What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-09-06 07:44:04 | New OilRig APT campaign leverages a new variant of the OopsIE Trojan (lien direct) | The Iran-linked APT group OilRig was recently observed using a new variant of the OopsIE Trojan that implements news evasion capabilities. Experts at Palo Alto observed a new campaign carried out by the Iran-linked APT group OilRig that was leveraging on a new variant of the OopsIE Trojan. The OilRig hacker group is an Iran-linked APT that has been around […] | APT 34 | ||
 |
2018-09-05 21:04:04 | OilRig Sends an OopsIE to Mideast Government Targets (lien direct) | The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. | APT 34 | ||
 |
2018-09-05 14:16:03 | Iranian Hackers Improve Recently Used Cyber Weapon (lien direct) | The Iran-linked cyberespionage group OilRig was recently observed using a variant of the OopsIE Trojan that was updated with new evasion capabilities, Palo Alto Networks reports. | APT 34 | ||
 |
2018-09-01 15:54:03 | (Déjà vu) Lazarus (lien direct) | Type: Malware Platform: Mac OS X Last updated: 09/01/18 10:50 pm Threat Level: High Description Lazarus is malware. Lazarus Threat Removal MacScan can detect and remove Lazarus Malware from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan | Malware Threat | APT 38 | |
 |
2018-08-29 02:01:03 | North Korea\'s Lazarus Tied to Cryptojacking Campaign Targeting MacOS (lien direct) | North Korean state-sponsored hacking group Lazarus is believed to be behind a recent crypto jacking attack on several banks with an unexpected twist–the use of a Trojan that tricked a company employee into downloading malware, according to Kaspersky Lab. Kaspersky researchers made what they call the “unexpected discovery” while...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/566684710/0/thesecurityledger -->» | APT 38 | ||
 |
2018-08-28 13:00:00 | AlienVault Product Roundup July / August 2018 (lien direct) |
It’s been a busy summer at AlienVault! Amid some major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases:
New EDR capabilities with the new AlienVault Agent
On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent - a lightweight and adaptable endpoint agent based on osquery - you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote.
The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities.
AlienApp for ConnectWise
The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information.
Slaying Defects and Optimizing the UX
In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details.
USM Central Roundup and Look Ahead
Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include:
Two-way alarm status and label synchronization
Orchestration rules management across USM Anywhere deployments
USM Central API availability (You can find the API documentation here.)
Threat Intelligence Highlights
USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team.
The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are rese |
Threat Medical | APT 38 | |
|
2018-08-28 06:39:00 | Security firm attributes Cosmos Bank cyberheist to Lazarus APT (lien direct) | Security experts from Securonix have published a report that attributes the attack against on the Cosmos Bank to the Lazarus APT group. Cosmos Bank is one of the largest Indian cooperative banks, it was the victim of a cyberheist a couple of weeks ago when hackers stole over 940 million rupees ($13.5 million) in just three […] | APT 38 | ||
 |
2018-08-27 17:06:01 | A week in security (August 20 – 26) (lien direct) |
A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.
Categories:
Security world
Week in security
Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup
(Read more...)
|
Medical | APT 38 | |
|
2018-08-27 16:09:05 | North Korea-linked Hackers Stole $13.5 Million From Cosmos Bank: Report (lien direct) | The North Korea-linked hacking group Lazarus is said to have stolen $13.5 million in a recent cyber-attack targeting SWIFT/ATM infrastructure of Cosmos Bank. | APT 38 | ||
 |
2018-08-23 15:07:00 | Lazarus Group Builds its First MacOS Malware (lien direct) | This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain. | Malware Medical | APT 38 | |
 |
2018-08-23 08:00:00 | AppleJeus: macOS users targeted in new Lazarus attacks (lien direct) | The campaign includes the distribution of Apple macOS malware for the first time. | Malware | APT 38 | |
 |
2018-08-20 16:06:46 | DeGrasse Tyson: Make Truth Great Again (lien direct) | Neil deGrasse Tyson tweets the following:I'm okay with a US Space Force. But what we need most is a Truth Force - one that defends against all enemies of accurate information, both foreign & domestic.- Neil deGrasse Tyson (@neiltyson) August 20, 2018When people make comparisons with Orwell's "Ministry of Truth", he obtusely persists:A good start: The National Academy of Sciences, which “…provides objective, science-based advice on critical issues affecting the nation."- Neil deGrasse Tyson (@neiltyson) August 20, 2018Given that Orwellian dystopias were the theme of this summer's DEF CON hacker conference, let's explore what's wrong with this idea.Truth vs. "Truth"I work in a corrupted industry, variously known as the "infosec" community or "cybersecurity" industry. It's a great example of how truth is corrupted into "Truth".At a recent government policy meeting, I pointed out how vendors often downplay the risk of bugs (vulnerabilities that can be exploited by hackers). When vendors are notified of these bugs and release a patch to fix them, they often give a risk rating. These ratings are often too low, in order to protect the corporate reputation. The representative from Oracle claimed that they didn't do that, and that indeed, they'll often overestimate the risk. Other vendors chimed in, also claiming they rated the risk higher than it really was.In a neutral world, deliberately overestimating the risk would be the same falsehood as deliberately underestimating it. But we live in a non-neutral world, where only one side is a lie, the middle is truth, and the other side is "Truth". Lying in the name of the "Truth" is somehow acceptable.Moreover, Oracle is famous for having downplayed the risk of significant bugs in the past, and is well-known in the industry as being the least trustworthy vendor as far as security of their products is concerned. Much of their policy efforts in Washington D.C. are focused on preventing their dirty laundry from being exposed. They aren't simply another vendor promoting "Truth", but a deliberately exploiting "Truth" to corrupt ends.That we should exaggerate the risks of cybersecurity, deliberately lie to people for their own good, is the uncontroversial consensus of our infosec/cybersec community. Most do it, few think this is wrong. Security is a moral imperative that justifies "Truth".The National Academy of ScientistsSo are we getting the truth or "Truth" from organizations like the National Academy of Scientists?The question here isn't global warming. That mankind's carbon emissions warms the climate is truth. We have a good understanding of how greenhouse gases work, as well as many measures of the climate showing that warming is occurring. The Arctic is steadily losing ice each summer.Instead, the question is "Global Warming", the claims made by politicians on the subject. Do politicians on the left fairly represent the truth, or are they the "Truth"?Which side is the National Academy of Sciences on? Are they committed to the truth, or (like the infosec/cybersec community) are they pursuing "Truth"? Is global warming a moral imperative that justifies playing loose with the facts?Googling "national academy of sciences climate chang | Guideline | APT 32 | |
 |
2018-08-15 12:30:04 | July\'s Most Wanted Malware: Attacks Targeting IoT and Networking doubled since May 2018 (lien direct) | Three IoT vulnerabilities entered July's top ten most exploited vulnerabilities list, as threat actors have doubled their attacks on these Mirai and Reaper-related vulnerabilities since May 2018. During July 2018, three IoT vulnerabilities entered the Top 10 most exploited list: MVPower DVR router Remote Code Execution at #5; D_Link DSL-2750B router Remote Command Execution… | Threat Cloud | APT 37 | |
|
2018-08-10 16:15:03 | The analysis of the code reuse revealed many links between North Korea malware (lien direct) | Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. The experts focused their analysis on the code reuse, past investigations revealed that some APT groups share portions of code […] | Malware Medical Cloud | APT 38 APT 37 | |
 |
2018-08-10 12:17:03 | Samsung announces the Galaxy Note9 with an AI camera and new S-Pen (lien direct) | Samsung Galaxy Note9 launches with a new AI-powered camera and more powerful S-Pen Samsung finally unveiled its most-awaited 'phablet' Galaxy Note9 at its Unpacked event in Brooklyn, New York on Thursday. The South Korean giant claims that the Galaxy Note9 will ‘raise the bar for speed and power once again.’ “The Note has always been our showcase for premium technology and industry-defining innovation, and Galaxy Note9 is no exception,” DJ Koh, President and CEO of IT and Mobile Communications Division, Samsung Electronics told an audience at the Samsung Unboxed event in New York. “It’s designed for a level of performance, power, and intelligence that today’s power users want and need. “Note fans are Samsung’s most loyal; we know they want it all, to get the most out of work and play, and Galaxy Note9 is the only phone that can keep up with their busy lives.” On the specification front, Samsung Galaxy Note9 includes a 6.4-inch Quad HD+ Super AMOLED Infinity Display, that’s nearly bezel-less on the sides. Samsung claims its all-new Galaxy Note9 is ‘super powerful’. It is powered by Qualcomm’s Snapdragon 845 chipset for the US model, and in-house Exynos 9810 SoC for other markets. It provides cellular download speeds of up to 1.2Gbps (gigabits per second) with the Snapdragon X20 4G LTE modem. The Note9 will also offer powerful gaming performance with the Adreno 630 GPU and it ships with Android 8.1 Oreo. The smartphone is powered by a huge 4,000mAh battery – the largest ever on a flagship Galaxy phone – which Samsung is promising will deliver “all day” battery life. Samsung Note9 is available in two variants: 8GB RAM + 512GB storage and 6GB RAM + 128GB storage. Like the Galaxy S9 Plus, Samsung's Galaxy Note 9 will also have a dual-rear camera setup comprising of a 12-megapixel primary lens with a dual aperture that can shift from f/2.4 aperture to a wider f/1.5 in low light conditions. The secondary camera has a 12-megapixel lens with f/2.4 aperture, while there is an 8MP selfie camera on the front. What's new is that the camera has a “scene optimizer” feature that uses artificial intelligence (AI) technology to automatically identify the environment or thing you’re shooting. It will automatically detect what it’s looking at, and adjust the settings accordingly to take the best possible picture. Also, if the camera detects that a picture has any imperfection, like a blur or shut-eye, so they can quickly take another picture. It features Dual Aperture technology, which Samsung introduced earlier this year on its Galaxy S9 range. This adjusts the camera lens to light in the same way as the human eye. The biggest highlight of Note9 is the new Bluetooth-enabled S-Pen that allows you to control the camera. In other words, you can set up a group photo and use the S-Pen as a makeshift camera shutter button, or can use it to pause and resume music playback, or scroll through PowerPoint presentations. The new S-Pen charges while it’s stored in your phone and a one minute charge lasts a half hour. The Galaxy Note9 will be made available in four colors: Black (with Black S-Pen), Purple (with Purple S-pen), Copper (with Copper S-Pen) and Ocean Blue (Yellow S-Pen) Pre-orders for the Galaxy Note9 begin on August 10th and the phone will be available on August 24, starting at $999.99 for the 128GB model and $1,249.99 for the 512GB model at all major carriers or direct (and unlocked) from Samsung. | APT 32 | ||
|
2018-08-09 19:34:03 | Researchers Say Code Reuse Links North Korea\'s Malware (lien direct) | Following trails of reused code, security researchers at Intezer and McAfee have uncovered new links between malware families attributed to North Korean threat groups and tracked most of the samples to the infamous | Malware Threat | APT 38 | |
 |
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-08-06 13:00:00 | Black Hat 2018 will be Phenomenal! (lien direct) |
The AlienVault team is ready to meet and greet visitors at Black Hat USA 2018, August 8th and 9th at the Mandalay Bay Convention Center in Las Vegas! Black Hat is one of the leading security industry events. The conference features the largest and most comprehensive trainings, educational sessions, networking opportunities and a two-day expo packed with exhibitors showcasing the latest in information security solutions from around the world!
Visit us at Booth #528!
Visit booth #528 located below the large, green alien head! We will be leading theater presentations twice an hour. Attendees will get a cool AlienVault collectors t-shirt, as well as a chance to win a pair of Apple® AirPods during our daily raffle. Stop by and meet the AlienVault team and learn about the recently announced endpoint detection and response capabilities now part of the USM Anywhere platform! USM Anywhere is the ONLY security solution that automates threat hunting everywhere modern threats appear: endpoints, cloud, and on-premises environments – all from one unified platform. Check out this awesome video by Javvad Malik, Community Evangelist for AlienVault, to learn more here!
Attend "From the Defender's Dilemma to the Intruder's Dilemma" Session for a chance to win a Nintendo Switch!
Join AlienVault VP of Product Marketing Sanjay Ramnath at a Black Hat speaking session. Sanjay will be speaking on Wednesday, August 8th from 10:20am-11:10am in Oceanside E on 'From the Defender's Dilemma to the Intruder's Dilemma'. We will be handing out raffle tickets before the session begins. Be sure to check out this session for the chance to win a Nintendo Switch!
Get Access to the Exclusive Security Leaders Party at Black Hat!
AlienVault is co-sponsoring one of the hottest security parties at Black Hat! Join us on Wednesday night from 8:00 - 10:00pm - guests will enjoy music, food, and a full open bar at the best venue at Mandalay Bay, Eyecandy Sound Lounge!
This will be the most talked about party of BHUSA 2018! We expect to reach capacity, so don't hesitate to get on the list now!
Event Details:
Date: Wednesday, August 8th
Time: 8:00 - 10:00 PM
Location: Eyecandy Sound Lounge, Mandalay Bay
We can’t wait to see you all at #BHUSA this week!
   |
Threat Guideline | APT 32 | |
 |
2018-07-26 15:30:00 | (Déjà vu) Shipping Giant COSCO Hit By Ransomware Attack (lien direct) | A ransomware infection has crippled the US network of one of the world’s largest shipping giants -COSCO (China Ocean Shipping Company). IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “Ransomware continues to wreak havoc within companies. It’s unclear whether this was a targeted or casual attack, but employees should be trained to be able … The ISBuzz Post: This Post Shipping Giant COSCO Hit By Ransomware Attack | Ransomware | APT 32 | |
|
2018-07-26 10:19:05 | Ransomware attack disrupted some systems of the shipping giant COSCO in the US (lien direct) | The Chinese shipping giant COSCO was reportedly hit by a ransomware based attack, the attack occurred in the American region. According to COSCO a “local network breakdown” disrupted some systems in the United States. Media confirmed the incident was the result of a ransomware attack and quoted a company spokesman as the source. “The China Ocean Shipping […] | Ransomware | APT 32 | |
 |
2018-07-25 19:23:01 | (Déjà vu) Ransomware Infection Cripples Shipping Giant COSCO\'s American Network (lien direct) | A ransomware infection has crippled the US network of one of the world's largest shipping giants -COSCO (China Ocean Shipping Company). [...] | Ransomware | APT 32 | |
|
2018-07-25 19:23:01 | (Déjà vu) Ransomware Infection Cripples Shipping Giant CISCO\'s American Network (lien direct) | A ransomware infection has crippled the US network of one of the world's largest shipping giants -COSCO (China Ocean Shipping Company). [...] | Ransomware | APT 32 | |
 |
2018-07-21 12:00:00 | Space Photos of the Week: Sweeping the Clouds Away on Titan (lien direct) | With infrared eyes, astronomers are more than scratching the surface of Saturn's hazy moon. | Cloud | APT 37 | |
|
2018-07-17 23:11:03 | Episode 104: Mueller\'s Cyber Eye on the Russian Guys also Reaper Drone Docs Stolen (lien direct) | In this week's episode of the podcast (#104): the Mueller indictment of 12 Russian GRU operatives for hacking the 2016 presidential election was a bombshell. It was also 30 pages long. We read it so you don’t have to and we’ll talk about the big take aways. Also: when researchers from Recorded Future saw an offer on a dark web...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/559125228/0/thesecurityledger -->»
|
APT 37 | ||
|
2018-07-13 00:21:05 | GUEST ESSAY: Theft of MQ-9 Reaper docs highlights need to better protect \'high-value assets\' (lien direct) | The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack, ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help […] | APT 37 | ||
|
2018-07-12 14:35:00 | Military documents about MQ-9 Reaper drone leaked on dark web (lien direct) | Hackers have put up for sale on the dark web sensitive military documents, some associated with the U.S. military’s MQ-9 Reaper drone aircraft, one of its most lethal and technologically advanced drones, security research firm Recorded Future recently discovered. The firms’ Insikt Group on June 1 observed a bad actor trying to sell...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/557965066/0/thesecurityledger -->» | Cloud | APT 37 | |
|
2018-07-11 11:49:04 | Hacker offered for sale US Military Reaper Drone documents for $200 (lien direct) | Researchers at threat intelligence firm Recorded Future have reported that a hacker was trying to sell US Military Reaper drone documents for less than $200. The news is disconcerting, the hackers may have obtained the documents related to the Reaper drone by hacking into at least two computers belonging to U.S. military personnel. “Specifically, an English-speaking hacker claimed […] | Threat Cloud | APT 37 | |
|
2018-07-07 11:00:00 | Flattened Fluids Help Scientists Understand Oceans and Atmospheres (lien direct) | By squeezing fluids into flat sheets, researchers can get a handle on the strange ways that turbulence feeds energy into a system instead of eating it away. | APT 32 | ||
|
2018-07-06 15:00:00 | Can we trust our online project management tools? (lien direct) |
Online project management tools can be not only useful, but a lifeline for developers and PMs who juggle multiple tasks with competing deadlines. How can we use them in a secure way?
Categories:
Business
Security world
Tags: breachcloudmanagementonline project managementPieter ArntzPMssecurity
(Read more...)
|
APT 36 | ||
|
2018-07-05 13:00:00 | The Boat Circling the Planet on Renewable Energy and Hydrogen (lien direct) | The French-built Energy Observer is on a years-long, 50-country tour of the planet, spreading the gospel of fossil fuel–free ocean travel. | APT 32 | ||
|
2018-07-03 12:26:00 | Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign (lien direct) | Iranian APT groups continue to very active, recently Charming Kitten cyber spies attempted to pose as an Israeli cyber-security firm that uncovered previous hacking campaigns. The Iranian Charming Kitten ATP group, aka Newscaster or Newsbeef, launched spear phishing attacks against people interested in reading reports about it. The Newscaster group made the headlines in 2014 when experts at iSight issued a report describing the […] | Conference | APT 35 | |
 |
2018-06-29 15:00:01 | Why engineers leave your company: The 7 most-cited reasons (lien direct) | Hiring managers struggle to understand why they fail to retain IT talent, according to a Digital Ocean report. | APT 32 | ★★★ | |
|
2018-06-27 17:57:01 | Another Local Government Agency Hacked (lien direct) | The latest local government data breach has occurred in Midland, Texas where hackers leveraged a vulnerability in Superion's Click2Gov function in the payment server used to make online payments for utilities. Other cities might be affected as well including Beaumont, California, Oceanside California and Goodyear, Arizona. Ryan Wilk, VP of Customer Success: “Hackers will leverage … The ISBuzz Post: This Post Another Local Government Agency Hacked | Data Breach Vulnerability | APT 32 | |
|
2018-06-26 04:44:00 | Lazarus APT hackers leverages HWP Documents in a recent string of attacks (lien direct) | Security researchers at AlienVault uncovered a series of cyber attacks on cryptocurrency exchanges leveraging weaponized Hangul Word Processor HWP documents (Hangul Word Processor documents). The string of attacks involving the HWP documents has been attributed to the North Korea-linked Lazarus APT group, and includes the hack of the South Korean virtual currency exchange Bithumb. The hackers […] | Hack Threat | Bithumb APT 38 | |
|
2018-06-25 18:30:00 | Malware in South Korean Cyberattacks Linked to Bithumb Heist (lien direct) | Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware. | Malware Medical | Bithumb Bithumb APT 38 | |
|
2018-06-25 17:31:04 | North Korean Hackers Exploit HWP Docs in Recent Cyber Heists (lien direct) | A series of malicious Hangul Word Processor (HWP) documents used in recent attacks on cryptocurrency exchanges have been attributed to the North Korea-linked Lazarus group, AlienVault reports. | Medical | APT 38 | |
|
2018-06-22 14:41:00 | Malicious Documents from Lazarus Group Targeting South Korea (lien direct) |
By Chris Doman, Fernando Martinez and Jaime Blasco
We took a brief look at some documents recently discussed and reviewed by researchers in South Korea over the past week. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea.
This article stands very much on the shoulders of other work by researchers in South Korea. Credit for initially identifying these documents goes to @issuemakerslab, @_jsoo_ and others.
Malicious Documents
We looked at three similar malicious documents:
국제금융체제 실무그룹 회의결과.hwp ("Results of the international financial system working group meeting") - cf09201f02f2edb9c555942a2d6b01d4
금융안정 컨퍼런스 개최결과.hwp ("Financial Stability Conference held") - 69ad5bd4b881d6d1fdb7b19939903e0b
신재영 전산담당 경력.hwp (“[Name] Computer Experience”) - 06cfc6cda57fb5b67ee3eb0400dd5b97
The decoy document, mentioning the G20 International Financial Architecture Working Group Meeting
The decoy document of a resume
These are Hangul Word Processor (“HWP”) files - a South Korean document editor. The HWP files contain malicious postscript code to download either a 32 or 64 bit version of the next stage from:
https://tpddata[.]com/skins/skin-8.thm - eb6275a24d047e3be05c2b4e5f50703d - 32 bit
https://tpddata[.]com/skins/skin-6.thm - a6d1424e1c33ac7a95eb5b92b923c511 - 64 bit
The malware is Manuscrypt (previously described by McAfee and |
Wannacry Bithumb APT 38 | ||
|
2018-06-19 12:00:00 | Analysis: Zillow Shows Rising Seas Threaten Over 300,000 Homes (lien direct) | Climate change study predicts 'staggering impact' of swelling oceans on coastal communities within next 30 years. | APT 32 | ★★ | |
|
2018-06-18 15:18:04 | DHS, FBI published a join alert including technical details of Hidden Cobra-linked \'Typeframe\' Malware (lien direct) | The US DHS and the FBI have published a new joint report that includes technical details of a piece of malware allegedly used by the Hidden Cobra APT. A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as […] | Medical | TYPEFRAME APT 38 | |
 |
2018-06-18 03:00:00 | Does cyber insurance make us more (or less) secure? (lien direct) | If data is the new oil, then we're looking at pelicans soaked in crude on a beach.When an oil tanker goes down or an oil rig explodes, dumping millions of gallons of petroleum into the ocean, we clean up the spill, we look for first causes, and we hold the company - even individuals - responsible for the harm they've caused to a shared resource: the environment we all live in.[ Watch out for 7 common modeling mistakes | Get the latest from CSO by signing up for our newsletters. ] When a company like Equifax commits gross negligence for failing to secure our data, and a breach pumps 147.9 million records onto the internet, the company's directors keep their jobs, their cyber insurance policy pays out, and the company posts a profit. | Equifax APT 32 | ||
|
2018-06-13 11:57:00 | Lazarus Group used ActiveX zero-day vulnerability to attack South Korean security think tank (lien direct) | The South Korean agency focuses on national security issues and is believed to have been attacked by North Korean hackers. | APT 38 | ||
|
2018-06-12 21:09:02 | North Korea-linked Lazarus APT behind recent ActiveX attacks (lien direct) | North Korea-linked Lazarus APT group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security. According to researchers at AlienVault, North Korea-linked hackers planted an ActiveX zero-day vulnerability on the website of a South Korean think tank focused on national security. The experts attributed the attack to the notorious Lazarus APT group […] | APT 38 | ||
|
2018-06-12 11:14:05 | North Korean Hackers Abuse ActiveX in Recent Attacks (lien direct) | An ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by the North Korean-linked Lazarus group in attacks, AlienVault reports. | Medical | APT 38 | |
|
2018-06-12 10:30:01 | Analysis Of Banco De Chile + Continued Cyber Attacks On Banks (lien direct) | As you may have heard, Banco de Chile is the latest victim in a string of cyber attacks targeting payment transfer systems and in a similar vein to the recent Mexico heist, hackers wreaked havoc on banking operations. Ofer Israeli, CEO at Illusive Networks, believes the Lazarus Group, one of the most notorious band of cybercriminals, is behind this, … The ISBuzz Post: This Post Analysis Of Banco De Chile + Continued Cyber Attacks On Banks | Medical | APT 38 | |
|
2018-06-11 13:00:00 | More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea (lien direct) | Written By Chris Doman and Jaime Blasco Introduction Recently, an ActiveX zero-day was discovered on the website of a South Korea think tank that focuses on national security. Whilst ActiveX controls are disabled on most systems, they are still enabled on most South Korean machines due to mandates by the South Korean government. These attacks have been attributed to Lazarus, a group thought to be linked to North Korea. Below we’ve shared our brief analysis of of the attack. Profiling Script The first step appears to have been a profiling script to get information on possible targets for their attack. We’ve seen Lazarus do this before on other sites they have infected, and it’s a technique that other advanced attackers have been seen to employ. This was followed by scripts to perform additional profiling and actually delivery the ActiveX exploit. Some details of these scripts were kindly shared by issuemakerslab, who identified a number of infections that moved over time: | Malware Vulnerability | APT 38 | ★★★★ |
|
2018-06-04 16:54:00 | (Déjà vu) US-North Korea Summit News Used as Lure In New Malware Campaign (lien direct) | Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says. | Cloud | APT 37 | |
|
2018-06-04 16:54:00 | US-North Korea Summit News Being Used as Lure In New Malware Campaign (lien direct) | Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says. | Cloud | APT 37 | |
|
2018-06-04 06:35:01 | North Korea-Linked Covellite APT group stopped targeting organizations in the U.S. (lien direct) | A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […] | Covellite APT 38 | ||
|
2018-06-01 06:33:04 | North Korea-linked Andariel APT Group exploited an ActiveX Zero-Day in recent attacks (lien direct) | A North Korea-linked APT group, tracked as Andariel Group, leveraged an ActiveX zero-day vulnerability in targeted attacks against South Korean entities. According to a report published by South Korean cyber-security firm AhnLab, the Andariel Group is a division of the dreaded Lazarus APT Group, it already exploited ActiveX vulnerabilities in past attacks The attackers exploited at […] | APT 38 | ||
|
2018-05-31 10:11:03 | North Korea-Linked Group Stops Targeting U.S. (lien direct) | A threat actor linked to North Korea's Lazarus Group has stopped targeting organizations in the United States, but remains active in Europe and East Asia. | Medical | APT 38 |
To see everything:
Our RSS (filtrered)
