Posts

Showing posts from May, 2018

TrustedSec - Protected: Full Disclosure: Microsoft Lync for Mac 2011 susceptible to forced browsing / download attack

This content is password protected. To view it please enter your password below: Password: The post Protected: Full Disclosure: Microsoft Lync for Mac 2011 susceptible to forced browsing / download attack appeared first on TrustedSec . from TrustedSec https://www.trustedsec.com/2018/05/full-disclosure-microsoft-lync-for-mac-2011-susceptible-to-forced-browsing-download-attack/

KnowBe4 - Here is a Spam Message from 1864, as Old as the Victorian Internet

Image
  If you thought spam was just a twenty-first-century thing, think again. As usual, most things that seem new have pretty deep roots. Most of us can see spam's ancestry in junk mail, but it was being delivered electronically a century and a half ago. The Times of London published this complaining letter on May 30th, 1864: from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/here-is-a-spam-message-from-1864-as-old-as-the-victorian-internet

Schneier - Numbers Stations

On numbers stations . from Schneier on Security https://www.schneier.com/blog/archives/2018/05/numbers_station.html

TrustedSec - Protected: Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

This content is password protected. To view it please enter your password below: Password: The post Protected: Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox appeared first on TrustedSec . from TrustedSec https://www.trustedsec.com/2018/05/working-with-proxmox/

US-CERT - AR18-149A: MAR-10135536-3 - HIDDEN COBRA RAT/Worm

Original release date: May 29, 2018 Description Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://ift.tt/1qJcHPA. Summary Description This submission includes four unique files. The first is an installer for additional malware: a Remote Access Trojan (RAT) and a malicious Dynamic Link Library (DLL) that functions as a Server ...

US-CERT - North Korean Malicious Cyber Activity

Original release date: May 29, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. In conjunction with the release of this TA, NCCIC has released a Malware Analysis Report (MAR) that provides analysis on samples of Joanap and Brambul malware. NCCIC encourages users and administrators to review TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm and MAR-10135536-3 – RAT/Worm . For more information, visit https://www.us-cert.gov/HiddenCobra . This product is provided subject to this Notification and this Privacy & Use policy. from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/05/29/Nor...

US-CERT - TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

Original release date: May 29, 2018 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government: a remote access tool (RAT), commonly known as Joanap; and a Server Message Block (SMB) worm, commonly known as Brambul. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra . FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these...

Krebs - Will the Real Joker’s Stash Come Forward?

Image
For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known “carding” markets, or online stores that sell stolen credit cards. An ad for new stolen cards on Joker’s Stash. One wildly popular carding site that has been featured in-depth at KrebsOnSecurity — Joker’s Stash — brags that the millions of credit and debit card accounts for sale via their service were stolen from merchants firsthand. That is, the people running Joker’s Stash say they are hacking merchants and directly selling card data stolen from those merchants. Joker’s Stash has been tied to several recent retail breaches, including those at Saks Fifth Avenue, Lord and Taylor , Bebe Stores , Hilton Hotels ,  Jason’s Deli , Whole Foods , Chipotle and Sonic . Indeed, with most of these...

KnowBe4 - Cobalt Cybercrime Group Resumes Phishing Attacks

Image
The leader of the Cobalt hacking group was arrested in Spain two months ago, but the gang resurfaced at the end of May. Their spear phishing emails started hitting victims' in-boxes again on May 23rd. Their targets are primarily banks in Russia and the former Soviet republics of the Near Abroad, but there are signs that they're expanding globally. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cobalt-cybercrime-group-resumes-phishing-attacks

Black Hills InfoSec - How to Configure SPFv1: Explained for the Masses

Kent Ickler and Derrick Rauch* //   Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, now:  “ Email “forging” exists in the web today, thanks @ustayready. Sender Policy Framework (SPF) was created with origins back in 2005 (RFC 4408) with more […] The post How to Configure SPFv1: Explained for the Masses appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-configure-spfv1-explained-for-the-masses/

Schneier - Kidnapping Fraud

Fake kidnapping fraud : "Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held responsible," Commander McLean said. The scammers threaten the students with deportation from Australia or some kind of criminal punishment. The victims are then coerced into providing their identification details or money to get out of the supposed trouble they're in. Commander McLean said there are also cases where the student is told they have to hide in a hotel room, provide compromising photos of themselves and cut off all contact. This simulates a kidnapping. "So having tricked the victims in Australia into providing the photographs, and money and documents and other things, they then present the information back to the unknowing families in China to suggest...

KnowBe4 - ModStore Update: 44 exploqii videos with downloadable option now live

Image
  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/modstore-update-44-exploqii-videos-with-downloadable-option-now-live

KnowBe4 - CyberheistNews Vol 8 #22 Which Users Will Cause the Most Damage to Your Network and Are an Active Liability?

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-8-22-which-users-will-cause-the-most-damage-to-your-network-and-are-an-active-liability

HACKMAGEDDON - April 2018 Cyber Attacks Timeline

It’s time to publish the statistics derived from the cyber attacks timelines of April (part I and part II). As from HACKMAGEDDON https://www.hackmageddon.com/2018/05/29/april-2018-cyber-attacks-timeline/

Krebs - FBI: Kindly Reboot Your Router Now, Please

Image
The  Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers. The growing menace — dubbed VPNFilter — targets Linksys , MikroTik , NETGEAR and TP-Link networking equipment in the small and home office space, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco . Experts are still trying to learn all that VPNFilter is built to do, but for now they know it can do two things well: Steal Web site credentials; and issue a self-destruct command, effectively rendering infected devices inoperable for most consumers. Cisco researchers said they’re not yet sure how these 500,000 devices were infected with VPNFilter, but that most of the targeted devices have known publi...