Exploit This

Security News, Exploits, and Vulnerabilities.

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations. After penetrating an organization’s network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization. The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

From Shamoon to StoneDrill

Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post.

On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users

What is most interesting about the StrongPity APT’s more recent activity however, is their focus on users of encryption tools, peaking this past summer. In particular, the focus was on Italian and Belgian users, but the StrongPity watering holes affected systems in far more locations than those two.

Threat intelligence report for the telecommunications industry

The telecoms sector is under fire on all sides – hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability.

The Equation Giveaway

Rare implementation of RC5/RC6 in ‘ShadowBrokers’ dump connects them to Equation malware August 13, 2016 saw the beginning of a truly bizarre episode. A new identity going under the name ‘ShadowBrokers’ came onto the scene claiming to possess files belonging… Read Full Article

ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms

‘ProjectSauron’ – a nation-state threat actor attacking state organizations with a unique set of tools for each victim, making traditional indicators of compromise almost useless. The aim of the attacks appears to be mainly cyber-espionage.

CVE-2015-2545: overview of current threats

Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability.

Freezer Paper around Free Meat

Repackaging Open Source BeEF for Tracking and More

Thank you, CanSecWest16!

This year, we had the absolute pleasure of being a part of CanSecWest’s fantastic lineup of talks, well-rewarded pwnage, and entertainment among a jovial crowd of infosec practitioners of every stripe.

%d bloggers like this: