Author Archives: CIRT Team



CIRT Team

in News Clipping

Real News, Fake Flash: Mac OS X Users Targeted [volexity]

Volexity recently identified a breach to the website of a well regarded media outlet in the country of Georgia. As part of this breach, the media organization’s website was being leveraged as a component of a malware campaign targeting select visitors who view it website in Georgian. The targets were then further narrowed to those that were running the Mac OS X operating system, had...

Read More

0
27 Jul 2017
in News Clipping

“Tick” Group Continues Attacks [paloaltonetworks]

The “Tick” group has conducted cyber espionage attacks against organizations in the Republic of Korea and Japan for several years. The group focuses on companies that have intellectual property or sensitive information like those in the Defense and High-Tech industries. The group is known to use custom malware called Daserf, but also employs multiple commodity and custom tools, exploit vulnerabilities, and use social engineering techniques.

0
27 Jul 2017
in Security Advisories & Alerts

Heimdal CVE-2017-11103 Man in the Middle Security Bypass Vulnerability

Description: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unencrypted version provides an opportunity for successful server impersonation...

Read More

0
25 Jul 2017
in Security Advisories & Alerts

Citrix NetScaler Gateway CVE-2017-7219 Heap Buffer Overflow Vulnerability

Description:  A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Impact: Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Mitigation: Updates are available....

Read More

0
25 Jul 2017
in Security Advisories & Alerts

GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability

Description:  glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and...

Read More

0
25 Jul 2017
in News Clipping

Spring Dragon – Updated Activity [securelist]

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as well as companies from the telecommunications sector.

0
25 Jul 2017
in News Clipping

Hackers Breach Casino After Compromising a Smart Fish Tank [softpedia]

In case you were wondering why a fish tank needs to be connected to the Internet, it’s because the casino wanted to do everything remotely, with employees using a remote connection to feed the fish and get all the information instantly, such as water temperature. But it was this connection that exposed the fish tank, and eventually, the entire casino, to hackers, as an unnamed...

Read More

0
25 Jul 2017
in Security Advisories & Alerts

CVE-2017-9417 Broadpwn Bug of Android and iOS Devices

Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue. Impact: Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s:...

Read More

0
24 Jul 2017
Page 113 of 134« First...102030...111112113114115...120130...Last »