What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 | |
 |
2019-03-28 06:57:04 | Microsoft Takes Control of 99 Domains Used by Iranian Cyberspies (lien direct) | Microsoft on Wednesday announced that it had taken control of 99 domains used by an Iran-linked cyberespionage group it tracks as Phosphorus. | Conference | APT 35 | |
 |
2019-03-28 01:18:01 | Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms (lien direct) | An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.
Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide |
APT33 APT 33 | ||
 |
2019-03-27 18:04:01 | Microsoft takes control of 99 domains operated by Iranian state hackers (lien direct) | Microsoft takes control of 99 domains operated by APT35/Phosphorus cyber-espionage group. | Conference | APT 35 | |
 |
2019-03-27 15:39:03 | Microsoft Retaliates Against APT35 Hacker Group by Seizing 99 Domains (lien direct) | Court documents unsealed today show how Microsoft's Digital Crimes Unit was able to block some of the cyber attacks conducted by an Iranian-backed advanced persistence threat (APT) group by taking over domains used as part of their core operations. [...] | Threat | APT 35 | |
|
2019-03-27 15:00:02 | North Korea-Linked Hackers Target macOS Users (lien direct) | New Lazarus Operation Targets Windows, macOS Systems The North Korea-linked Lazarus group has been leveraging PowerShell to target both Windows and macOS machines as part of an attack campaign that has been ongoing since at least November 2018, Kaspersky Lab reports. | Medical | APT 38 | |
|
2019-03-27 14:00:02 | Iran-Linked Cyberspy Group APT33 Continues Attacks on Saudi Arabia, U.S. (lien direct) | An Iran-linked cyberespionage group tracked as Elfin and APT33 continues targeting organizations in Saudi Arabia and the United States, Symantec reported on Wednesday. | APT33 APT 33 | ||
|
2019-03-27 10:52:01 | North Korean hackers continue attacks on cryptocurrency businesses (lien direct) | Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine. | Malware Medical | APT 38 | |
|
2019-03-21 12:17:02 | OceanLotus adopts public exploit code to abuse Microsoft Office software (lien direct) | APT32 is using a public exploit to abuse Office and compromise targeted systems. | APT 32 | ||
 |
2019-03-20 10:28:00 | Fake or Fake: Keeping up with OceanLotus decoys (lien direct) | >ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar | APT 32 | ||
 |
2019-03-18 14:57:01 | A week in security (March 11 – 17) (lien direct) |
A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google's Nest, and Firefox Send.
Categories:
Security world
Week in security
Tags: Apex LegendsChinese DNAemotetfacebookFacebook outageFirefox SendGoogle NestGoogle PlayLazarus Groupnetflixpsd2Spotify
(Read more...)
|
Medical | APT 38 | |
|
2019-03-12 16:27:00 | The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat Medical | Wannacry APT 38 | |
 |
2019-03-08 14:53:02 | Details About Shadowy Hacking, Cyber Espionage Group Revealed. (lien direct) | Security researchers have been aware of the OceanLotus hacking and cyber espionage group since at least 2015, but new information about the scope of the group’s operations were revealed here at RSA. Researchers are now confident the group has been running a sophisticated fake news operation targeting activists in Vietnam. Source: PC Mag | APT 32 | ||
 |
2019-03-07 13:00:00 | Oceans Are \'Spiking a Fever\' With Record Heat Waves (lien direct) | More frequent and severe ocean heat waves are behaving like wildfires, wiping out sea life across large areas. | APT 32 | ||
|
2019-03-05 21:23:03 | Iran-Linked Chafer APT recently used python-based backdoor (lien direct) | The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […] | Malware Prediction | APT 39 | |
|
2019-03-05 15:30:05 | Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (lien direct) | The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity, Palo Alto Networks reveals. | Threat Prediction | APT 39 | |
 |
2019-03-05 14:15:00 | Lazarus Research Highlights Threat from North Korea (lien direct) | A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. | Threat Medical | APT 38 | |
|
2019-03-04 12:42:03 | Experts collect more evidence that link Op \'Sharpshooter\' to North Korea (lien direct) | Security researchers at McAfee have linked the Op. Sharpshooter with the North Korea-linked Lazarus APT group after analyzing code from a command and control (C2) server. Security experts at McAfee analyzed the code of a C2 server involved in the cyber espionage campaign tracked as Op. Sharpshooter and linked it with the North Korea-linked APT […] | APT 38 | ||
|
2019-03-04 11:43:02 | Researchers granted server by gov officials link Sharpshooter attacks to North Korea (lien direct) | Analysis of the server revealed links to North Korea's Lazarus Group. | Medical | APT 38 | |
 |
2019-03-04 09:00:05 | Ocenaudio – L\'éditeur audio qu\'il vous faut (lien direct) | Ocenaudio est un freeware dispo pour Linux, Windows et macOS qui permet d’éditer des fichiers audio. L’édition peut se faire de manière simultanée sur 2 canaux, avec tous les outils classiques que l’ont peut trouver dans ce genre de soft, ainsi qu’une visualisation spectrale de votre fichier audio. Ocenaudio dispose … Suite | APT 32 | ||
|
2019-03-03 23:30:04 | Op \'Sharpshooter\' Connected to North Korea\'s Lazarus Group (lien direct) | After analyzing a command and control (C2) server used in the global cyber-espionage campaign dubbed 'Sharpshooter', security researcher found more evidence linking it to North Korea's Lazarus threat actor. [...] | Threat | APT 38 | |
|
2019-02-20 12:20:01 | North Korea\'s Lazarus APT targets Russian Entities (lien direct) | Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […] | APT 38 | ||
|
2019-02-20 12:00:00 | Boaty McBoatface Gears Up for Epic Swim Across the Arctic (lien direct) | The probe with the famous name may soon have a new claim to fame, by crossing the Arctic Ocean on the longest underwater robot journey yet. | APT 32 | ||
|
2019-02-19 15:53:03 | North Korea\'s Lazarus Hackers Found Targeting Russian Entities (lien direct) | It has long been thought that Russia is a no-go area for North Korean hacking group Lazarus. Russia is one of North Korea's few friends, along with China. | APT 38 | ||
|
2019-02-19 13:32:00 | North Korean APT Lazarus Targets Russian Entities with KEYMARBLE Backdoor (lien direct) | Bluenoroff, a subdivision of the North Korean sponsored APT group Lazarus, recently switched its sights to Russian entities as unveiled by a newly discovered campaign which uses malicious Office documents specifically crafted to target Russian organizations. [...] | APT 38 | ||
 |
2019-02-01 19:35:02 | Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware (lien direct) | The Remexi spyware has been improved and retooled. | Malware | APT 39 | |
|
2019-01-31 10:29:01 | (Déjà vu) FBI Maps and Further Disrupts North Korean Jonap Botnet. (lien direct) | The United States Department of Justice (DoJ) announced its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”-an Advanced Persistent Threat (APT) actors’ group often known as […] | Threat Medical | APT 38 | |
|
2019-01-31 00:03:04 | FBI Mapping \'Joanap Malware\' Victims to Disrupt the North Korean Botnet (lien direct) | The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"-an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of
|
Threat Medical | APT 38 | |
|
2019-01-30 08:58:00 | Iran-Linked APT39 group use off-the-shelf tools to steal data (lien direct) | An Iran-linked cyber-espionage group tracked as APT39 is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The APT39 cyberespionage group is carrying out a widespread campaign using a broad range of custom and off-the-shelf tools. The group has been active at least since November 2014, its operations are aligned […] | Prediction | APT 39 | |
 |
2019-01-29 11:00:00 | APT39: Un groupe de cyber-espionnage iranien s'est concentré sur les informations personnelles APT39: An Iranian Cyber Espionage Group Focused on Personal Information (lien direct) |
Mise à jour (30 janvier): La figure 1 a été mise à jour pour refléter plus précisément le ciblage APT39.Plus précisément, l'Australie, la Norvège et la Corée du Sud ont été supprimées.
En décembre 2018, Fireeye a identifié l'APT39 comme un groupe de cyber-espionnage iranien responsable du vol généralisé d'informations personnelles.Nous avons suivi l'activité liée à ce groupe depuis novembre 2014 afin de protéger les organisations de l'activité APT39 à ce jour.APT39 \\ est l'accent mis sur le vol répandu d'informations personnelles le distingue des autres groupes iraniens Fireeye, qui ont été liés à opérations d'influence , perturbateurs
UPDATE (Jan. 30): Figure 1 has been updated to more accurately reflect APT39 targeting. Specifically, Australia, Norway and South Korea have been removed. In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39\'s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive |
APT33 APT 39 APT 39 APT 33 | ★★★★ | |
|
2019-01-21 16:15:03 | Has two-factor authentication been defeated? A spotlight on 2FA\'s latest challenge (lien direct) | Read more...) | Conference | APT 35 | |
|
2019-01-16 15:51:01 | Disclosure of Chilean Redbanc Intrusion Leads To Lazarus Ties. (lien direct) | By Vitali Kremez, Director of Research, Flashpoint Flashpoint analysts believe that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked advanced persistent threat (APT) group Lazarus. Redbanc confirmed that the malware was installed on the company's corporate network without triggering antivirus […] | Malware Threat | APT 38 | |
|
2019-01-16 08:59:01 | Experts link attack on Chilean interbank network Redbanc NK Lazarus APT (lien direct) | Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […] | Malware | APT 38 | |
 |
2019-01-10 14:00:00 | Top 12 Blogs of 2018 (lien direct) |
Time to look back on the top AlienVault blogs of 2018! Here we go:
A North Korean Monero Cryptocurrency Miner by Chris Doman
Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours.
VLAN Hopping and Mitigation by Pam
This type of exploit allows an attacker to bypass any layer 2 restrictions built to divide hosts. With proper switch port configuration, an attacker would have to go through a router and any other layer 3 devices to access their target. However, many networks either have poor VLAN implementation or have misconfigurations which will allow for attackers to perform said exploit. In this article, I will go through the two primary methods of VLAN hopping, known as 'switched spoofing', and 'double tagging'. I will then discuss mitigation techniques.
DNS Poisoning and How To Prevent It by Jeff Thompson
The first thing to understand about DNS 'poisoning' is that the purveyors of the Internet were very much aware of the problem. Essentially, DNS requests are "cached", or stored, into a database which can be queried in almost real-time to point names like 'hotmail.com' or 'google.com' to their appropriate IP addresses. Can you imagine having to remember a string of numbers instead of a fancy name to get to your desired WWW (or GOPHER - if that's your thing) resources? 321.652.77.133 or 266.844.11.66 or even 867.53.0.9 would be very hard to remember. [Note: I have obfuscated REAL IP addresses with very fake ones here. Always trying to stay one step ahead of the AI Armageddon. Real IP addresses end with the numerical value of '255' within each octet.]
4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security by Stephen Roe
Companies both large and small must plan to protect their data. Failing to do so puts you at risk for financial trouble, legal liability, and loss of goodwill.
Make sure to deploy SIEMs to prevent such misfortunes befalling your business. If you know how to put them to use, SIEMs provide value out of the box. Here’s a quick recap on how SIEMs can benefit you with a few clicks.
Prevent SQL injection attacks by keeping an eye on the health of your systems. This will keep you ready if and when attacks do happen.
For handling watering hole intruders, SIEMs make it easy to monitor suspicious communication hinting at an attack in progress.
If you’re worried about malware infection, commun |
Malware Guideline | Wannacry APT 38 | |
|
2019-01-09 13:00:00 | Ocean Cleanup\'s Plastic Catcher Is Busted. So What Now? (lien direct) | First, the 600-meter-long plastic catcher didn't catch plastic. Then it split in two. What is the right way, then, to cleanse our oceans of the plastic menace? | APT 32 | ||
|
2019-01-08 19:49:04 | Ryuk ransomware attacks businesses over the holidays (lien direct) |
Over the holiday, a little-known ransomware family called Ryuk caused serious damage to numerous organizations. The attacks leave a lot of questions unanswered. What do we know so far?
Categories:
Cybercrime
Malware
Tags: attributionBitPaymer ransomwareChristmasdata resolutiondataresolution.netemotetexploitHermesholidayLazarusmalicious office documentsmalspammalwarebytes anti-exploitmalwarebytes anti-ransomwareNorth KoreaOnslow water and sewer authorityOWASAprotectionransomransomwareryukstatstipstribune publishingtrickbot
(Read more...)
|
Ransomware | APT 38 | |
|
2019-01-08 14:00:00 | 2018 Sees Record Number of Online Retail Data Breaches (lien direct) | During the holiday season people logged on to make purchases through online retailers, like no other time of the year. While there was significant growth in many segments of society on a global scale in 2018, we also saw a significant increase in online retail breaches where personally identifiable information was compromised at an alarming rate. With more and more people using online services for everything from ordering perishable food products to plane tickets and hotel reservations, 2018 proved to be a huge year for online/cybercriminals. Here are some facts around some of the largest and most far-reaching retail breaches of 2018: Data breaches are on the rise, and the total number of accounts breached has become ridiculously high. A report from cybersecurity firm Shape Security showed that almost 90% of the login attempts made on online retailers' websites are hackers using stolen data. Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers. Dozens of security breaches have occurred in 2018. Many of them were caused by flaws in payment systems, either online or in stores. Data breaches are on the rise for both retailers and other businesses. These data breaches are a real danger for both companies and customers and can affect the trust shoppers have in brands. According to a study by KPMG, 19% of consumers would completely stop shopping at a retailer after a breach, and 33% would take a break from shopping there for an extended period. Example Breaches Cheddar's Scratch Kitchen Darden Restaurant announced it was notified by government officials on August 16 that it had been the victim of a cyber attack. Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017, and January 2, 2018, may have had their credit-card information stolen. Darden estimates that 567,000 payment card numbers could have been compromised. Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin. Macy's Macy's confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26 and June 12 could have had their personal information and credit card details exposed to a third party. Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people. Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy's, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services." Adidas Adidas announced in June& | Data Breach Threat | Heritage APT 3 | |
|
2018-12-21 19:00:00 | Rejeté: contenant un adversaire potentiellement destructeur OVERRULED: Containing a Potentially Destructive Adversary (lien direct) |
mise à jour (3 juillet 2019): Le 16 mai 2019, l'équipe Advanced Practices de Fireeye \\ a attribué la "activité APT33 présumée" (appelée GroupB dans cet article de blog) à APT33, opérantà la demande du gouvernement iranien.Les logiciels malveillants et les métiers de cet article de blog sont conformes aux Juin 2019 Campagne d'intrusion Les secteurs financiers, de vente au détail, des médias et de l'éducation & # 8211;ainsi que U.S.Cyber Command \'s Juillet 2019 CVE-2017-11774 Indicateurs , que Fireeye attribue également à APT33.Le processus rigoureux de FireEye \\ pour le regroupement et l'attribution de ce
UPDATE (Jul. 3, 2019): On May 16, 2019 FireEye\'s Advanced Practices team attributed the remaining "suspected APT33 activity" (referred to as GroupB in this blog post) to APT33, operating at the behest of the Iranian government. The malware and tradecraft in this blog post are consistent with the June 2019 intrusion campaign targeting U.S. federal government agencies and financial, retail, media, and education sectors – as well as U.S. Cyber Command\'s July 2019 CVE-2017-11774 indicators, which FireEye also attributes to APT33. FireEye\'s rigorous process for clustering and attributing this |
Malware | APT33 APT 33 APT 33 | ★★★★ |
|
2018-12-20 12:00:00 | A SpaceX Booster Went for a Swim and Came Back as Scrap Metal (lien direct) | The space company spent several days retrieving and inspecting a rocket booster that made an unplanned ocean landing. Now it appears to be toast. | APT 32 | ||
|
2018-12-20 05:16:00 | Shamoon data-wiping malware believed to be the work of Iranian hackers (lien direct) | Researchers say the Iranian hacker group APT33 is responsible for recent attacks in the Middle East and Europe. | Malware | APT33 APT 33 | |
|
2018-12-17 16:42:04 | Charming Kitten Iranian Espionage Campaign Thwarts 2FA (lien direct) | The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. | APT 35 | ||
 |
2018-12-15 12:07:04 | Charming Kitten, pirates Iraniens, infiltrent les Gmail et Yahoo de responsables US (lien direct) | Charming Kitten, des pirates informatiques iraniens tentent d’infiltrer les comptes mails de responsables américains en passant outre la double authentification proposée par les deux webmails. La société britannique Certfa annonce que des pirates informatiques iraniens auraient réussi à infilt... Cet article Charming Kitten, pirates Iraniens, infiltrent les Gmail et Yahoo de responsables US est apparu en premier sur ZATAZ. | Conference | Yahoo APT 35 | |
|
2018-12-13 15:01:02 | Operation Sharpshooter targets critical infrastructure and global defense (lien direct) | McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in […] | Malware Threat | APT 38 | |
|
2018-12-12 11:26:05 | Op \'Sharpshooter\' Uses Lazarus Group Tactics, Techniques, and Procedures (lien direct) | A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group [...] | Malware Tool Threat Medical | APT 38 | |
 |
2018-12-03 12:02:01 | OceanLotus Targets Southeast Asia in New Watering Hole Campaign (lien direct) | A cyber-espionage group believed to be operating out of Vietnam has compromised over 20 websites as part of a watering hole campaign targeting users in Southeast Asia, ESET reports. | APT 32 | ||
|
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-23 15:32:05 | North Korean Hackers Hit Latin American Banks (lien direct) | The North Korean hacking group know as Lazarus recently targeted financial institutions in Latin America, Trend Micro security researchers have discovered. | APT 38 | ||
|
2018-11-20 13:56:00 | OceanLotus: New watering hole attack in Southeast Asia (lien direct) | >ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites | APT 32 | ||
|
2018-11-20 09:31:03 | Experts analyzed how Iranian OilRIG hackers tested their weaponized documents (lien direct) | Security experts at Palo Alto Networks analyzed the method used by Iran-linked OilRig APT Group to test weaponized docs before use in attacks. Security researchers Palo Alto Networks have analyzed the techniques adopted by Iran-linked APT group OilRig (aka APT34) to test the weaponized documents before use in attacks. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015, since then it targeted mainly […] | APT 34 | ||
|
2018-11-19 14:26:03 | Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs (lien direct) | Researchers Analyzed How the Iran-linked "OilRig" Hacking Group Tests Malicious Documents Before Use in Attacks | APT 34 |
To see everything:
Our RSS (filtrered)
