Page 3 of 6 FirstFirst 12345 ... LastLast
Results 41 to 60 of 112

Thread: Malware & other nasty IT / cyber things

  1. #41
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry
    https://arstechnica.com/?post_type=post&p=1098281#

    The three bitcoin wallets tied to #WannaCry ransomware have received 216 payments totaling 34.6200695 BTC ($58,821.36 USD).
    Last edited by OUTLAW 09; 05-16-2017 at 07:33 AM.

  2. #42
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    @DAlperovitch on lessons learned from the #WannaCry cyberattacks:
    http://www.atlanticcouncil.org/blogs...ave-your-data#

  3. #43
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Hackers mint crypto-currency with technique in global 'ransomware' attack
    http://reut.rs/2pTagMh
    #

  4. #44
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    The Electronic signature technology provider DocuSign suffered a data breach
    Hackers broke into the system of the technology provider DocuSign and accessed customers email. The experts warn of possible spear phishing attacks. The#Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen emails.



    Shadow Brokers are back after WannaCry case, it plans to offer data dump on monthly subscription model

    Shadow Brokers made the headlines once again, the notorious group plans to offer data dump on a monthly subscription model. The notorious Shadow Brokers hacking group made the headlines during the weekend#when systems worldwide were compromised by the WannaCry#ransomware..which they had released as part of their NSA data dump.....

  5. #45
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Some machines can’t be infected by WannaCry because they have been already infected by Adylkuzz

    Security experts at ProofPoint security discovered that many machines can't be infected by WannaCry because they have been already infected by Adylkuzz.

  6. #46
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    APT32, a new APT group alleged linked to the Vietnamese Government is targeting foreign corporations

    APT32 is a new APT group discovered by security experts at FireEye that#is targeting#Vietnamese interests around the globe. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a#state-sponsored hacking and cybercrime group........

  7. #47
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    WikiLeaks Reveals two distinct malware platforms codenamed AfterMidnight and Assassin used by the CIA operators to target Windows systems.

    While critical infrastructure worldwide and private organizations were ridiculed by the#WannaCry attack,#WikiLeaks released a new batch of CIA documents from the#Vault 7 leaks.

    The new dump included the documentation related to#two CIA frameworks used to create custom malware for Microsoft Windows platform.
    The two frameworks are codenamed#AfterMidnight#and#Assassin, both malware implements classic backdoor features that allowed the CIA to take control over the targeted systems.

  8. #48
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    EU fines Facebook 110 million euros over misleading WhatsApp data
    http://reut.rs/2pWdMWj
    #

  9. #49
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    When ransomware guys provide better customer support than most companies #WannaCry
    Attached Images Attached Images

  10. #50
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    French security researchers say they have found a method to decrypt Windows files locked by WannaCry ransomware.

  11. #51
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

    experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government...


    WikiLeaks revealed CIA Athena Spyware, the malware that targets all Windows versions

    Wikileaks released the documentation for the Athena Spyware, a malware that could infect and remote control almost any Windows machine. Last Friday, Wikileaks released#the#documentation for AfterMidnight and Assassin malware platforms
    Attached Images Attached Images

  12. #52
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    HTTPs Phishing sites are increasing, it is the reaction to browser improvements

    The number HTTPs Phishing sites continues to increase, it is the response of phishers to the improvements implemented by Browser-makers. If you believe that the HTTPs could protect you from phishing attacks you are wrong, in 2014#TrendMicro warned of the increase#in this ability.....
    Attached Images Attached Images

  13. #53
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    CISCO start assessing its products against the WannaCry Vulnerability

    The tech giant Cisco announced an investigating on the potential impact of WannaCry malware on its products. Recent massive WannaCry#ransomware attack highlighted the importance of patch management for any organization and Internet users.

  14. #54
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Microsoft Patch Tuesday updates for May 2017 fix Zero Days exploited by Russian APT groups

    Microsoft Patch Tuesday for May 2017 address tens security vulnerabilities, including a number of zero-day flaws exploited by Russian APT groups. Microsoft Patch Tuesday updates for May 2017 fix more than 50 security flaws, including a number of zero-day...

  15. #55
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West
    http://www.reuters.com/article/us-cy...idUSKCN18H020#

  16. #56
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Buckle-up for another cyber ride
    https://www.wired.com/2017/03/wikile...a-hacks-dump/#

    Another datadump of CIA hacked tools...by the Russian intel org Wikileaks...

  17. #57
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Security experts at threat intelligence firm Record Future have found a clear link between APT3 cyber threat group and China’s Ministry of State Security.

    The curtain has been pulled back a little on the Chinese Intelligence Agency intelligence gathering structure — and it includes private security contractors and the network vendor supply chain.

    In 2010, security vendor FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, Gothic Panda, and UPS and described them as “one of the most sophisticated threat groups” being tracked at the time.

    Since then, APT3 has been actively penetrating corporations and governments in the US, UK and most recently Hong Kong — and everyone has been trying to figure out who they are. APT3 functions very differently than 3LA, the former Chinese military hacking organization leading to the assumption that APT3 is not part of the military complex. At least not officially.

    On May 9th, 2017, an unknown party using the alias ‘intrusiontruth’ published a series of blogs posts describing connections between the Pirpi RAT command and control components and shareholders of the Chinese security contractor Guangzhou Boyu Information Technology Company, aka Boyusec.

    “On May 9, a mysterious group calling itself “intrusiontruth” identified a contractor for the Chinese Ministry of State Security (MSS) as the group behind the APT3 cyber intrusions.” states the analysis published by Recorder Future.

    The names of two specific shareholders of Boyusec appear in the domain registration for the Pirpi C&C servers.##This is particularly interesting because Boyusec supports the Chinese Ministry of State Security (MSS) by collecting civilian human intelligence. Think of them as an outsourcer for a government agency like the United States’ National Security Agency (NSA).

    Also interesting is that in 2016 a Pentagon report described the relationship between Boyusec and network equipment manufacturer, Huawei. According to the report, the two companies were colluding to develop security equipment with embedded backdoors which would likely be used by Boyusec to compromise Huawei customers.

    “In November 2016, the Washington Free Beacon reported that a Pentagon internal intelligence report had exposed a product that Boyusec and Huawei were jointly producing.” continues the analysis.”According to the Pentagon’s report, the two companies were working together to produce security products, likely containing a backdoor, that would allow Chinese intelligence “to capture data and control computer and telecommunications equipment.” The article quotes government officials and analysts stating that Boyusec and the MSS are “closely connected,” and that Boyusec appears to be a cover company for the MSS.”

    To protect our networks, it is important to assess the threats. An important part of threat assessment is to anticipate the motivation of the attackers. APT3 has demonstrated above average skills and has been active for a long time. Add ties to the network vendor supply chain and you have the makings of a dangerous adversary. As part of the Chinese MSS structure you can start to guess at motivation. With this new information, it is a good time to reassess your threat model.
    Attached Images Attached Images

  18. #58
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Europol supported the Slovak NAKA crime unit in an operation that resulted in the seizure of the Bloomsfield darknet marketplace.

    Another success of the European#police, last week#Europol supported the Slovak NAKA crime unit in the arrest of a Slovak national believed to operate the Bloomsfield#darknet marketplace dealing in drugs and arms.

    “Bloomsfield started its marketplace around two years ago, but remained throughout its shelf life a rather small market with few listings and users.” reported website darkweb.world.

    The police took into custody the suspect and several of his premises have been searched.

    “Europol has supported the Slovak authorities in their investigation into a Slovak national who had been trading firearms, ammunition, and drugs on the Darknet.” reads the statement published by the Europol.

    “In one of the locations searched, Slovak authorities discovered and seized five firearms and approximately 600 rounds of ammunition of different calibers. The investigators also found a sophisticated indoor cannabis plantation, 58 cannabis plants and a Bitcoin wallet containing bitcoins worth EUR 203 000, which is thought to have been obtained from illegal online activities.”

    The law enforcement has seized the server running the darknet marketplace, experts are analyzing it searching for evidence and other information useful for the investigation.

    “The server used by the suspect to host the Darknet marketplace was also seized during the raids and is currently being forensically analysed. Slovak authorities and Europol have extended the investigation into the users and vendors who utilised the marketplace.” states Europol

    Bloomsfield was launched around two years ago but is considered a very small market with few listings and users.#It started as the vendor shop of the vendor ‘Biocanna‘ and later other vendors have#joined the darknet market.
    Biocanna has shared a portion of a conversation on Twitter concerning the ‘owner of the failing Bloomsfield market.’

    Best I've ever seen pic.twitter.com/yKxkNvQ43G
    — C (@2ctfm) May 4, 2017

    It the above#claims are correct the Europol will have no difficulties to track the other operators of the black market.

    “Europol supported Slovakia throughout the entire investigation by providing its analytical and financial intelligence capabilities.” reads the Europol’s announcement. “Also, across-check performed during the house searches generated a hit on Europol’s databases which helped investigators identify a

    Darknet vendor living in another EU country. The individual was suspected of supplying one of the firearms found during the house searches in Bratislava.”
    Darknet marker places are important facilitators of criminal activities, the monitoring of this ecosystem is crucial for law enforcement.
    Attached Images Attached Images

  19. #59
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    The Stegano exploit kit, also known as Astrum, continues to evolve, recently its authors adopted the Diffie-Hellman algorithm to hinder analysis.

    The Stegano exploit kit made was associated in the past with a massive AdGholas malvertising campaign that delivered malware, mostly Gozi and RAMNIT trojans. Experts at TrendMicro also observed the exploit kit in the Seamless malvertising campaign.

    “Astrum’s recent activities feature several upgrades and show how it’s starting to move away from the more established malware mentioned above.
    It appears these changes were done to lay the groundwork for future campaigns, and possibly to broaden its use.

    With a modus operandi that deters analysis and forensics by#abusing the Diffie-Hellman key exchange, it appears Astrum is throwing down the gauntlet.” reads the analysis published by Trend Micro.

    In March, the French research Kafeine#reported the Stegano EK exploiting the information disclosure vulnerability tracked as CVE-2017-0022. Hackers exploited the#flaw#to evade antivirus detection and analysis.

    A month later, the Stegano exploit kit was updated to#prevent security researchers from replaying the malicious network traffic.

    “We found that this anti-replay feature was designed to abuse the Diffie-Hellman key exchange—a widely used algorithm for encrypting and securing network protocols. Angler was first observed doing this back in 2015.” continues the analysis.

    “Implementing the Diffie-Hellman key exchange prevents malware analysts and security researchers from getting a hold of the secret key Astrum uses to encrypt and decrypt their payloads. Consequently, obtaining the original payload by solely capturing its network traffic can be very difficult.”

    According to the experts, the#Astrum/#Stegano exploit kit includes exploit codes for a number of vulnerabilities in Adobe Flash, including the CVE-2015-8651#RCE, the#CVE-2016-1019 RCE, and the out-of-bound read bug flaw tracked as#CVE-2016-4117.

    Experts highlighted that#currently the Stegano#Exploit Kit isn’t used to deliver malware and associated traffic is very low, both circumstances suggest we can soon observe a spike in its activity.

    “It wouldn’t be a surprise if [Astrum/Stegano’s] operators turn it into an exclusive tool of the trade—like Magnitude and Neutrino did—or go beyond leveraging security flaws in Adobe Flash. Emulating capabilities from its predecessors such as fileless infections that can fingerprint its targets and deliver encrypted payloads shouldn’t be far off,” concluded Trend Micro.
    Attached Images Attached Images

  20. #60
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Hacking #IoT Devices: The Alarming Internet of Things #CyberSecurity MT @ipfconline1

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. Leadership of Cyber Warriors: Enduring Principles and New Directions
    By SWJ Blog in forum Media, Information & Cyber Warriors
    Replies: 0
    Last Post: 07-11-2011, 02:41 PM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Replies: 51
    Last Post: 01-08-2011, 07:42 PM
  5. Question 5: Cyber space (oh you know I had to ask at least one of these)
    By selil in forum TRADOC Senior Leaders Conference
    Replies: 7
    Last Post: 08-14-2009, 03:27 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •