InfoSec Week 11, 2017

Posted on 19 March 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

MalwareMustDie analyzed new APT Campaign with the Poison Ivy RAT payload. Malware is using obfuscated VBScript, Power Shell to finally drop well known RAT.
"The concept of infection is fileless, it's avoiding known signature for detection by multiple encodings and wraps, and it is also 100% avoiding the original attacker's working territory."
http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html

Fake Chrome browser app named "Betaling - Google Chrome.exe" is spreading, mainly in the Netherlands. The application mimics basic browser functionality in order to steal user credit card information.
https://www.bleepingcomputer.com/news/security/credit-card-stealer-disguises-as-google-chrome-browser/

Conspiracy theory is circulating around the car crash and the death of a journalist Michael Hastings. According to the San Diego 6 News, Hastings had been investigating CIA Director John Brennan. He had also contacted WikiLeaks lawyer Jennifer Robinson just a few hours before he died, confirming that feds investigating his work. Was his vehicle remotely hijacked?
http://securityaffairs.co/wordpress/57094/intelligence/michael-hastings-crash-cia.html

Trend Micro has uncovered the MajikPOS, new point-of-sale (PoS) malware with RAT functionality. MajikPOS targets mainly businesses in the North America and Canada. It's spreading via poorly secured VNC, RDP protocols.
http://blog.trendmicro.com/trendlabs-security-intelligence/majikpos-combines-pos-malware-and-rats/

Avast malware researcher Jakub Kroustek discovered the Kirk Ransomware - new Star Trek themed ransomware written in Python, probably the first one which uses Monero as the ransom payment of choice.
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/

Researchers at the Pwn2Own competition exploited Microsoft Edge browser in a way that escapes a VMware Workstation virtual machine it runs on. Three different exploits in a row.
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/

Very interesting article about the history of US information warfare.
"The United States was birthed in a stew of information, misinformation, disinformation, and propaganda projected by competing entities both internally and externally. Thus, instead of looking at the apparent success of Russian intelligence in the recent election as the perfected form of information warfare, it is worth considering colonial and revolutionary America to appreciate the historical precedent and perspective"
http://thestrategybridge.org/the-bridge/2017/3/8/information-warfare-isnt-russian-its-american-as-apple-pie

Intel Security has released a CHIPSEC security framework able to evaluate whether the system firmware is modified.
Intel also launched its first-ever bug bounty program.
https://github.com/chipsec/chipsec
https://www.hackerone.com/blog/Intel-launches-its-first-bug-bounty-program


Comments !