All Articles - X-Industry - Red Sky Alliance

Dridex adds new capability - Atom Bombing

Atom Bombing (AB) works on all versions of Windows and is undetectable by most current security solutions. The current unknown actors behind the banking trojan Dridex, implemented AB almost immediately after it was released in open source. This report examines the AB technique and its use by the authors of Dridex.

Data Breach of FastBooking Hotel Booking Service

FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, had all its data stolen this month by an unknown attacker. Hotel guest personal identifying information (pii), travel dates and credit card information was taken. The breach took place on 14 June 2018 and took personal data in 58,003 leaks while credit card information was stolen in the remaining 66,960 cases.

Mylobot

A new form of malware was recently discovered by researchers. The new malware is known as Mylobot and is a botnet. Mylobot specifically targets devices running on Windows. Mylobot has a variety of tools to stay undetected and can completely take over an infected device.

WHAT DO I NEED TO GUARD AGAINST CYBER THREATS?

Cybersecurity threats are always changing. Threats that target businesses are malware, phishing, ID theft, Distributed Denial of Service (DDoS) attacks, software threats, data diddling, password attacks, Man-In-The-Middle (MITM) attacks, salami-slicing, IoT hacking, and cyber extortion. These are the most common cyber threats that small business companies need to be protected against. It is highly likely your business can reasonably prevent and mitigate many of these type cyber threats.

MALWA

Lazy FP State Restore Vulnerability

A vulnerability has been identified in Intel chips that affects processor’s speculative code execution similar to Meltdown and Spectre. This could potentially can be exploited to gain access to sensitive information and encrypted data.

Operation Prowli

Operation Prowli Operation Prowli is a traffic manipulation and cryptocurrency mining campaign infecting a wide number of organizations in critical infrastructure sectors such as finance, education and government. This campaign spreads malware and malicious code to servers and websites and has compromised more than 40,000 machines in multiple areas of the world. Impact The malware has already hit more than 40,000 victim machines from over 9,000 businesses in various domains; to include finance,

Patch Issued for Critical Adobe Flash Vulnerability

Patch Issued for Critical Adobe Flash Vulnerability Adobe has released a security patch update for a critical vulnerability in its Flash Player software. The malware is actively exploiting targeted attacks against Windows users. Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet. The stack-based buffer overflow vulnerability, explained in CVE-2018-5002 , impacts Adobe Flash Player 29.0.0.171 and earlier versions

Anonymous Cyber Actors Claim Website Disruptions

A month ago, Anonymous (Anon #OpUSA) cyber actors reported they caused service outages on the websites of various US Government agencies, to include Department of Defense agencies. These claims were alleged by showing service outages for the public-facing websites of these US federal agencies. The alleged outages were false. The false reports are likely intimidation and propaganda techniques against the US government. In December 2017, Anon #OpUSA organizers initiated a call for action to plan a

To Reboot or Not, that is the Question: VPNFilter

Summary Wapack Labs highly recommends following US government guidelines to any owner of a small business or personal home office routers; to power cycle (reboot) their devices. International bad actors have compromised hundreds of thousands of home and office routers and other networked devices. These bad actors use the VPNFilter malware to target small office and home office routers. This malware is able to perform multiple functions, including potential information collection, device exploita

Lazarus Group Update

The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a current technical alert on the North Korea-linked threat group known as the government name: Hidden Cobra, or the cyber security name of the Lazarus Group. The Lazarus Group is highly suspected or conducting numerous high-profile attacks; to include targeting Sony Pictures, Bangladesh’s Central Bank and various financial organizations. The Lazarus Group’s campaigns are traced as Operation Blo

Spectre v4

Intel, Google, and Microsoft disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers. It is called Variant 4.Impact The CVE-2018-3639 – Speculative Store Bypass (SSB) is also known as Variant 4. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i

Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader.[1] The most severe could allow for arbitrary code execution. In computer security, "arbitrary code execution" is used to describe an attacker's ability to execute any command of the attacker's choice on a target machine or in a target process. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most severe of these

TLP: WHITE MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER: 2018-056 DATE(S) ISSUED: 05/14/2018 SUBJECT: Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB18-09) OVERVIEW: Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat and Reader allow a user to view, create, manipulate, print and manage files in Portable Document Format (PDF). Successful exploitation of the most seve

Cryptocurrency Mining Virus Spreading Through Facebook

Cryptocurrency Mining Virus Spreading Through Facebook Clicking on videos and links in Facebook may not always be safe. Caution should always be used when opening links, especially if they are from an unknown recipient. Researchers recently reported on a malicious Chrome extension which is spreading through Facebook Messenger to target users of cryptocurrency trading platforms to steal their credentials.

What is Process Doppelgänging and Why is it a Cyber Risk?

Doppelgänger is a German derived word for an apparition or double of a living person. Doppelgänging is a complex form of typosquatting. Process Doppelgänging is a code injection technique that disrupts the Microsoft Windows mechanism of New Technology File System (NTFS) transactions which create and hide malicious IT processes. This all in an attempt to avoid detection by antivirus software. Process Doppelgänging is a technique similar to the old Process Hollowing. The Process Doppelgänging tech

CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability

CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability Security Vulnerability The VBScript Engine is a remote code execution vulnerability and if executed in a victim computer would operate undetected in its memory (RAM). An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of

Rowhammer and Android Glitch Attacks

"Rowhammer” is a hacking technique that researches have been experimenting with for the past four years. Rowhammer is designed to break the security of a computer by manipulating the physical electric charge of computer memory chips. This may then corrupt the computer data. Unfortunately, black hat hackers are exploiting Rowhammer by targeting Android phones though the Internet. As of this date, there is no specific software patch to fix Rowhammer

Ubuntu Security Notices

Ubuntu Security Notices Ubuntu 3631-1: Linux Kernel (Azure) Vulnerabilities This patch is for Ubuntu 16.04 and addresses vulnerabilities affecting the following : • linux • linux-aws • linux-kvm • linux-raspi2 • linux-snapdragon Ubuntu 3631-2: Lunux Kernel (Xenial HWE) Vulnerabilities This patch is for Ubuntu 14.04 LTS – Ubuntu 16.04 LTS and addresses vulnerabilities affecting the following : • linux-LTS-Xenial • linux-aws The following CVE’s are addressed with USN-3631-1 and USN-3631-2 patches.

Millions of Drupal Sites vulnerable to Remote Code Execution 2.0

A highly critical flaw has been discovered in Drupal’s CMS platform. This vulnerability could allow remote code execution and is affecting Drupal 7 and Drupal 8 core. The security hole, tracked as CVE-2018-7602 is a remote code execution vulnerability that allows attackers to take control of the complete victim website. Drupal has issued an advisory at https://www.drupal.org/sa-core-2018-004. Wapack Labs has seen how attackers developed automated exploits, leveraging Drupalgeddon2 vulnerability,

Implication of Russian Sanctions

Implication of Russian Sanctions Summary During March-April 2018, dozens of Russian diplomats were expelled; hundreds of Russian Troll Factory-related accounts banned; new travel and economic sanctions levied and more are expected. While Russia did expel diplomats symmetrically, it explores options for an asymmetric response ranging from intellectual property violations to cyberattacks. Details Blows Targeting Russia In March 2018, 25 countries and NATO expelled dozens of Russian diplomats (int

X-Industry

All Articles (1965)