New Wave of Extortion Emails: Central Intelligence Agency Case, (Thu, Mar 21st)Thu, 21 Mar 2019 00:42:06 GMT The extortion attempts haved moved to another step recently. After the “sextortion†emails that are propagating for a while, attackers started to flood people with a new type of fake emails and their imaginnation is endless... I received one two days ago and, this time, they go one step further. In many countries, child pornography is, of course, a very strong offense punished by law. What if you received an email from a Central Intelligence Agency officer who reveals that you're listed in an international investigation about a case of child pornography and that you'll be arrested soon? Hopefully, the agent is a “nice guy†and, if you pay $10K in Bitcoin, he will be happy to delete your name from the list of bad guys?
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!, (Wed, Mar 20th)Wed, 20 Mar 2019 01:45:16 GMT In many internal assessments or "recon mission" style engagements, you&#;x26;#;39;ll need to figure out what all the internal subnets are before you can start assessing that address space for issues, targets or whatever you are looking for in that project. Or, as I had this week, the request was for enumeration of all the hosts that AREN&#;x26;#;39;T in AD.
Maldoc: Excel 4.0 Macros, (Sat, Mar 16th)Sat, 16 Mar 2019 22:50:07 GMT I&#;x26;#;39;ve received several samples of malicious spreadsheets with Excel 4.0 macros over the last weeks, like this one: 7df15be35bd8fd1a98adc24e6be7bfcd.
Binary Analysis with Jupyter and Radare2, (Fri, Mar 15th)Fri, 15 Mar 2019 10:57:26 GMT Jupyter has become very popular within the data science community, as it is an easy way of working interactively with Python, R and other languages. Within Jupyter you&#;x26;#;39;ll create a notebook, which contains (live) code, visualisations and markdown. It is being used for data processing, numerical simulations, modelling, data visualisation, machine-learning and let&#;x26;#;39;s reverse engineering to this.
Years-Long Phishing Campaign Targets Saudi Gov AgenciesWed, 20 Mar 2019 19:03:36 +0000 The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.
Fin7 Ramps Up Campaigns With Two Fresh Malware SamplesWed, 20 Mar 2019 17:00:41 +0000 Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.
Cardinal RAT Resurrected to Target FinTech FirmsTue, 19 Mar 2019 21:07:54 +0000 A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.
Podcast: The High-Risk Threats Behind the Norsk Hydro CyberattackTue, 19 Mar 2019 19:40:37 +0000 Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.
Old Tech Spills Digital Dirt on Past OwnersTue, 19 Mar 2019 18:31:36 +0000 Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
Why Phone Numbers Stink As Identity ProofSun, 17 Mar 2019 23:25:06 +0000 Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.
Ad Network Sizmek Probes Account BreachWed, 13 Mar 2019 20:56:39 +0000 Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform.""You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.
Patch Tuesday, March 2019 EditionWed, 13 Mar 2019 04:55:28 +0000 Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.