InfoSec Week 22, 2017

Posted on 05 June 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Notoriously known Gh0st RAT spyware is spreading through the same SMB vulnerability as a WannaCry ransomware.
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

Jaff, ransomware distributed by the today's biggest spam botnet Necurs, is sharing server infrastructure with a PaySell cybercrime marketplace based in Saint Petersburgh, Russia.
https://heimdalsecurity.com/blog/jaff-ransomware-operation-cyber-crime-marketplace/

Security researchers have spotted a new PowerPoint infection vector. Malware is downloaded to a computer whenever a victim hovers a link. Without the macros.
https://www.bleepingcomputer.com/news/security/powerpoint-file-downloads-malware-when-you-hover-a-link-no-macros-required/

Wikileaks has published yet another CIA toolkit - Windows implant capable of the on-the-fly infection of a file executed over the network.
https://wikileaks.org/vault7/releases/#Pandemic

This guy lost lots of bitcoin in 15 minutes as attacker exploited Verison alternative authentification method. Interesting read.
https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac

Company behind OneLogin, a single sign-on and identity management for cloud-based applications, has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.
https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/


Comments !