PortBender - TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port e.g., 445/TCP to another TCP port e.g., 8445/TCP. PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. Howeve...

Kaspersky Security Bulletin: Review of the Year 2017

Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...

D-Link Private Code-Signing Keys Leaked

A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the...

Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver

The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and...

Dennis Fisher and Mike Mimoso on Duqu 2.0, HSTS in Windows, and More

Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week. Download: digitalunderground207.mp3 Music by Chris Gonsalves...

Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab

The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...

Operation Cleaver — Iranian Hackers Targeting Critical Infrastructure Worldwide

For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies,...

Regin Cyberespionage Malware Platform Targets GSM Networks

Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators in order to launch...

Rogue software update cause Malware attack on Japanese Nuclear Power Plant

The most critical and worst target of a State-sponsored cyber-attacks could be Hospitals, Dams, Dykes and Nuclear power stations and this may cause military conflicts between countries. According to Japan Today, The Monju nuclear power plant in Tsuruga, Japan was accidentally targeted by a malwar...

Using Kernel Exploits to Bypass Sandboxes for Fun and Profit

Researchers and attackers alike are quickly discovering you don’t need a fancy Java or Flash exploit to beat application sandboxes. Exploiting an unpatched kernel vulnerability in the underlying operating system, one that’s likely to stay unpatched for a long time, will do just fine. Twice this...

More Flame Modules Could Be Lurking

BROOKLYN, NY–After years of research and investigation into the cyber-espionage attacks that began with the discovery of Stuxnet and continued with Flame, Duqu and Gauss, there still are many details that are unknown. While researchers have a pretty good handle on many of the tools’ capabilities,...

Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. Security researchers from Kaspersky Lab have...

Analysis Shows Traces of Wiper Malware, But No Links to Flame

One of the things about the investigation into the Flame malware that’s remained unclear for several months now is what ever became of the so-called Wiper virus that had been seen erasing data on machines in Iran and that led researchers to eventually discover Flame. No actual samples of Wiper ha...

New Report Beckons 'Cyber Arms Race,' Explains Black Hole Kit

Espionage has gone digital and we’re just now seeing the beginnings of what will prove to be a “cyber arms race,” according to Mikko Hypponen, Chief Research Officer for the F-Secure, the Finnish security firm. Hypponen laid out his thoughts and recapped the last seven months in threats in the...

Infographic: Stuxnet's Cyberwar Vines Untangled

Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...

New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East

A new piece of malware dubbed Gauss, that experts say is a direct descendant of Flame and also related to Stuxnet and Duqu, has been found on thousands of PCs in the Middle East, mostly in Lebanon. Gauss contains some of the same code as Flame, but is markedly different in a number of respects,...

Key Stuxnet LNK Spreading Mechanism Stops Working

One of the key infection methods for the Stuxnet worm was hard-coded to stop working on June 24, removing one of its techniques for propagation. Researchers say that the date, which is found in coded form in the worm’s instructions, is nearly three years to the day from the date that the first...

What Have We Learned: Flame Malware

When the news about the Flame malware first broke several weeks ago, people from all parts of the security community, political world and elsewhere quickly began trying to figure out what the significance of the tool was and whether it represented anything new. That was difficult at the time, giv...

Chris Soghoian on Lessons from the Bin Laden Raid and Cyberwar

Chris Soghoian has made a name for himself as a security and privacy researcher and has been the bane of government agencies and organizations prone to being somewhat less than upfront about their security and privacy practices. In this video from the Personal Democracy Forum in New York this wee...

Attorney General Holder Announces Probe Into Cyberwar Leaks

U.S. Attorney General Eric Holder has issued an assignment to the U.S. District Attorneys to start an investigation into possible leaks of classified information, presumably by individuals within the Obama administration who recently spoke anonymously about the administration’s ties to the...