. This vulnerability could allow remote code execution and is affecting Drupal 7 and Drupal 8 core. The security hole, tracked as CVE-2018-7602 is a remote code execution vulnerability that allows attackers to take control of the complete victim website. Drupal has issued an advisory at https://www.drupal.org/sa-core-2018-004. Wapack Labs has seen how attackers developed automated exploits, leveraging Drupalgeddon2 vulnerability,

Implication of Russian Sanctions

Implication of Russian Sanctions Summary During March-April 2018, dozens of Russian diplomats were expelled; hundreds of Russian Troll Factory-related accounts banned; new travel and economic sanctions levied and more are expected. While Russia did expel diplomats symmetrically, it explores options for an asymmetric response ranging from intellectual property violations to cyberattacks. Details Blows Targeting Russia In March 2018, 25 countries and NATO expelled dozens of Russian diplomats (int

Security update for the Linux Kernel

Wapack Labs is providing this report as a situational awareness for Linux users. The Linux openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. These updates are important for proper security and function. The following security bugs were fixed: • CVE-2018-1091: In the “flush_tmregs_to_thread” function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged user space during a core dump on a POWER host. This due to a missing

RCE in LG Network Storage Devices

RCE in LG Network Storage Devices A flaw has been discovered in LG Network attached Storage Devices that allow attackers to execute remote code and steal data from the device without authentication. A pre-authenticated remote command injection vulnerability exists, which can allow attacker to perform virtually full computer functioning to include access to sensitive data and tamper with the user data and content. Attackers can then upload and distribute malware across the network using this stor

Microsoft Outlook Vulnerability

Microsoft Outlook Vulnerability A vulnerability has been disclosed in Microsoft Outlook that allows attackers to steal credentials just by convincing the victim to view an email. This in turn will not permit a user further interaction. Impact The Microsoft outlook vulnerability titled as CVE-2018-0950 allows attackers to steal sensitive information by convincing the victim to view or preview the email in Outlook. The vulnerability exploits the way Microsoft Outlook renders remotely hosted OLE co

Intel will not fix all Processor Models affected by Spectre v2

Intel will not fix all Processor Models affected by Spectre v2 The Intel Corporation has publicly admitted they will not fix all of the processor models which were affected by the Spectre (variant 2, V2) side channel analysis attack. In a recent Microcode Revision Guidance update published by Intel, various models of CPUs will not receiving fixes. Intel stated they it would not be possible to address the Spectre design flaw in their old CPUs. This because it requires changes to the processor arc

Critical Flaw in Cisco Switches allows Remote Code Execution

A vulnerability has been identified in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the targeted network and subsequently intercept sensitive traffic.

Millions of Drupal Sites vulnerable to Remote Code Execution

A highly critical flaw has been discovered in Drupal’s CMS platform that could allow attackers to take control of the site by simply visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS platforms.

Multiple Vulnerabilities - ManageEngine Applications Manager

Two critical vulnerabilities have been identified in the ManageEngine Applications manager which permit attackers to perform unauthenticated SQL injection and unauthenticated remote code execution.

Critical Vulnerabilities Found in AMD Processors

Security researchers have discovered 13 critical vulnerabilities, similar to Meltdown & Spectre, throughout AMD’s Ryzen and EPYC line of processors. These vulnerabilities could allow attackers to access to sensitive data, install backdoors/malware and gain full access to compromised systems.

An overview of Middle Eastern and North African hacking activity

Cybercriminals in the Middle East/North Africa (MENA) region are some of the most cooperative and united group of hackers in the world when their goal is to attack the West. Hacktivists collaborate for finanical and political gain, as well as for religious righteousness. Wapack Labs believe MENA bad actors will remain active and successful in various cyber campaigns against the West until the West attains a better understanding of the region’s language, culture, and religions.

Kuwait Energy Targeting

Wapack Labs CTAC has exposed a large number of cyber events regarding the oil rich country of Kuwait and their oil and gas industry. Among targeted industries are a shipping company (merchantkuwait.com), which is a supplier for oil and gas, petrochemical, marine, and other industries (globalvision-kw.com), and a regional Kuwaiti construction company servicing oil, education and other sectors (cgc-kw.com). More incidents were discovered via CTAC are being further analyzed.

Turkish Cyber Army (TCA)

A Red Sky Alliance member reported a suspicious email to Wapack Labs for analysis. The suspicious email originated from sender: pvtromeo2007@aol.com. The subject of the email was Pvtromeo Notification N4821. The malicious email was posing as the FedEX company and attempting to get the user to click on a malicious link.

X-Industry

All Articles (1934)