What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-21 12:17:02 | OceanLotus adopts public exploit code to abuse Microsoft Office software (lien direct) | APT32 is using a public exploit to abuse Office and compromise targeted systems. | APT 32 | ||
 |
2019-03-20 10:28:00 | Fake or Fake: Keeping up with OceanLotus decoys (lien direct) | >ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar | APT 32 | ||
 |
2019-03-08 14:53:02 | Details About Shadowy Hacking, Cyber Espionage Group Revealed. (lien direct) | Security researchers have been aware of the OceanLotus hacking and cyber espionage group since at least 2015, but new information about the scope of the group’s operations were revealed here at RSA. Researchers are now confident the group has been running a sophisticated fake news operation targeting activists in Vietnam. Source: PC Mag | APT 32 | ||
 |
2019-03-07 13:00:00 | Oceans Are \'Spiking a Fever\' With Record Heat Waves (lien direct) | More frequent and severe ocean heat waves are behaving like wildfires, wiping out sea life across large areas. | APT 32 | ||
 |
2019-03-04 09:00:05 | Ocenaudio – L\'éditeur audio qu\'il vous faut (lien direct) | Ocenaudio est un freeware dispo pour Linux, Windows et macOS qui permet d’éditer des fichiers audio. L’édition peut se faire de manière simultanée sur 2 canaux, avec tous les outils classiques que l’ont peut trouver dans ce genre de soft, ainsi qu’une visualisation spectrale de votre fichier audio. Ocenaudio dispose … Suite | APT 32 | ||
|
2019-02-20 12:00:00 | Boaty McBoatface Gears Up for Epic Swim Across the Arctic (lien direct) | The probe with the famous name may soon have a new claim to fame, by crossing the Arctic Ocean on the longest underwater robot journey yet. | APT 32 | ||
|
2019-01-09 13:00:00 | Ocean Cleanup\'s Plastic Catcher Is Busted. So What Now? (lien direct) | First, the 600-meter-long plastic catcher didn't catch plastic. Then it split in two. What is the right way, then, to cleanse our oceans of the plastic menace? | APT 32 | ||
|
2018-12-20 12:00:00 | A SpaceX Booster Went for a Swim and Came Back as Scrap Metal (lien direct) | The space company spent several days retrieving and inspecting a rocket booster that made an unplanned ocean landing. Now it appears to be toast. | APT 32 | ||
 |
2018-12-03 12:02:01 | OceanLotus Targets Southeast Asia in New Watering Hole Campaign (lien direct) | A cyber-espionage group believed to be operating out of Vietnam has compromised over 20 websites as part of a watering hole campaign targeting users in Southeast Asia, ESET reports. | APT 32 | ||
|
2018-11-20 13:56:00 | OceanLotus: New watering hole attack in Southeast Asia (lien direct) | >ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites | APT 32 | ||
|
2018-11-01 16:04:03 | The Sea May Be Absorbing Way More Heat Than We Thought (lien direct) | Scientists have developed a radical new method for measuring global warming-induced rising ocean temperatures: They aren't sampling water, but air. | APT 32 | ||
 |
2018-10-26 15:00:00 | The 10 programming languages developers use most in open source projects (lien direct) | More than half of developers are contributing to open source projects in React.js, Kubernetes, Docker, and more, according to a DigitalOcean report. | Uber APT 32 | ★★ | |
 |
2018-10-22 16:23:01 | A week in security (October 15 – 21) (lien direct) |
A roundup of the security news from October 15–21, including how to build your own security camera, the FIDO standard, Twitter information operations, and our Q3 CTNT report.
Categories:
Security world
Week in security
Tags: a week in securityCTNT reportfacebookfidograndcrabgreyenergyoceansaltpentagonsecurity camerastwitter
(Read more...)
|
APT 32 | ||
 |
2018-10-19 15:30:05 | (Déjà vu) Oceansalt Cyberattack Wave Linked To Defunct Chinese APT Comment Crew (lien direct) | News broke today that newly discovered first-stage implant targeting Korean-speaking victims borrows code from another reconnaissance tool linked to Comment Crew, a Chinese nation-state threat actor that was exposed in 2013 following cyber espionage campaigns against the United States. Dubbed Oceansalt, the threat has been spotted on machines in South Korea, the United States, and Canada. … The ISBuzz Post: This Post Oceansalt Cyberattack Wave Linked To Defunct Chinese APT Comment Crew | Tool Threat | APT 32 APT 1 | |
 |
2018-10-19 07:06:03 | Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew (lien direct) | Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […] | Malware Threat | APT 32 APT 1 | |
 |
2018-10-18 12:03:00 | \'Operation Oceansalt\' Reuses Code from Chinese Group APT1 (lien direct) | A recently observed cyber-espionage campaign targeting South Korea, the United States and Canada is reusing malicious code previously associated with state-sponsored Chinese group APT1, McAfee reports. | APT 32 | ||
|
2018-10-18 04:01:00 | Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew (lien direct) | The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands. | Malware | APT 32 APT 1 | |
 |
2018-10-18 04:01:00 | \'Operation Oceansalt\' Delivers Wave After Wave (lien direct) | 
A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass …
|
APT 32 | ||
|
2018-10-05 11:00:00 | We\'re Destroying the Sea-But It Could Save Us From Ourselves (lien direct) | A new review looks at more than 1,000 studies of potential oceanic solutions to climate change. A good idea? Wind energy. Maybe not so good? Loading the sea with iron. | Studies | APT 32 | |
|
2018-09-19 11:00:00 | This Supple, Squishy Robo-Jellyfish Can Explore Ocean Reefs (lien direct) | A new robotic jellyfish can squeeze through holes smaller than its body size. | APT 32 | ||
|
2018-09-13 11:00:00 | Hurricane Florence: Underwater Drones Help Track the Storm\'s Path (lien direct) | A new tool called a Slocum glider measures the ocean heat that fuels super-storms like Florence, filling in data gaps to help make forecasting more accurate. | Tool | APT 32 | ★★★★ |
|
2018-09-07 11:00:00 | Ocean Cleanup\'s Plastic Catcher Heads to Sea. But Scientists Are Skeptical (lien direct) | Ocean Cleanup has raised $40 million to deploy a massive device to capture plastic pollution. But many scientists don't think the plan holds water. | APT 32 | ||
 |
2018-08-20 16:06:46 | DeGrasse Tyson: Make Truth Great Again (lien direct) | Neil deGrasse Tyson tweets the following:I'm okay with a US Space Force. But what we need most is a Truth Force - one that defends against all enemies of accurate information, both foreign & domestic.- Neil deGrasse Tyson (@neiltyson) August 20, 2018When people make comparisons with Orwell's "Ministry of Truth", he obtusely persists:A good start: The National Academy of Sciences, which “…provides objective, science-based advice on critical issues affecting the nation."- Neil deGrasse Tyson (@neiltyson) August 20, 2018Given that Orwellian dystopias were the theme of this summer's DEF CON hacker conference, let's explore what's wrong with this idea.Truth vs. "Truth"I work in a corrupted industry, variously known as the "infosec" community or "cybersecurity" industry. It's a great example of how truth is corrupted into "Truth".At a recent government policy meeting, I pointed out how vendors often downplay the risk of bugs (vulnerabilities that can be exploited by hackers). When vendors are notified of these bugs and release a patch to fix them, they often give a risk rating. These ratings are often too low, in order to protect the corporate reputation. The representative from Oracle claimed that they didn't do that, and that indeed, they'll often overestimate the risk. Other vendors chimed in, also claiming they rated the risk higher than it really was.In a neutral world, deliberately overestimating the risk would be the same falsehood as deliberately underestimating it. But we live in a non-neutral world, where only one side is a lie, the middle is truth, and the other side is "Truth". Lying in the name of the "Truth" is somehow acceptable.Moreover, Oracle is famous for having downplayed the risk of significant bugs in the past, and is well-known in the industry as being the least trustworthy vendor as far as security of their products is concerned. Much of their policy efforts in Washington D.C. are focused on preventing their dirty laundry from being exposed. They aren't simply another vendor promoting "Truth", but a deliberately exploiting "Truth" to corrupt ends.That we should exaggerate the risks of cybersecurity, deliberately lie to people for their own good, is the uncontroversial consensus of our infosec/cybersec community. Most do it, few think this is wrong. Security is a moral imperative that justifies "Truth".The National Academy of ScientistsSo are we getting the truth or "Truth" from organizations like the National Academy of Scientists?The question here isn't global warming. That mankind's carbon emissions warms the climate is truth. We have a good understanding of how greenhouse gases work, as well as many measures of the climate showing that warming is occurring. The Arctic is steadily losing ice each summer.Instead, the question is "Global Warming", the claims made by politicians on the subject. Do politicians on the left fairly represent the truth, or are they the "Truth"?Which side is the National Academy of Sciences on? Are they committed to the truth, or (like the infosec/cybersec community) are they pursuing "Truth"? Is global warming a moral imperative that justifies playing loose with the facts?Googling "national academy of sciences climate chang | Guideline | APT 32 | |
 |
2018-08-10 12:17:03 | Samsung announces the Galaxy Note9 with an AI camera and new S-Pen (lien direct) | Samsung Galaxy Note9 launches with a new AI-powered camera and more powerful S-Pen Samsung finally unveiled its most-awaited 'phablet' Galaxy Note9 at its Unpacked event in Brooklyn, New York on Thursday. The South Korean giant claims that the Galaxy Note9 will ‘raise the bar for speed and power once again.’ “The Note has always been our showcase for premium technology and industry-defining innovation, and Galaxy Note9 is no exception,” DJ Koh, President and CEO of IT and Mobile Communications Division, Samsung Electronics told an audience at the Samsung Unboxed event in New York. “It’s designed for a level of performance, power, and intelligence that today’s power users want and need. “Note fans are Samsung’s most loyal; we know they want it all, to get the most out of work and play, and Galaxy Note9 is the only phone that can keep up with their busy lives.” On the specification front, Samsung Galaxy Note9 includes a 6.4-inch Quad HD+ Super AMOLED Infinity Display, that’s nearly bezel-less on the sides. Samsung claims its all-new Galaxy Note9 is ‘super powerful’. It is powered by Qualcomm’s Snapdragon 845 chipset for the US model, and in-house Exynos 9810 SoC for other markets. It provides cellular download speeds of up to 1.2Gbps (gigabits per second) with the Snapdragon X20 4G LTE modem. The Note9 will also offer powerful gaming performance with the Adreno 630 GPU and it ships with Android 8.1 Oreo. The smartphone is powered by a huge 4,000mAh battery – the largest ever on a flagship Galaxy phone – which Samsung is promising will deliver “all day” battery life. Samsung Note9 is available in two variants: 8GB RAM + 512GB storage and 6GB RAM + 128GB storage. Like the Galaxy S9 Plus, Samsung's Galaxy Note 9 will also have a dual-rear camera setup comprising of a 12-megapixel primary lens with a dual aperture that can shift from f/2.4 aperture to a wider f/1.5 in low light conditions. The secondary camera has a 12-megapixel lens with f/2.4 aperture, while there is an 8MP selfie camera on the front. What's new is that the camera has a “scene optimizer” feature that uses artificial intelligence (AI) technology to automatically identify the environment or thing you’re shooting. It will automatically detect what it’s looking at, and adjust the settings accordingly to take the best possible picture. Also, if the camera detects that a picture has any imperfection, like a blur or shut-eye, so they can quickly take another picture. It features Dual Aperture technology, which Samsung introduced earlier this year on its Galaxy S9 range. This adjusts the camera lens to light in the same way as the human eye. The biggest highlight of Note9 is the new Bluetooth-enabled S-Pen that allows you to control the camera. In other words, you can set up a group photo and use the S-Pen as a makeshift camera shutter button, or can use it to pause and resume music playback, or scroll through PowerPoint presentations. The new S-Pen charges while it’s stored in your phone and a one minute charge lasts a half hour. The Galaxy Note9 will be made available in four colors: Black (with Black S-Pen), Purple (with Purple S-pen), Copper (with Copper S-Pen) and Ocean Blue (Yellow S-Pen) Pre-orders for the Galaxy Note9 begin on August 10th and the phone will be available on August 24, starting at $999.99 for the 128GB model and $1,249.99 for the 512GB model at all major carriers or direct (and unlocked) from Samsung. | APT 32 | ||
 |
2018-08-06 13:00:00 | Black Hat 2018 will be Phenomenal! (lien direct) |
The AlienVault team is ready to meet and greet visitors at Black Hat USA 2018, August 8th and 9th at the Mandalay Bay Convention Center in Las Vegas! Black Hat is one of the leading security industry events. The conference features the largest and most comprehensive trainings, educational sessions, networking opportunities and a two-day expo packed with exhibitors showcasing the latest in information security solutions from around the world!
Visit us at Booth #528!
Visit booth #528 located below the large, green alien head! We will be leading theater presentations twice an hour. Attendees will get a cool AlienVault collectors t-shirt, as well as a chance to win a pair of Apple® AirPods during our daily raffle. Stop by and meet the AlienVault team and learn about the recently announced endpoint detection and response capabilities now part of the USM Anywhere platform! USM Anywhere is the ONLY security solution that automates threat hunting everywhere modern threats appear: endpoints, cloud, and on-premises environments – all from one unified platform. Check out this awesome video by Javvad Malik, Community Evangelist for AlienVault, to learn more here!
Attend "From the Defender's Dilemma to the Intruder's Dilemma" Session for a chance to win a Nintendo Switch!
Join AlienVault VP of Product Marketing Sanjay Ramnath at a Black Hat speaking session. Sanjay will be speaking on Wednesday, August 8th from 10:20am-11:10am in Oceanside E on 'From the Defender's Dilemma to the Intruder's Dilemma'. We will be handing out raffle tickets before the session begins. Be sure to check out this session for the chance to win a Nintendo Switch!
Get Access to the Exclusive Security Leaders Party at Black Hat!
AlienVault is co-sponsoring one of the hottest security parties at Black Hat! Join us on Wednesday night from 8:00 - 10:00pm - guests will enjoy music, food, and a full open bar at the best venue at Mandalay Bay, Eyecandy Sound Lounge!
This will be the most talked about party of BHUSA 2018! We expect to reach capacity, so don't hesitate to get on the list now!
Event Details:
Date: Wednesday, August 8th
Time: 8:00 - 10:00 PM
Location: Eyecandy Sound Lounge, Mandalay Bay
We can’t wait to see you all at #BHUSA this week!
   |
Threat Guideline | APT 32 | |
|
2018-07-26 15:30:00 | (Déjà vu) Shipping Giant COSCO Hit By Ransomware Attack (lien direct) | A ransomware infection has crippled the US network of one of the world’s largest shipping giants -COSCO (China Ocean Shipping Company). IT security experts commented below. Javvad Malik, Security Advocate at AlienVault: “Ransomware continues to wreak havoc within companies. It’s unclear whether this was a targeted or casual attack, but employees should be trained to be able … The ISBuzz Post: This Post Shipping Giant COSCO Hit By Ransomware Attack | Ransomware | APT 32 | |
|
2018-07-26 10:19:05 | Ransomware attack disrupted some systems of the shipping giant COSCO in the US (lien direct) | The Chinese shipping giant COSCO was reportedly hit by a ransomware based attack, the attack occurred in the American region. According to COSCO a “local network breakdown” disrupted some systems in the United States. Media confirmed the incident was the result of a ransomware attack and quoted a company spokesman as the source. “The China Ocean Shipping […] | Ransomware | APT 32 | |
 |
2018-07-25 19:23:01 | (Déjà vu) Ransomware Infection Cripples Shipping Giant COSCO\'s American Network (lien direct) | A ransomware infection has crippled the US network of one of the world's largest shipping giants -COSCO (China Ocean Shipping Company). [...] | Ransomware | APT 32 | |
|
2018-07-25 19:23:01 | (Déjà vu) Ransomware Infection Cripples Shipping Giant CISCO\'s American Network (lien direct) | A ransomware infection has crippled the US network of one of the world's largest shipping giants -COSCO (China Ocean Shipping Company). [...] | Ransomware | APT 32 | |
|
2018-07-07 11:00:00 | Flattened Fluids Help Scientists Understand Oceans and Atmospheres (lien direct) | By squeezing fluids into flat sheets, researchers can get a handle on the strange ways that turbulence feeds energy into a system instead of eating it away. | APT 32 | ||
|
2018-07-05 13:00:00 | The Boat Circling the Planet on Renewable Energy and Hydrogen (lien direct) | The French-built Energy Observer is on a years-long, 50-country tour of the planet, spreading the gospel of fossil fuel–free ocean travel. | APT 32 | ||
|
2018-06-29 15:00:01 | Why engineers leave your company: The 7 most-cited reasons (lien direct) | Hiring managers struggle to understand why they fail to retain IT talent, according to a Digital Ocean report. | APT 32 | ★★★ | |
|
2018-06-27 17:57:01 | Another Local Government Agency Hacked (lien direct) | The latest local government data breach has occurred in Midland, Texas where hackers leveraged a vulnerability in Superion's Click2Gov function in the payment server used to make online payments for utilities. Other cities might be affected as well including Beaumont, California, Oceanside California and Goodyear, Arizona. Ryan Wilk, VP of Customer Success: “Hackers will leverage … The ISBuzz Post: This Post Another Local Government Agency Hacked | Data Breach Vulnerability | APT 32 | |
|
2018-06-19 12:00:00 | Analysis: Zillow Shows Rising Seas Threaten Over 300,000 Homes (lien direct) | Climate change study predicts 'staggering impact' of swelling oceans on coastal communities within next 30 years. | APT 32 | ★★ | |
 |
2018-06-18 03:00:00 | Does cyber insurance make us more (or less) secure? (lien direct) | If data is the new oil, then we're looking at pelicans soaked in crude on a beach.When an oil tanker goes down or an oil rig explodes, dumping millions of gallons of petroleum into the ocean, we clean up the spill, we look for first causes, and we hold the company - even individuals - responsible for the harm they've caused to a shared resource: the environment we all live in.[ Watch out for 7 common modeling mistakes | Get the latest from CSO by signing up for our newsletters. ] When a company like Equifax commits gross negligence for failing to secure our data, and a breach pumps 147.9 million records onto the internet, the company's directors keep their jobs, their cyber insurance policy pays out, and the company posts a profit. | Equifax APT 32 | ||
|
2018-04-05 18:23:02 | OSX_OCEANLOTUS.D, a new macOS backdoor linked to APT 32 group (lien direct) | Security experts at Trend Micro have discovered a new macOS backdoor that they linked to the APT 32 (OceanLotus, APT-C-00, SeaLotus, and Cobalt Kitty) cyber espionage group. The APT32 group has been active since at least 2013, according to the experts it is a state-sponsored hacking group. The hackers hit organizations across multiple industries and have also targeted foreign […] | APT 32 | ★★ | |
|
2018-04-05 15:23:03 | New macOS Backdoor Linked to Cyber-espionage Group (lien direct) | >A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques. | APT 32 | ||
|
2018-04-05 10:59:01 | New MacOS backdoor connected to OceanLotus threat group (lien direct) | OceanLotus has been linked to attacks against human rights organizations, researchers, and more. | APT 32 | ||
|
2018-04-04 14:00:03 | Breaches Increasingly Discovered Internally: Mandiant (lien direct) | >Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant.
The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016.
On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016.
Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days).
Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation.
In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor.
Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region.
When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups.
Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten).
|
Conference | APT33 APT 35 APT 33 APT 32 APT 34 | |
|
2018-03-15 03:15:04 | Qrypter RAT Hits Hundreds of Organizations Worldwide (lien direct) | Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. Also known as Qarallax, Quaverse, QRAT, and Qontroller, Forcepoint explains that Qrypter | APT 32 | ||
|
2018-03-15 03:01:04 | New “HenBox” Android Malware Discovered (lien direct) | A newly discovered Android malware family masquerades as various popular applications and can steal a broad range of information from infected devices, Palo Alto Networks warns. Dubbed HenBox, the malware was observed installing the legitimate versions of apps it poses as to hide its presence on compromised devices. The threat is distributed via third-party app stores and mainly targets Uyghur, a minority Turkic ethnic group in the Xinjiang Uyghur Autonomous Region in North West China, and Xiaomi devices. On the infected devices, HenBox can steal information from mainstream chat, communication, and social media apps. It gathers both personal and device information, can track the device's location, can access the microphone and camera, and harvests outgoing phone numbers with an “86” prefix (the country code for the People's Republic of China). Palo Alto's researchers discovered nearly 200 HenBox samples, the oldest dating back to 2015, but activity occured in the second half of 2017. A small but consistent number of samples has been observed this year as well. While analyzing the mobile threat, Palo Alto connected | APT 32 | ||
|
2018-03-14 16:39:02 | (Déjà vu) Microsoft Patches Remote Code Execution Flaw in CredSSP (lien direct) | A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target system. The authentication provider, Microsoft explains, processes authentication requests for other applications, meaning that the vulnerability puts all applications that depend on CredSSP at risk. Preempt, which discovered the bug, explains | APT 32 | ||
|
2018-03-14 15:15:02 | OceanLotus APT is very active, it used new Backdoor in recent campaigns (lien direct) | The OceanLotus APT group, also known as APT32 and APT-C-00, has been using a new backdoor in recently observed attacks. The OceanLotus Group has been active since at least 2013, according to the experts it is a state-sponsored hacking group linked to Vietnam, most of them in Vietnam, the Philippines, Laos, and Cambodia. The hackers targeting […] | APT 32 | ||
|
2018-03-14 03:00:02 | SAP Patches Decade-Old Flaws With March 2018 Patches (lien direct) | SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. A total of 10 Security Notes were included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released Security Notes. SAP this month included 17 Support Package Notes in the Security Patch Day, for a total of 17 Security Notes, ERPScan (a company that specializes in securing Oracle and SAP applications) reports. 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month. The most severe of the Security Notes addresses three vulnerabilities in SAP Internet Graphics Server (IGS) and carries a High priority rating (CVSS Base Score: 8.8). The bugs include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remot | APT 32 | ||
|
2018-03-13 17:58:05 | "OceanLotus" Spies Use New Backdoor in Recent Attacks (lien direct) | OceanLotus, a cyber-espionage group believed to be operating out of Vietnam, has been using a new backdoor in recently observed attacks, but also using previously established tactics, ESET reveals. Also known as APT32 and APT-C-00, the advanced persistent threat (APT) has been targeting high-profile corporate and government organizations in Southeast Asia, particularly in Vietnam, the Philippines, Laos, and Cambodia. The group is well-resourced and determined and is known to be using custom-built malware in combination with techniques long known to be successful. One of the latest malware families used by the group is a fully-fledged backdoor that provides operators with remote access to compromised machines, along with the ability to manipulate files, registries, and processes, as well as the option to load additional components if needed. For distribution purposes, OceanLotus uses a two-stage attack that employs a dropper to gain initial foothold on the targeted system and prepare the stage for the backdoor, ESET explains in a new report ( | APT 32 | ||
|
2018-03-13 08:55:02 | OceanLotus ships new backdoor using old tricks (lien direct) | To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind. | Threat | APT 32 | |
 |
2018-01-11 08:12:23 | Box Enki de Leroy Merlin : Bluetooth, EnOcean, LoRa, Wi-Fi, Zigbee et 433 MHz (lien direct) | L'enseigne spécialisée dans le bricolage propose déjà depuis plusieurs mois une application mobile éponyme (sur Android et iOS) permettant de contrôler des objets connectés de plusieurs marques. La soci...Lire la suite | APT 32 | ||
 |
2018-01-02 16:00:31 | (Déjà vu) OceanLotus (lien direct) | > Type: Trojan Horse Platform: Mac OS X Last updated: 12/02/17 12:04 am Threat Level: High Description OceanLotus is a trojan horse. OceanLotus Threat Removal MacScan can detect and remove OceanLotus Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan | APT 32 | ||
|
2017-12-12 07:55:49 | The OceanLotus MacOS Backdoor Transforms into HiddenLotus with a Slick UNICODE Trick (lien direct) | >Experts at Malwarebytes warns of a new variant of the macOS OceanLotus backdoor is using an innovative technique to avoid detection, A few years ago the bad actors realized they could use UNICODE characters that looked like English characters to lead unsuspecting victims to malicious websites. Now, they have figured out how to use a […] | Guideline | APT 32 | |
 |
2017-11-09 09:07:00 | OceanLotus APT Group Unfolds New Tactic in Cyber Espionage Campaign (lien direct) | The group has begun using compromised websites to profile and target entities of interest to the Vietnamese government, Volexity says. | APT 32 |
To see everything:
Our RSS (filtrered)
