Tag Lazarus

InfoSec Week 44, 2018

The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.
https://arstechnica.com/tech-policy/2018/10/feds-say-chinese-spies-and-their-hired-hackers-stole-aviation-secrets/

Apple's ICMP packet-handling code contains a heap buffer overflow vulnerability (CVE-2018-4407).
Exploit can DoS any Mac, iOS device on a network by sending a crafted packet. The ping of death is back.
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407

Microsoft is sharing Indian bank customers' data with U.S. intelligence agencies.
Looks like the banks were aware of it, when they have signed the Office 365 license agreements.
https://www.neowin.net/news/microsoft-has-been-sharing-indian-bank-customers039-data-with-us-intelligence-agencies

Google announced the launch of reCAPTCHA v3, which aims to improve user experience by removing the need for challenges. It uses the score based on the user on-site interactions.
https://developers.google.com/recaptcha/docs/v3

The end-to-end encrypted instant messaging application Signal introduced a new "Sealed sender" privacy feature that is protecting the sender before traffic observation.
https://signal.org/blog/sealed-sender/

Multiple malicious python libraries found and removed from PyPI. Guys are typo-squatting popular repository names and deliver malware.
https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/

Great list of lessons learned over 20 years of red teaming by security expert Matt Devost.
https://www.oodaloop.com/ooda-original/2015/10/22/10-red-teaming-lessons-learned-over-20-years/

Cisco Talos researchers found a code execution vulnerability in the anti-malware tool Sophos HitmanPro.Alert.
https://www.scmagazineuk.com/vulnerability-found-sophos-anti-malware-product/article/1497367

Researcher Jay Rosenberg documents clear connection between one of Lazarus Group's tools and an open source Chinese CasperPhpTrojan remote access trojan.
https://www.intezer.com/paleontology-the-unknown-origins-of-lazarus-malware/

Apple releases specification of T2 security chip.
https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf

Researchers announced a fast attack breaking OCB2, an ISO-standard authenticated encryption scheme.
https://eprint.iacr.org/2018/1040

InfoSec Week 7, 2017

Ukraine’s security service attributed Russia as an actor behind ongoing malware attacks against their critical infrastructure.
http://www.reuters.com/article/us-ukraine-crisis-cyber-idUSKBN15U2CN

Researchers from the Georgia Institute of Technology have created a ransomware that targets programmable logic controllers.
https://www.bleepingcomputer.com/news/security/researchers-create-poc-ransomware-that-targets-ics-scada-systems/
http://www.cap.gatech.edu/plcransomware.pdf

An in-depth analysis of a Marcher Android banking trojan targeting financials mostly in Germany, France, UK. Most infected devices are running Android 6.0.1.!
https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the_rise.html

First person narrative about a modus operandi of a red-team social engineer. Non so technical, more about the reconnaissance and the possibilities of a macro driven phishing.
http://www.informationsecuritybuzz.com/articles/getting-know-phishing-story-eyes-hacker/

Symantec and BAE Systems linked watering hole attacks on Polish Banks to the Lazarus Group.
http://securityaffairs.co/wordpress/56235/apt/lazarus-group-polish-bank.html

Malware written in SQL, executed inside the database, targets Magento-powered online stores.
https://gwillem.gitlab.io/2017/02/14/triggered-malware/

Data Selfie is a Chrome extension that logs what Facebook learns about you. It shows you your own data traces and reveal how machine learning algorithms use your data to gain insights about your personality. User data are stored only locally. Scary stuff! Try it.
http://dataselfie.it/

theZoo is a repository of a malware samples for people interested in malware analysis. Be careful.
https://github.com/ytisf/theZoo

Malboxes is a tool which builds malware analysis Windows virtual machines automatically using VirtualBox and Vagrant.
https://github.com/GoSecure/malboxes