InfoSec Week 5, 2017

Posted on 04 February 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Egyptian human rights activists, dissidents, lawyers and journalists targeted by the phishing campaign. Links received by the email lead to a fake login page designed to trick the targets into giving away their Dropbox credentials.
https://citizenlab.org/2017/02/nilephish-report/

Multiple Polish banks are victims of a malware infection through the Polish financial regulator KNF.
https://www.databreaches.net/hackers-break-into-polish-banks-through-government-regulator-charged-with-bank-security-standards/

Hackers broke into the Czech Foreign Ministry email. "It must have been carried out from the outside, by another country. The way it was done bears a very strong resemblance to the attacks on the US Democratic Party's internet system," said the foreign minister, citing experts.
http://www.securityweek.com/hackers-target-czech-foreign-ministrys-email-system

Extensive analysis of the Locky Bart ransomware binary and the backend server. Binary executable is obfuscated by the WPProtect code-virtualization. Server backend is written using Yii PHP framework.
https://blog.malwarebytes.com/threat-analysis/2017/01/locky-bart-ransomware-and-backend-server-analysis/

APT group Turla using a new javascript payload called KopiLuwak when conducting their phishing attacks. The payload is stored in Office documents using embedded macro and uses multiple layers of the javascript obfuscation.
https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/

APT activity attributed to the Chinese actors is targeting military and aerospace industry in Russia and Belarus. The malware uses steganography to hide the payload.
https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugxs

Can Foreign Governments Launch Malware Attacks on Americans Without Consequences? There is an interesting ongoing court case - Kidane v. Ethiopia - where the Ethiopia's lawyer argued "that it should be able to do anything to Americans in America, even set off a car bomb, as long as Ethiopia didn’t have a human agent in the United States. One judge asked what would happen if Ethiopia mailed a letter bomb into the United States to assassinate an opponent, or hacked an American's self-driving car, causing it to crash. Ethiopia didn't hesitate: their counsel said that they could not be sued for any of those."
https://www.eff.org/deeplinks/2017/02/can-foreign-governments-launch-malware-attacks-americans-without-consequences

A hacker who has stolen 900 GB of data from the mobile forensics company Cellebrite, leaked online some known tools for the iOS exploitation and announced further releases. Released tools are publicly available frameworks. Hacker added that BlackBerry files in his possession are not publicly available.
https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite
http://pastebin.com/y9P19guS

Facebook engineers presented at the USENIX Enigma conference, a new mechanism for recovering access to lost online accounts, called Delegated Recovery. Delegated Recovery "allows an application to delegate the capability to recover an account to an account controlled by the same user or entity at a third party service provider".
https://github.com/facebookincubator/DelegatedRecovery/

Printer Exploitation Toolkit (PRET) is a new printer security testing framework.
https://github.com/RUB-NDS/PRET


Comments !