Malware
Crypton Ransomware
A new ransomware family discovered by MalwareHunterTeam has been named Crypton [1]. It is not yet known how the malware is spread but it appears to utilise a dropper that unpacks and installs Crypton from a file named crypton.exe. At present the ransomware has a very low detection rate and there is no way to recover files other than by paying the ransom, which ranges from 0.2 BTC to 2 BTC. More information. [2]
Locky Ransomware being distributed through Fake Flash Player Update
A fake Flash Player update is being used to distribute Locky ransomware [3]. If users visit the fake site (www[.]fleshplayer[.]com) an executable will be automatically downloaded. If the file is opened, Locky will begin encrypting files. More information. [4]
KeyBoy and the targeting of Tibetan Parliamentarians
A report has been published by Citizen Lab [5] detailing operations that use malware called KeyBoy [6] to infiltrate communications and gather information on the Tibetan community. Known and patched exploits are used to deliver the custom backdoor trojan. Full report here. [7]
Leaks and Breaches
Three Mobile suffers major security breach
Three Mobile [8] has suffered a severe breach, potentially exposing the private information of six million customers. Malicious actors gained access to the customer upgrade database of the company through an employee login. Information accessed included names, phone numbers, addresses and dates of birth. It is suspected that the hackers used this information to find customers eligible for handset upgrades and placed orders on their behalf for new smartphones, which were redirected to the hackers and resold in a parallel market. Three men have been arrested in connection with the breach. More information. [9]
Canadian Army’s Recruitment site suffers hack
The public recruitment website of the Canadian army was hacked on Thursday, and for a short period redirected visitors to the official website of the Chinese government. After being notified of the issue, the army have now taken the site down. It is unknown whether information was harvested from visitors to the compromised website. More information. [10]
Hackers breach cloud storage service Mega
A hacker group named Amn3s1a Team [11], have posted data online which they claim to have stolen from mega.nz [12], a cloud storage and file hosting service. The hackers obtained credentials used by a Mega contractor and used these to gain access to Mega servers. The group stole and posted information relating to the system that delivers blog posts, help centre content and translations, as well as personal files from the contractor’s computer. The group also claims to have stolen 2GB of code, including the source code for the company’s browser-based chat application. More information [13].
Vulnerabilities
iOS Passcode Bypass allows access to photos and contacts
A vulnerability in iOS 8, 9 and 10 [14] allows attackers to access photos and contacts on a locked iPhone according to two YouTube channels, iDeviceHelp [15] and EverythingApplePro [16]. The bypass involves using Siri and Apple’s Accessibility feature called VoiceOver to get around the passcode. More information. [17]
iPhone Call History synced to iCloud without user consent
iPhone users are being warned that their call history is automatically synced and stored on iCloud and is therefore vulnerable to attack from a determined threat actor. Apple has no official way to turn off this behaviour other than telling people to ‘not use the same Apple ID on different devices’. Theoretically, a third-party could bypass iCloud's two-factor authentication by extracting Apple’s iCloud authentication token and using it to access the targeted iCloud account. More information. [18]
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_1117668894#?q=Malware:%22Crypton%20Ransomware%22&rd=true
[2] http://www.bleepingcomputer.com/news/security/crypton-ransomware-is-here-and-its-not-so-bad-/
[3] https://my.silobreaker.com/view360.aspx?item=11_966417407#?q=Malware:%22Locky%20Ransomware%22&rd=true
[4] http://www.bleepingcomputer.com/news/security/locky-ransomware-being-distributed-through-fake-flash-player-update-sites/
[5] https://my.silobreaker.com/view360.aspx?item=11_404222#?q=Organization:%22Citizen%20Lab%22&rd=true
[6] https://my.silobreaker.com/view360.aspx?item=11_593094669#?q=Malware:%22KeyBoy%22&rd=true
[7] https://citizenlab.org/2016/11/parliament-keyboy/
[8] https://my.silobreaker.com/view360.aspx?item=11_114889063#?q=Company:%22Three%20Mobile%22
[9] http://www.telegraph.co.uk/news/2016/11/17/three-mobile-cyber-hack--six-million-customers-private-data-at-r/
[10] http://motherboard.vice.com/read/the-canadian-armys-recruitment-site-was-hacked
[11] https://my.silobreaker.com/view360.aspx?item=11_1117839029#?q=ThreatActor:%22Amn3s1a%20Team%22&rd=true
[12] https://my.silobreaker.com/view360.aspx?item=11_605502528#?q=Company:%22Mega%20Limited%22&rd=true
[13] http://www.bleepingcomputer.com/news/security/hacker-group-breaches-mega-nz-servers/
[14] https://my.silobreaker.com/view360.aspx?item=11_141645260#?q=Product:%22Apple%20iOS%22&rd=true
[15] https://www.youtube.com/watch?v=LWJG5I8xCDU
[16] https://www.youtube.com/watch?v=hP3BMyrFBSs
[17] http://www.bleepingcomputer.com/news/apple/ios-bug-lets-attackers-bypass-iphone-and-ipad-passcodes-using-siri/
[18] https://blog.elcomsoft.com/2016/11/iphone-user-your-calls-go-to-icloud/#more-3518
↧