119 matches found
APT28 Targets Hospitality Sector, Presents Threat to Travelers
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...
APT28 Targets Hospitality Sector, Presents Threat to Travelers
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...
Russian Hackers Made 'Tainted Leaks' a Thing — Phishing to Propaganda
We came across so many revelations of sensitive government and corporate data on the Internet these days, but what's the accuracy of that information leaked by unknown actors? Security researchers have discovered new evidence of one such sophisticated global espionage and disinformation campaign...
For the APT organization to use the EPS vulnerabilities in and mention the right vulnerability analysis-vulnerability warning-the black bar safety net
In 2015, FireEye released a Microsoft Office EPS(Encapsulated PostScript in the two vulnerability details. Wherein, a is 0day vulnerabilities, one in the attack a few weeks before playing the patch. Recently, FireEye and Microsoft Office products in the discovery of three new 0day vulnerabilities...
EPS Processing Zero-Days Exploited by Multiple Threat Actors
In 2015, FireEye published details about two attacks exploiting vulnerabilities in Encapsulated PostScript EPS of Microsoft Office. One was a zero-day and one was patched weeks before the attack launched. Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products...
Google Shuts Down Docs Phishing Spree
Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonating Google Docs. The emails, at the outset, targeted journalists primarily and attempted to trick victims into granting the malicious application permission to access the user’s Google...
MS15-051 Win32k ClientCopyImage Elevation of Privilege Vulnerability (CVE-2015-1701)
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class MetasploitModule 'Windows ClientCopyImage...
Introduction to Reverse Engineering Cocoa Applications
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends...
New MacOS Malware linked to Russian Hackers Can Steal Passwords & iPhone Backups
Security researchers have discovered a new Mac malware allegedly developed by APT28 Russian cyber espionage group who is believed to be responsible for 2016 presidential election hacking scandal. A new variant of the X-Agent spyware is now targeting Apple macOS system that has previously been use...
APT28: At the Center of the Storm
On Jan. 6, 2017, the U.S. Director of National Intelligence released its Intelligence Community Assessment: Assessing Russian Activities and Intentions in Recent US Elections. Still, questions persist about Russian involvement. Did the Russian government direct the group responsible for the...
APT28: At the Center of the Storm
On Jan. 6, 2017, the U.S. Director of National Intelligence released its Intelligence Community Assessment: Assessing Russian Activities and Intentions in Recent US Elections. Still, questions persist about Russian involvement. Did the Russian government direct the group responsible for the...
CVE-2016-7255: analysis of Mining the Windows kernel to mention the right vulnerability-vulnerability warning-the black bar safety net
The Windows kernel mention the right Vulnerability, CVE-2016-7255 has been a lot of media attention. In the 11 month's Patch Tuesday, Microsoft released for this vulnerability fix, as MS16-135 announcement of the part. According to Microsoft's description, CVE-2016-7255 mainly used to perform...
FBI-DHS Report Links Fancy Bear Gang to Election Hacks
In a report released Thursday the Federal Bureau of Investigation and the US Department of Homeland Security implicated Russian hacking group Fancy Bear in attacks against several election-related targets. According to the Joint Analysis Report, the hacking group Fancy Bear, believed to have ties...
Sofacy APT organization to develop new Flash exploit framework-vulnerability warning-the black bar safety net
Sofacy cyber espionage Group, also known as Fancy Bear, and APT28, a Sednit, a Pawn Storm, and Strontium in. The organization has developed a new hack tool, and in the summer of this year the attacks have been put into use. Palo Alto Networks, the company said, the gang will be targeted in the...
Java exposure to high-risk 0day vulnerability has been Russian hackers use-vulnerability warning-the black bar safety net
Today Java exposure to high-risk 0day vulnerability. Trend Micro has warned that the vulnerability has now been a Russian hacking group using, attack target primarily the United States Department of Defense, North Atlantic Treaty Organization member States. Attack The attacker will first to victi...
Win32k elevation of privilege vulnerability, CVE-2 0 1 5-1 7 0 1-exp-vulnerability warning-the black bar safety net
Win32k elevation of privilege vulnerability – CVE-2 0 1 5-1 7 0 1 If Win32k.sys kernel-mode driver improperly handles objects in memory, then there is a privilege elevation vulnerability. Successful exploitation of this vulnerability an attacker can run arbitrary code in kernel mode is. An attack...
Microsoft Windows - Local Privilege Escalation (MS15-051)
Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...
About 1 5 years 5 months to repair the two 0day-vulnerability warning-the black bar safety net
Ticker 2 0 1 5 year 5 month 1 2 day, Microsoft pushed a 5-month patch day patch includes IE, Windows kernel, Windows kernel driver, Office and other components of the security updates. This month the repair of the two 0day vulnerabilities MS15-0 5 2 are fixed in the Windows kernel security featur...
Russian APT28 Group Linked to NATO, Political Attacks
A Russian APT group tied to ongoing attacks against military and political targets in Eastern Europe and against NATO could also have ties to the MiniDuke espionage campaign uncovered more than a year ago. Dubbed APT28 by FireEye in a report published last night, the Russian hackers have targeted...