InfoSec Week 15, 2017

Posted on 16 April 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Interesting blog about the generic unpacking of the Locky malware using Radare r2pipe, python and the Windows 7 VM.
http://blog.devit.co/unpacking-with-r2pipe/

More information about the Shadow Brokers NSA hacking toolkit dump are coming out after analysis.
Kudelski Security research published the overview of an Equation Group exploitation arsenal for the Windows platform. Good to note, that this dump has also implicated that the NSA compromised a SWIFT system.
https://research.kudelskisecurity.com/2017/04/14/shadow-brokers-april-2017-release-2/
http://securityaffairs.co/wordpress/58006/hacking/nsa-hacked-swift.html

Symantec researchers linked the CIA hacking tools (Vault 7) to a cyber attacks launched in recent years by a Longhorn group gang specialising in the intelligence gathering operations.
https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7
https://securelist.com/blog/research/77990/unraveling-the-lamberts-toolkit/

Black hats have robbed at least 8 ATMs in Russia and stole $800,000 in one night using a ATMitch "fileless" malware.
http://securityaffairs.co/wordpress/57881/cyber-crime/atmitch-fileless-malaware.html

FireEye documented a campaign leveraging the CVE-2017-0199 vulnerability, which enabled attackers to "download and execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document containing an embedded exploit." It delivers so called FINSPY and LATENTBOT samples, targeting mostly Russian speaking users.
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html https://arstechnica.com/security/2017/04/microsoft-word-0day-was-actively-exploited-by-strange-bedfellows/

I wrote about the Broadcom’s Wi-Fi stack exploit last week, this is the second part of a series of Google Project Zero team.
https://googleprojectzero.blogspot.sk/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html


Comments !