DOCSLIB.ORG

Cyber Intelligence Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Intelligence Report 05-27 Weekly Awareness Report (WAR) May 27, 2019 The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk. Summary Symantec ThreatCon Low: Basic network posture This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used. Sophos: last 10 Malware Last 10 PUAs * Troj/VBInj-TW * IStartSurfInstaller * Troj/Mdrop-IQG * iMyMac * Troj/Ransom-FKW * Bundlore * Troj/Inject-ECZ * VR Brothers * JS/Drop-BAK * AddDrop Bundled Installs * Troj/Inject-ECY * Genieo * Troj/DocDl-TXE * Lalaker1 Game Hacker * Troj/DocDl-TXC * DealPly Updater * Troj/Stealer-QR * 4Share Downloader * Troj/Phish-FEK * UltraDownloader Interesting News * IT threat evolution Q1 2019 Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. * * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed along with several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel. As always, if you have any suggestions, feel free to let us know. Subscribe if you would like to receive the CIR updates by sending us an email: [email protected] Index of Sections Current News * Packet Storm Security * Dark Reading * Krebs on Security * The Hacker News * Infosecurity Magazine * Threat Post * Naked Security * Quick Heal - Security Simplified Hacker Corner: Tools, Hacked Defacements, and Exploits * Security Conferences * Packet Storm Security Latest Published Tools * Zone-H Latest Published Website Defacements * Packet Storm Security Latest Published Exploits * Exploit Database Releases Advisories * Secunia Chart of Vulnerabilities Identified * US-Cert (Current Activity-Alerts-Bulletins) * Symantec's Latest List * Packet Storm Security's Latest List Credits News Packet Storm Security * The Ethical Hackers Taking The Bugs To The Bank * Amazon Defeated Rekognition Revolt By A Large Margin * Snapchat Spied On Users With Internal Tool * Intense Scanning Activity Detected For BlueKeep RDP Flaw * Maker Of US Border's License Plate Scanning Tech Ransacked By Hacker, Blueprints And Files Dumped Online * Instagram Website Leaked Phone Numbers And Emails For Months * United States Rolls Out New 18 Count Indictment On Assange * HCL Employee, Customer Files Found Open To Public * Ethereum Smart Contracts Exploitation Using Right-To-Left Override Character * Mozilla Patches 24 Firefox Vulnerabilities * Would You Pay $1 Million For A Laptop Full Of Malware? * Why A Windows Flaw Patched 9 Days Ago Is Still Spooking The Internet * UK Says It Warned 16 NATO Allies Of Russian Hacking Activities * Millions Of Golfers Land In Privacy Hazard After Cloud Misconfig * Team Viewer Hit By Chinese Hackers In 2016 * Huawei Faces Break With UK Chip Giant ARM * Google G Suite Glitch Left Some Passwords Stored In Plain Text For 14 Years * Unsecure Chtrbox AWS Database Exposes Data On 49 Million Instagram Influencers, Accounts * Huawei's Microchip Vulnerability Explained * Linux Variant Of Winnti Malware Spotted In Wild * Baltimore Ransomware Nightmare Could Last Weeks More * Trump's U.S. Golf Association Account Got Hacked * Instagram Hacker Forum Gets Hacked By Hackers * Slack Bug Allows Remote File Hijacking, Malware Injection * Over 20k Linksys Routers Leak Every Device Ever Connected Dark Reading * First American Financial Corp. Left Mortgage Data Exposed on Website * Mist Computing Startup Distributes Security AI to the Network Edge * NSS Labs Admits Its Test of CrowdStrike Falcon Was 'Inaccurate' * How Security Vendors Can Address the Cybersecurity Talent Shortage * Master NSA-Grade Security Tools at New Black Hat Trainings Virginia * 7 Recent Wins Against Cybercrime * Researcher Publishes Four Zero-Day Exploits in Three Days * To Manage Security Risk, Manage Data First * Moody's Outlook Downgrade of Equifax: A Wake-up Call to Boards * FEC Gives Green Light for Free Cybersecurity Help in Federal Elections * Mobile Exploit Fingerprints Devices with Sensor Calibration Data * Google's Origin & the Danger of Link Sharing * Microsoft Opens Defender ATP for Mac to Public Preview * Russian Nation-State Hacking Unit's Tools Get More Fancy * Incident Response: 3 Easy Traps & How to Avoid Them * Alphabet's Chronicle Explores Code-Signing Abuse in the Wild * New Software Skims Credit Card Info From Online Credit Card Transactions * Data Asset Management: What Do You Really Need? News Krebs on Security * First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records * Legal Threats Make Powerful Phishing Lures * Account Hijacking Forum OGusers Hacked * Feds Target $100M 'GozNym' Cybercrime Network * A Tough Week for IP Address Scammers * Microsoft Patches 'Wormable' Flaw in Windows XP, 7 and Windows 2003 * Nine Charged in Alleged SIM Swapping Ring * What's Behind the Wolters Kluwer Tax Outage? * Feds Bust Up Dark Web Hub Wall Street Market * Credit Union Sues Fintech Giant Fiserv Over Security Claims The Hacker News * U.S. Charges WikiLeaks' Julian Assange With Violating Espionage Act * 5 Cybersecurity Tools Every Business Needs to Know * Tor Browser for Android — First Official App Released On Play Store * Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours * Hacking and Cyber Security Certification Training Bundle 2019 (10 Courses) * Google Stored G Suite Users' Passwords in Plain-Text for 14 Years * PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online * Core Elastic Stack Security Features Now Available For Free Users As Well * WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization * US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei Security Week * First American Financial Exposed Millions of Sensitive Documents * Georgia Supreme Court Rules that State Has No Obligation to Protect Personal Information * GitHub Adds New Tools to Help Developers Secure Code * Microsoft Defender ATP for Mac Now in Public Preview * One Year on, EU's GDPR Sets Global Standard for Data Protection * New York Department of Financial Services Launches Cybersecurity Unit * Microsoft Brings Hardware-Based Isolation to Chrome, Firefox * The Intelligent SOC Can be a Reality Today * Assange Charged With 17 New Counts Under Espionage Act * Facebook Figures Five Percent of Accounts Are Fake * US Officials Say Foreign Election Hacking Is Inevitable * Researcher Drops 3 Separate 0-Day Windows Exploits in 24 Hours * Instagram Says Not Source of Contact Info for Influential Users * Siemens Teams With Chronicle on Cybersecurity Solutions for Energy Industry * NATO Warns Russia of 'Full Range' of Responses to Cyberattack * Best Practices for Securely Moving Workloads Into the Cloud * Comodo Issued Most Certificates for Signed Malware on VirusTotal * Authorities Take Down Cryptocurrency Mixing Service Bestmixer.io * PoC Exploits Created for Wormable Windows RDS Flaw * Moody's Downgrades Equifax Outlook to Negative Over 2017 Data Breach News Infosecurity Magazine * Snapchat: Claims of Employees Spying "Inaccurate" * Moody's Downgrading of Equifax Is a Message to Boards * APT Increasingly Targets Canadian Orgs * GDPR: Security Pros Believe Non-Compliance is Rife * IoT Attacks Cost UK Firms Over £1bn * Assange Hit with New 18-Count Indictment * LinkedIn Admits a Delay in Renewing TLS Cert * Mobile Banking Malware Rose 58% in Q1 * Fake Trezor App in Google Play Scams Users * UK Political Parties Fail on Email Security Ahead of Elections Threat Post * Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders * ThreatList: Top 8 Threat Actors Targeting Canada in 2019 * Snapchat Privacy Blunder Piques Concerns About Insider Threats * Joomla and WordPress Found Harboring Malicious Redirect Code * Microsoft Beefs Up Wi-Fi Protection * News Wrap: Which Companies Are Doing Privacy Right and Which Aren't? * Goodbye Passwords: Hello Identity Management * Shade Ransomware Expands to U.S. Targets * Calibration Attack Drills Down on iPhone, Pixel Users * SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day Naked Security * Serious Security: Don't let your SQL server attack you with ransomware * Any advance on $1.2m for this virus-infested netbook? * Safari test points to a future with tracker-free ads * Batterygate news: Apple to warn users if iOS updates throttle iPhones * Google Ad Exchange in data privacy probe * Google stored some passwords in plaintext for 14 years * Tor Browser for Android 8.5 offers mobile users privacy boost * Mozilla fixes bugs, improves privacy in latest Firefox release * The city of Baltimore is being held hostage by ransomware * Instagram data from 49 million accounts found lying around online Quick Heal - Security Simplified * CVE-2019-11815: Experts discovered a privilege escalation vulnerability in
Load more

Recommended publications
  • Automatic Classifying of Mac OS X Samples
    Automatic Classifying of Mac OS X Samples Spencer Hsieh, Pin Wu and Haoping Liu Trend Micro Inc., Taiwan TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information Contents and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted 4 upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing Introduction herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy 6 is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to Mac OS X Samples Dataset the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 10 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as Classification of Mach-O Files to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. 11 Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, Malware Families indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content 15 thereof.
    [Show full text]
  • Rawkit Documentation Release 0.6.0
    rawkit Documentation Release 0.6.0 Cameron Paul, Sam Whited Sep 20, 2018 Contents 1 Requirements 3 2 Installing rawkit 5 3 Getting Help 7 4 Tutorials 9 5 Architecture and Design 13 6 API Reference 15 7 Indices and tables 73 Python Module Index 75 i ii rawkit Documentation, Release 0.6.0 Note: rawkit is still alpha quality software. Until it hits 1.0, it may undergo substantial changes, including breaking API changes. rawkit is a ctypes-based set of LibRaw bindings for Python inspired by Wand. It is licensed under the MIT License. from rawkit.raw import Raw from rawkit.options import WhiteBalance with Raw(filename='some/raw/image.CR2') as raw: raw.options.white_balance= WhiteBalance(camera=False, auto=True) raw.save(filename='some/destination/image.ppm') Contents 1 rawkit Documentation, Release 0.6.0 2 Contents CHAPTER 1 Requirements • Python – CPython 2.7+ – CPython 3.4+ – PyPy 2.5+ – PyPy3 2.4+ • LibRaw – LibRaw 0.16.x (API version 10) – LibRaw 0.17.x (API version 11) 3 rawkit Documentation, Release 0.6.0 4 Chapter 1. Requirements CHAPTER 2 Installing rawkit First, you’ll need to install LibRaw: • libraw on Arch • LibRaw on Fedora 21+ • libraw10 on Ubuntu Utopic+ • libraw-bin on Debian Jessie+ Now you can fetch rawkit from PyPi: $ pip install rawkit 5 rawkit Documentation, Release 0.6.0 6 Chapter 2. Installing rawkit CHAPTER 3 Getting Help Need help? Join the #photoshell channel on Freenode. As always, don’t ask to ask (just ask) and if no one is around: be patient, if you part before we can answer there’s not much we can do.
    [Show full text]
  • Reporte De Amenazas De ESET Q3
    INFORME DE AMENAZAS TERCER TRIMESTRE 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contenido Prólogo ¡Bienvenido a la edición del Informe de Amenazas de ESET del tercer 3 HISTORIA DESTACADA trimestre de 2020! Mientras el hemisferio norte se prepara para pasar un invierno azotado por la pandemia, el COVID-19 parece es- 5 NOTICIAS DEL LABORATORIO tar perdiendo fuerza, al menos en el ámbito del cibercrimen. Como la táctica de usar señuelos relacionados con el coronavirus ya no tiene el impacto deseado, los delincuentes parecen haber “vuelto a los modelos clásicos” durante el tercer trimestre de 2020. Sin embargo, hay un área donde persisten los efectos de la pandemia: en el 9 ACTIVIDAD DE GRUPOS DE APT trabajo remoto, con sus numerosos desafíos de seguridad. Esto es especialmente cierto para los ataques dirigidos al Protocolo de Escritorio Remoto (RDP), que crecieron 13 ESTADÍSTICAS Y TENDENCIAS durante todo el primer semestre. En el tercer trimestre, los intentos de ataques al RDP considerando el número de clientes únicos apuntados, aumentaron un 37%. Es probable que el aumento se deba al creciente número de 14 Las 10 principales detecciones de malware sistemas mal protegidos que se fueron conectando a Internet durante la pandemia, y quizá también a que otros delincuentes se inspiraron en las bandas de ransomware y comenzaron a atacar el protocolo RDP. 15 Downloaders La escena del ransomware, seguida de cerca por los especialistas de ESET, tuvo consecuencias inéditas este tri- mestre. Por ejemplo, el ataque de ransomware investigado como homicidio tras la muerte de un paciente porque 17 Malware bancario su hospital quedó inhabilitado.
    [Show full text]
  • Malware List.Numbers
    CLASS A - Tested once a month (and as significant updates and samples are available) (95% or higher detection rate) CLASS B - Tested every two months (and if many new samples or significant updates are available) (95 - 85% detection rate) CLASS C - Tested every three months (85-75% detection rate) CLASS D - Tested every six months (75% or lower detection rates) For Comparison, not an actual Antivirus CLASS F - Excluded from future testing (read notes) Notes, comments, remarks, FAQ and everything else. McAfee Endpoint Protection for Malware Family (by year) # Malware Sample Type MD5 Hash Avast 9.0 Intego VirusBarrier X8 10.8 Norman 3.0.7664 ESET 6.0 Sophos 9 F-Secure 1.0 Kaspersky Security 14 G Data AntiVirus for Mac Dr Web 9.0.0 Avira ClamXav 2.6.4 (web version) Norton 12.6 (26) Comodo Webroot 8 Thirtyseven4 Total Security eScan 5.5-7 iAntivirus 1.1.4 (282) ProtectMac 1.3.2 - 1.4 BitDefender 2.30 - 3.0.6681 McAfee Internet Security for Mac* AVG AntiVirus for Mac Dr Web Light 6.0.6 (201207050) Max Secure Antivirus MacBooster X-Protect Gatekeeper Intego VirusBarrier 2013 10.7 Intego VirusBarrier X6 VirusBarrier Express 1.1.6 (79) Panda Antivirus 1.6 Bitdefender (App Store) 2.21 MacKeeper 2.5.1 - 2.8 (476) Panda Antivirus 10.7.6 Trend Micro Titanium 3.0 McAfee Security 1.2.0 (1549) Norton 11.1.1 (2) Trend Micro Smart Sur. 1.6.1101 McAfee VirusScan for Mac 8.6.1 FortiClient 5.0.6.131 Quick Heal Total Sec 1.0 MacScan 2.9.4 McAfee Virex 7.7 (163) Magician 1.4.3 Vipre 1.0.51 Mac Malware Remover 1.1.6 MD5 Hash Mac 1 Price -> Free $39.99 (Internet
    [Show full text]
  • Security: Patches, BIOS and EC Write Protection, Reproducible Builds (Diffoscope) and Coreboot
    Published on Tux Machines (http://www.tuxmachines.org) Home > content > Security: Patches, BIOS and EC Write Protection, Reproducible Builds (DiffoScope) and Coreboot Security: Patches, BIOS and EC Write Protection, Reproducible Builds (DiffoScope) and Coreboot By Roy Schestowitz Created 25/07/2020 - 1:48am Submitted by Roy Schestowitz on Saturday 25th of July 2020 01:48:23 AM Filed under Security [1] Security updates for Friday [2] Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics- batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts). Librem 14 Features BIOS and EC Write Protection [3] We have been focused on BIOS security at Purism since the beginning, starting with our initiative to replace the proprietary BIOS on our first generation laptops with the open source coreboot project. This was a great first step as it not only meant customers could avoid proprietary code in line with Purism?s social purpose, it also meant the BIOS on Purism laptops could be audited for security bugs and possible backdoors to help avoid problems like the privilege escalation bug in Lenovo?s AMI firmware. Our next goal in BIOS security was to eliminate, replace or otherwise bypass the proprietary Intel Management Engine (ME) in our firmware. We have made massive progress on this front and our Librem laptops, Librem Mini, and Librem Server all ship with an ME that?s been disabled and neutralized. After that we shifted focus to protecting the BIOS against tampering.
    [Show full text]
  • 2020 Trends & 2021 Outlook
    2020 trends w/ & 2021 outlook THREAT REPORT Q4 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents 3 FOREWORD 4 FEATURED STORY 7 NEWS FROM THE LAB 9 APT GROUP ACTIVITY 15 STATISTICS & TRENDS 16 Top 10 malware detections 17 Downloaders 19 Banking malware 21 Ransomware 23 Cryptominers 25 Spyware & backdoors 27 Exploits 29 Mac threats 31 Android threats 33 Web threats 35 Email threats 38 IoT security 40 ESET RESEARCH CONTRIBUTIONS ESET THREAT REPORT Q4 2020 | 2 Foreword Welcome to the Q4 2020 issue of the ESET Threat Report! 2020 was many things (“typical” not being one of them), and it sure feels good to be writing The growth of ransomware might have been an important factor in the decline of banking about it in the past tense. malware; a decline that only intensified over the last quarter of the year. Ransomware and other malicious activities are simply more profitable than banking malware, the operators of As if really trying to prove a point, the pandemic picked up new steam in the last quarter, which already have to grapple with the heightening security in the banking sector. There was, bringing the largest waves of infections and further lockdowns around the world. Amid the — however, one exception to this trend: Android banking malware registered the highest detection chaos, the long-anticipated vaccine rollouts brought a collective sigh of relief or, at least, levels of 2020 in Q4, fueled by the source code leak of the trojan Cerberus. a glimmer of hope somewhere in the not-too-far-distant future. With the pandemic creating fertile ground for all kinds of malicious activities, it is all but In cyberspace, events also took a dramatic turn towards the end of the year, as news of the obvious that email scammers would not want to be left out.
    [Show full text]
  • 2016 Wrap-Up Cybercrime Tactics and Techniques
    Cybercrime tactics and techniques 2016 wrap-up TABLE OF CONTENTS 01 Executive summary 02 Windows malware 05 Early 2017 Windows malware predictions 06 Mac malware 06 Early 2017 OS X malware predictions 07 Exploit kits 08 Early 2017 exploit kit predictions 09 Phishing and malspam 10 Early 2017 phishing and malspam predictions 11 Potentially Unwanted Programs 11 Early 2017 PUP predictions 12 Tech support scams 13 Early 2017 tech support scam predictions 14 Conclusion Introduction Last year was interesting for malware distribution and development. While we still experienced a flood of ransomware and immense distribution of malware using malspam/phishing/exploit kits, some major players, such as TeslaCrypt and Angler EK, vanished, while some new names dominated. In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, take an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts. Executive summary Ransomware dominated in 2016 and continued to do so However, it’s market share and capabilities are not quite into 2017. We expect to see very little variation in this at par with Angler, though this is likely going to change in early 2017, and if anything, it is getting worse. The as we expect to observe an increase in exploit kit most notable ransomware families of the end of 2016 activity by the middle of 2017. While late 2016 showed were Locky and Cerber, two very similar ransomware a decrease in the amount of malicious spam/phishing families that took the number one slot multiple times attacks targeting users in the wild, we are seeing greater during the last part of the year.
    [Show full text]
  • Malware List.Numbers
    Actively Tested (Immediately as significant updates and samples are available) (80% or higher detection rate) Occasionally Tested (If many new samples or significant updates are available) (60 - 80% detection rate) Tested when the mood strikes (60% or lower detection rates) For Comparison, not Excluded from future testing (read notes) Notes, comments, remarks, FAQ and everything else. an actual Antivirus Malware Family (by year) Malware Sample Type MD5 Hash Intego VirusBarrier 2013 10.7 Intego VirusBarrier X6 Avira 1.0.0.64 - 2.0.1.105 MacKeeper 2.5.1 - 2.8 (476) F-Secure 1.0 Avast 8.0 ESET 5.0 VirusBarrier Express 1.1.6 (79) Kaspersky Security 14 Dr Web 9.0.0 Webroot 8 Sophos 9 Comodo G Data AntiVirus for Mac Norton 12.6 (26) iAntivirus 1.1.4 (282) ProtectMac 1.3.2 - 1.4 eScan 5.5-7 Bitdefender (App Store) 2.21 BitDefender 2.30 - 3.0.6681 ClamXav 2.6.1 McAfee Internet Security for Mac* AVG AntiVirus for Mac Dr Web Light 6.0.6 (201207050) MacScan 2.9.4 X-Protect Panda Antivirus 1.6 Panda Antivirus 10.7.6 McAfee Endpoint Protection for Trend Micro Titanium 3.0 McAfee Security 1.2.0 (1549) Norton 11.1.1 (2) Trend Micro Smart Sur. 1.6.1101 McAfee VirusScan for Mac 8.6.1 FortiClient 5.0.6.131 Quick Heal Total Sec 1.0 McAfee Virex 7.7 (163) Magician 1.4.3 Vipre 1.0.51 Mac Malware Remover 1.1.6 1 # Mac 2 Price -> $29.99 Current users only (Discontinued) Free $38.95 and up €29,99 Free $39.99 Free (App Store) $39.95 €26 $39.99 Free Free $49.99 Free $44.99 $29.95 Free $49.95 Free $79.99 (Consumer) Free Free (App Store or download) $39.99 OS X’s
    [Show full text]
  • ESET THREAT REPORT Q3 2020 | 2 ESET Researchers Reveal That Bugs Similar to Krøøk Affect More Chip Brands Than Previously Thought
    THREAT REPORT Q3 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents Foreword Welcome to the Q3 2020 issue of the ESET Threat Report! 3 FEATURED STORY As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to 5 NEWS FROM THE LAB have gone “back to basics” in Q3 2020. An area where the effects of the pandemic persist, however, is remote work with its many security challenges. 9 APT GROUP ACTIVITY This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique 13 STATISTICS & TRENDS clients targeted — likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from 14 Top 10 malware detections ransomware gangs in targeting RDP. 15 Downloaders The ransomware scene, closely tracked by ESET specialists, saw a first this quarter — an attack investigated as a homicide after the death of a patient at a ransomware-struck 17 Banking malware hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning 18 Ransomware to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…. 20 Cryptominers This quarter’s research findings were equally as rich, with ESET researchers: uncovering 21 Spyware & backdoors more Wi-Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, 22 Exploits and delving into KryptoCibule, a triple threat in regard to cryptocurrencies.
    [Show full text]
  • The Apple Threat Landscape
    The Apple threat landscape SECURITY RESPONSE The Apple threat landscape Dick O’Brien Version 1.02 – February 11, 2016 A rising number of threat actors have begun developing malware designed to infect devices running Mac OS X or iOS. CONTENTS OVERVIEW ..................................................................... 3 Apple ecosystem security ............................................. 5 Mac OS X malware ...................................................... 10 iOS malware ................................................................ 16 Attack vectors ............................................................. 18 Mac OS X vulnerabilities ............................................. 20 iOS vulnerabilities ....................................................... 24 Apple ID security ......................................................... 25 Conclusion ................................................................... 27 Protection .................................................................... 27 Appendix .................................................................... 29 OVERVIEW Apple devices have experienced a surge in popularity in recent years. According to IDC, the company now accounts for 13.5 percent of global smartphone shipments and 7.5 percent of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising number of threat actors have begun developing malware designed to infect devices running Mac OS X or iOS. Although the number of threats targeting Apple operating systems remains
    [Show full text]
  • The Showfoto Handbook the Showfoto Handbook
    The Showfoto Handbook The Showfoto Handbook 2 Contents 1 Introduction 13 1.1 Background . 13 1.1.1 About Showfoto . 13 1.1.2 Reporting Bugs . 13 1.1.3 Support . 13 1.1.4 Getting Involved . 13 1.2 Supported Image Formats . 14 1.2.1 Introduction . 14 1.2.2 Still Image Compression . 14 1.2.3 JPEG . 14 1.2.4 TIFF . 15 1.2.5 PNG . 15 1.2.6 PGF . 15 1.2.7 RAW . 15 2 The Showfoto sidebar 17 2.1 The Showfoto Right Sidebar . 17 2.1.1 Introduction to the Right Sidebar . 17 2.1.2 Properties . 17 2.1.3 Metadata . 18 2.1.3.1 EXIF Tags . 19 2.1.3.1.1 What is EXIF . 19 2.1.3.1.2 How to Use EXIF Viewer . 19 2.1.3.2 Makernote Tags . 20 2.1.3.2.1 What is Makernote . 20 2.1.3.2.2 How to Use Makernote Viewer . 20 2.1.3.3 IPTC Tags . 20 2.1.3.3.1 What is IPTC . 20 2.1.3.3.2 How to Use IPTC Viewer . 21 2.1.3.4 XMP Tags . 21 2.1.3.4.1 What is XMP . 21 2.1.3.4.2 How to Use XMP Viewer . 21 2.1.4 Colors . 21 The Showfoto Handbook 2.1.4.1 Histogram Viewer . 21 2.1.4.2 How To Use an Histogram . 23 2.1.5 Maps . 25 2.1.6 Captions . 26 2.1.6.1 Introduction .
    [Show full text]
  • Red Hat Enterprise Linux 7 7.8 Release Notes
    Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Last Updated: 2021-03-02 Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]