Exploit This

Security News, Exploits, and Vulnerabilities.

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Original release date: October 11, 2018
Summary
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][…

Threats in the Netherlands

For this blogpost we gathered all the sinkhole data for Dutch IPs in the last four years, which amounts to around 85,000 entries. The aim is to give an overview of which APT groups are active in the Netherlands and what they are interested in.

MuddyWater expands operations

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US.

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT.

TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

Original release date: October 03, 2018
Systems Affected
Network Systems
Overview
The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltr…

TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation

Original release date: October 03, 2018
Systems Affected
Network Systems
Overview
This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credent…

TA18-275A: HIDDEN COBRA – FASTCash Campaign

Original release date: October 02, 2018
Systems Affected
Retail Payment Systems
Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Depar…

Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system

In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. During our research, it became clear that Roaming Mantis has been rather active and has evolved quickly. The group’s malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle East.

USB threats from malware to miners

In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.

%d bloggers like this: