by CIRT Team
ONEPLUS PHONES HAVE AN UNFORTUNATE BACKDOOR BUILT IN [source: wired]
ONEPLUS SMARTPHONES HAVE developed a bit of a cult following, thanks to a combination of design and affordability that few other Android handsets match. But OnePlus has also experienced some notable privacy and security issues, including a recent admission that it was collecting a sketchy amount of user data on its corporate servers. Now, a French security researcher has published evidence that nearly every OnePlus phone model comes pre-loaded with...
Read More
by CIRT Team
Google Adds New Features in Chrome to Fight Malvertising [source: bleepingcomputer]
Google announced plans today for three new Chrome security features that will block websites from sneakily redirecting users to new URLs without the user or website owner’s consent. While all three additions are welcomed, one of these features has the potential to stop a few malvertising campaigns dead in their tracks, and could potentially disrupt the malware scene in the next few months. Chrome will...
Read More
by CIRT Team
LockCrypt Ransomware Spreading via RDP Brute-Force Attacks [source: alienvault]
We previously reported on SamSam ransomware charging high ransoms for infected servers. But SamSam isn’t the only ransomware out there charging eye-watering amounts to decrypt business servers. Initial reports of a new variant of ransomware called LockCrypt started in June of this year. In October we saw an increase in infections. LockCrypt doesn’t have heavy code overlaps with other ransomware. We’ve seen evidence that the attackers likely started...
Read More
by CIRT Team
Script Kiddie Nightmare: IoT Attack Code Embedded with Backdoor [source : newskysecurity]
The IoT threat landscape is proving to be the fastest to evolve, with attacks shifting from basic password guessing, to using a variety of exploits as seen recently in the IoTroop/Reaper botnet. Enter the script kiddie — amateurish hackers that copy/paste code for quick results. With the numerous disclosures of proof-of-concept IoT exploit code, many script kiddies jump on the exploit bandwagon by using weaponized attack scripts that are...
Read More
by CIRT Team
Toast Overlay Weaponized to Install Several Android Malware [source: trendmicro]
We uncovered new Android malware that can surreptitiously install other malware on the affected device via the Toast Overlay attack: TOASTAMIGO, detected by Trend Micro as ANDROIDOS_TOASTAMIGO. The malicious apps, one of which had over 500,000 installs as of November 6, 2017, abuses Android’s Accessibility features, enabling them—at least for now—to have ad-clicking, app-installing and self-protecting/persistence capabilities. Overlay attacks entail drawing and superimposing Android View (i.e.,...
Read More
by CIRT Team
Baku hosts 9th Annual International Conference on cyber security [source: paralel.az]
The Organization of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) has started its 9th Annual International Conference on the theme “Uncovering Future Threats” in Baku, AzerTAC reports. The organizer of the conference is the Special State Protection Service of the Republic of Azerbaijan, local partners are Delta Telecom LTD and Azinfosec, and foreign partners are May Cyer Technology, THALES and Videntifier companies. The...
Read More
by CIRT Team
A look into the global drive-by cryptocurrency mining phenomenon [source: malwarebytes]
An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser. JavaScript-based mining is cross-platform compatible and works on all modern browsers. Indeed, just about anybody visiting a particular website can start mining for digital currency with eventual profits going to the owner’s wallet (in the...
Read More
by CIRT Team
Sowbug: targets South American and Southeast Asian governments [source: symantec]
Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. Symantec saw the first evidence of Sowbug-related activity with the discovery...
Read More
by CIRT Team
UK Cybersecurity Center Issues ‘The Dark Overlord’ Alert [source:databreachtoday]
Want to stop the latest cybercrime bogeyman? Then for the umpteenth time, put in place well-known and proven strategies for repelling online attacks. That’s one takeaway from a recent threat report issued by Britain’s National Cyber Security Center. Based on open source reporting, the alert calls out a trio of attack campaigns: phishing emails that pretend to be speeding tickets but which instead deliver malware; attackers using...
Read More
by CIRT Team
REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography [source: trendmicro]
REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise known as Muirim and Nioupale) that has four main capabilities: execute shell commands, download and upload data, take screenshots, and log...
Read More
