X-Industry

All Articles (1973)

Sort by

ROKRAT Malware

ROKRAT (also referred to as DOGcall) is a family of malware that has been used by attackers originating from North Korea.
Views: 103
Comments: 0
Tags:

Malware Steals Facebook Credentials

A new Android malware, named “FakeApp”, has been discovered that steals Facebook credentials, account details, usernames / passwords and other information directly from victim devices. The malware is targeting mainly English-speaking users in Asian Pacific counties. The malware has originated through third-party app stores.
Views: 49
Comments: 0
Tags:

Adobe Reader DC Remote Code Execution

A critical vulnerability has been identified that allows attackers to execute remote code on target machines to take control of a victim’s computer. This vulnerability has been discovered in Adobe Acrobat Reader DC. It is a stack-based buffer overflow and allows execution of arbitrary code if a vulnerable document is opened.
Views: 22
Comments: 0
Tags:

μTorrent Flaw Lets Attackers Control Your PC Remotely

A Google security researcher discovered a serious remote code execution vulnerability in both the μTorrent desktop app for Windows and the newly launched ‘μTorrent Web.’ This vulnerability allows users to download and stream torrents directly into their web browser.
Views: 31
Comments: 0
Tags:

XXE in HP Project and Portfolio Management Center

Researchers have discovered a 0day vulnerability in Hewlett-Packard (HP) Project and Portfolio Management Center which could allow attackers to read sensitive files and data on the target system and also execute malicious input. These researchers found an XML entity injection vulnerability in the way HP PPM processed import tickets.
Views: 63
Comments: 0
Tags:

AutoSploit – Mass Automated Exploitation Tool

AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained. This exploit tool can be troublesome for networks that do not employ sound cyber security practices.
Views: 348
Comments: 0
Tags:

Bosnia and Herzegovina Cyber Profile

Bosnia and Herzegovina is a country in Southeastern Europe formerly under the Republic of Yugoslavia. After the dissolution of Yugoslavia, Bosnia and Herzegovina has experienced infighting of ethnically and religiously motivated hacktivist groups, as well as commercially motivated hackers. Current cyberlaws are not fully enacted, yet the country completely cooperates to fight cybercrime. Bosnian hackers use Bosnian, Serbian, German, English, and other languages to communicate. Due to recent inte
Views: 974
Comments: 0
Tags:

Severe Skype Vulnerability

A serious vulnerability has been identified in Skype that could allow attackers to gain full control of the target machine by granting system-level privileges to a local, unprivileged user.
Views: 24
Comments: 0
Tags:

Azorult Keylogger

On 08 February 2018, Wapack Labs discovered a user affected by the Azorult malware who may have compromised a major US city’s procurement portal. Analysts identified this infected user through our keylogger collection project. The affected user had their username and password stolen when signing onto the city’s procurement website portal. This city’s portal permits contractors to enter bids for the government’s request for quotes (RFQ).
Views: 63
Comments: 0
Tags:

“Devil’s Ivy” - Affecting Millions of IoT Devices

A vulnerability in a piece of code titled gSOAP, also known as, “Devil’s Ivy,” is widely being exploited in physical security products. This could potentially allow attackers to fully disable or take over thousands of models of internet-connected devices, from security cameras to sensors and access-card readers.
Views: 35
Comments: 0
Tags:

SQLi Dumper Targets 2018 PyeongChang Olympics Domain

In February 2018, Wapack Labs identified configurations for a Structured Query Language (SQL) injection tool showing attempted exploitation against the site for the 2018 Winter Olympic Games in PyeongChang, South Korea. A Wapack Labs Analyst identified the tool as SQLi Dumper. The developer, “c4rl0s” (for Carlos), states the SQL injection tool supports blind SQL injection, schema dumping, file dumping, MySQL brute forcing, site scanning, and can also hash online cracks. The attempted injection w
Views: 668
Comments: 0
Tags:

Operation PzChao

A new malware has been discovered targeting institutions in government, technology, education and telecommunications sectors in Asian counties and in the US. This malware performs various tasks, including password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems.
Views: 88
Comments: 0
Tags:

UDPoS – Stealing Credit Card data via DNS Queries

A new strain of point-of-sale (PoS) malware has been discovered by security researchers that disguises itself as a LogMeIn service pack and steals credit card payment information through DNS queries. Since the malware relies on UDP DNS traffic for extraction of data, it was named “UDPoS” by researchers who discovered it.
Views: 46
Comments: 0
Tags:

Adobe Flash Player 0-day Found in the Wild

On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory about an Adobe Flash zero-day vulnerability being exploited in the wild. On 1 February 2018, Adobe released an advisory confirming the vulnerability exists in Adobe Flash Player. The vulnerability is dubbed, “CVE-2018-4878.”
Views: 25
Comments: 0
Tags:

Firefox Remote Code Execution Vulnerability

Mozilla has released a critical update to patch a serious vulnerability that allows attackers to execute code remotely on computers running the affected version of Firefox browser.
Views: 13
Comments: 0
Tags:

Skygofree – A Powerful Android Spyware

Researchers have unveiled a powerful spyware variant that provides attackers complete control of the target device remotely. The malware was first seen in 2014. It has evolved over time, from simple un-obfuscated malware in the beginning, to sophisticated multi-stage spyware that provides attackers full remote control of the infected device.
Views: 23
Comments: 0
Tags:

2018 Winter Olympics Volunteers Hit with AZORult

The XXIII Olympic Winter Games, hosted in PyeongChang, South Korea, commence on 9 February 2018. Wapack Labs observed two compromised individuals, infected with AZORult malware, logging into the official Olympic Winter Games portal, pyeongchang2018.com. AZORult is a Trojan horse which steals information from a compromised system. After installation, AZORult begins looking for sensitive data; browser cookies, usernames and passwords, system information, and autocomplete fields.

Dark Caracal APT Group

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-026-001
Countries: all
Report Date: 20180126

Dark Caracal APT Group

Researchers have identified an Advanced Persistent Threat group (APT) identified as Dark Caracal (DC).  DC claims to have stolen hundreds of gigabytes of data including personal identifiable information.  The types of stolen data include audio recordings, text messages, call records, documents, photos, contact information, secure messaging client content, account data,

Views: 21
Comments: 0
Tags:

Zyklon Malware

Zyklon is a family of malware which first emerged in early 2016 before going dormant until January 2017. Attackers then exploited several vulnerabilities in the Microsoft Office software suite in order to spread Zyklon malware.
Views: 29
Comments: 0
Tags: