Quantcast
Channel: Silobreaker: All Posts
Viewing all articles
Browse latest Browse all 718

Silobreaker Daily Cyber Digest – 10 November 2016

November 10, 2016, 4:47 am
$
0
0
Malware Encryption malware uses Telegram Messenger A newly discovered encryption malware targeting Russian users, dubbed Telegram Trojan [1], becomes the first encryptor to leverage the Telegram Messenger [2] communication protocol. Once launched, the malware generates a file encryption key and an infection ID. It then contacts the malware writer using the Telegram Bot API, and operates as a bot to communicate with the authors via the Telegram API. This allows the malware to send the decryption key to its authors once a victim's files have been encrypted. The ransom demand is 5,000 RUB. More information [3]. Locky targeting OPM breach victims A phishing campaign pushing Locky ransomware [4] is targeting the 22 million victims of the United States Office of Personnel Management [5] breach. The campaign attempts to impersonate OPM representatives, targeting the government contractors that had their personal information stolen. The phishing email uses the signature ‘Elis Lucas’, an OPM account manager, while the attachment is a zip archive that when launched runs a JavaScript application that downloads and runs a sample of the Locky encryption ransomware. More information. [6]   Leaks & Breaches  Properties in Finland targeted with DDoS attack causing a halt to heating Two apartment buildings in Lappeenranta [7], Finland, faced a week without heating due to a DDoS attack targeting the buildings' control systems. The attack specifically affected the building management systems, disabling the computers which controlled heating. More information [8].   Vulnerabilities iOS webview problem allows hackers to initiate phone calls Apple’s WebView [9], which is often embedded in mobile apps, has been found to be easily exploitable and could allow attackers to call numbers of their choosing. Researchers emphasise the triviality of the exploit, requiring only one line of HTML code. The implications of the attack include ramped up charges to premium numbers or even denial-of-service attacks to flood certain targets. More information. [10] Microsoft Word Intruder 8 adds support for Flash vulnerability Microsoft Word Intruder [11] (MWI), a kit used to create malicious Microsoft Word documents for use in targeted attacks, has integrated the Flash vulnerability CVE-2016-4117 [12] into its makeup. MWI is used to target retail, financial and manufacturing verticals using various payloads. More information. [13]   Ongoing Campaigns Anonymous Italia defaces Italian police websites…again The Italian faction of Anonymous [14] has yet again hacked the websites of the country’s police force. It has done so in response to the “deplorable state of the Italian justice system, which protects the executioners of defenceless citizens”. In the attacks, official web pages were defaced and around 70MB of data was stolen. The data predominantly pertained to the activities of the Italian police’s blog and magazine, however it also included sensitive data such as personal email addresses and their clear-text passwords. More information. [15] APT28 steps up spear-phishing campaign leveraging Hacker collective APT28 [16] has stepped up a spear-phishing campaign which leveraged two newly released and patched vulnerabilities in Adobe Flash and Windows (reported by Silobreaker here [17]). The increased activity between late October and November 8th is believed to be an attempt by APT28 to take advantage of the attack vector before patches become widely available. The campaign also began to target organisations, which often take longer to patch vulnerabilities than high worth individuals, who were the original targets of the campaign. More information [18].   General News Website of the National Crime Agency DDoSed The National Crime Agency (NCA) [19] website was hit by a DDoS attack yesterday. Officials from the agency have described the attack as merely an inconvenience, understanding that they are an obvious target and that no data has been compromised. More information. [20] Google toughens response to “repeat offender” websites Starting today, Google [21] will begin warning its users of websites that have hosted malware on multiple occasions. Google announced the changes to its Safe Browsing feature, a program to protect its users from malicious actors on the Internet, which will now classify and clearly mark such sites as “Repeat Offenders”. More information [22].   The Silobreaker Team Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein. [1] https://my.silobreaker.com/view360.aspx?item=11_1111946321#?q=Malware:%22Telegram%20Trojan%22&rd=true [2] https://my.silobreaker.com/view360.aspx?item=11_606452508#?q=Product:%22Telegram%20Messenger%22&rd=true [3] https://securelist.com/blog/research/76558/the-first-cryptor-to-exploit-telegram/ [4] https://my.silobreaker.com/view360.aspx?item=11_966417407#?q=Malware:%22Locky%20Ransomware%22&rd=true [5] https://my.silobreaker.com/view360.aspx?item=11_21912661#?q=Organization:%22US%20Office%20of%20Personnel%20Management%22&rd=true [6] http://phishme.com/unscrupulous-locky-threat-actors-impersonate-us-office-personnel-management-deliver-ransomware [7] https://my.silobreaker.com/view360.aspx?item=11_129523#?q=City:%22Lappeenranta%22&rd=true [8] http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-winter [9] https://my.silobreaker.com/view360.aspx?item=11_1112201308#?q=Product:%22Apple%20WebView%22&rd=true [10] https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html [11] https://my.silobreaker.com/view360.aspx?item=11_844752103#?q=Keyphrase:%22Microsoft%20Word%20Intruder%22&rd=true [12] https://my.silobreaker.com/view360.aspx?item=11_1008471602#?q=Vulnerability:%22CVE-2016-4117%22&rd=true [13] https://www.proofpoint.com/uk/threat-insight/post/microsoft-word-intruder-8-adds-support-for-flash-vulnerability [14] https://my.silobreaker.com/view360.aspx?item=11_360633786#?q=ThreatActor:%22Anonymous%20Italy%22&rd=true [15] https://blog.sensecy.com/2016/11/10/anonymous-italia-robs-the-police-again/ [16] https://my.silobreaker.com/view360.aspx?item=11_779533767#?q=ThreatActor:%22APT28%22&rd=true [17] http://www.silobreaker.com/silobreaker-daily-cyber-digest-1-november-2016/ [18] http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/ [19] https://my.silobreaker.com/view360.aspx?item=11_694574#?q=Organization:%22National%20Crime%20Agency%22&rd=true [20] http://www.theregister.co.uk/2016/11/09/nca_under_ddos_it_must_be_wednesday/ [21] https://my.silobreaker.com/view360.aspx?item=11_306402#?q=Company:%22Google%20Inc%22&rd=true [22] https://security.googleblog.com/2016/11/protecting-users-from-repeatedly_8.html
Search
Viewing all articles
Browse latest Browse all 718
Search