by CIRT Team
Spring Dragon – Updated Activity [securelist]
Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.
by CIRT Team
Hackers Breach Casino After Compromising a Smart Fish Tank [softpedia]
In case you were wondering why a fish tank needs to be connected to the Internet, it’s because the casino wanted to do everything remotely, with employees using a remote connection to feed the fish and get all the information instantly, such as water temperature. But it was this connection that exposed the fish tank, and eventually, the entire casino, to hackers, as an unnamed...
Read More
by CIRT Team
Facebook has got your number – even if it’s not your number [nakedsecurity]
Do you value your Facebook account? Have you linked your phone number to your Facebook account? You could lose access to it if you aren’t careful, according to James Martindale, who discovered a worrisome Facebook authentication vulnerability. Facebook encourages you to give it your phone number “to help secure your account”, and you can link multiple numbers to your account. That means that you –...
Read More
by CIRT Team
Experts warn of an increased availability of DDoS tools online [securityaffairs]
As cyber crime reaches new levels with new malware & viruses being realized online on a daily basis it also becomes apparent that the increase in DDoS tools that require no apparent skills to use them, just providing the IP address it is possible to launch the attack. These tools are becoming more and more available on the Internet.
by CIRT Team
Email Address Submit Threat Spotlight: Is Fireball Adware or Malware? [cylance]
Recently, Fireball malware has garnered a lot of attention by claiming to have spread to 250 million computers. Upon execution, Fireball installs a browser hijacker as well as any number of adware programs. Several different sources have linked different indicators of compromise (IOCs) and varied payloads, but a few details remain the same. In this blog, we will be detailing the Fireball threat and many...
Read More
by CIRT Team
“Bad Taste” Vulnerability Affects Linux Systems via Malicious Windows MSI Files [bleepingcomputer]
Because Windows executables haven’t wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems. This scenario is possible because of a vulnerability discovered by German IT expert Nils Dagsson Moskopp, which he named “Bad Taste.” The vulnerability affects GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
by CIRT Team
Linux Users Urged to Update as a New Threat Exploits SambaCry [trendmicro]
A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker...
Read More
by CIRT Team
Reyptson Spams Your Friends by Stealing Thunderbird Contacts [bleepingcomputer]
Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware’s development. Today security researcher MalwareHunterTeam took a deeper look and noticed that Reyptson conducts its own spam distribution campaign directly from a victim’s configured Thunderbird email account.
by CIRT Team
Eternal Synergy Exploit Analysis [technet]
This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, as opposed to local shellcode execution. Like the other SMB vulnerabilities, this one was also addressed in MS17-010 as CVE-2017-0143. The exploit works up to Windows 8, but does not work as written against any...
Read More
by CIRT Team
Half-Year Roundup: The Top Five Data Breaches of 2017 — So Far [securityintelligence]
Data breaches aren’t slowing down. If anything, they’re set to break last year’s record pace. As noted by 24/7 Wall Street, the 758 breaches reported this year mark nearly a 30 percent increase from 2016. If cybercriminals keep it up, the total number of attacks could break 1,500 by the end of 2017. Recent research by the Ponemon Institute found that companies have a 1-in-4...
Read More