CERT alerts

Information about Sofacy’s ‘Komplex’ OS X Trojan

Unit 42 researchers identified a new OS X Trojan associated with the Sofacy group that we are now tracking with the ‘Komplex’ tag using the Palo Alto Networks AutoFocus threat intelligence platform.

CERT alerts

Information about Buckeye cyberespionage group, that shifts gaze from US to Hong Kong

Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to have been operating for well over half a decade. Traditionally, the group attacked organizations in the US as well as other targets.

McAfee

Report september 2016

While many were away, we’ve been busy.Chris Young, Senior Vice President and General Manager of Intel Security, was appointed by the White House to serve on the US Department of Homeland Security’s National Security and Telecommunications Committee

Microsoft

MS Security Bulletin Summary september 2016

This bulletin summary lists security bulletins released for September 2016.

CERT alerts

Information about Oracle MICROS POS terminal breach

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle‘s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices.

Microsoft

MS Security Bulletin Summary august 2016

This bulletin summary lists security bulletins released for August 2016.

CERT alerts

Information about Dropping Elephant – aggressive cyber-espionage in the Asian region

Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and economic targets using a custom set of attack tools.

CERT alerts

Information about NetTraveler APT targets Russian, and European interests

Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet.

Regulations

EU Directive on Network and Information Systems security (in Hungarian)

AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/1148 IRÁNYELVE (2016. július 6.) a hálózati és információs rendszerek biztonságának az egész Unióban egységesen magas szintjét biztosító intézkedésekről

CERT alerts

Information about espionage toolkit targeting Central and Eastern Europe

Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit.

Microsoft

MS Security Bulletin Summary july 2016

This bulletin summary lists security bulletins released for July 2016.

CERT alerts

Information about Asruex, a malware infecting through shortcut files

JPCERT/CC has been observing malicious shortcut files that are sent as email attachments to a limited range of organisations since around October 2015. When this shortcut file is opened, the host will be infected with malware called “Asruex”.

CERT alerts

Information about Prince of Persia malware campaign

Unit 42 published a blog at the beginning of May titled “Prince of Persia,” in which we described the discovery of a decade-long campaign using a formerly unknown malware family, Infy, that targeted government and industry interests worldwide.

CERT alerts

Infomation about Threat Group-4127 targets Google accounts

SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-41271 (TG-4127), which traditionally targets governments, military, international non-governmental organizations (NGOs), and most recently, Hillary Clinton’s email.

CERT alerts

Information about tracking Elirks variants in Japan

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation.

CERT alerts

Information about NDC intrusion malware

The Security Consulting team here at Fidelis specializes in investigations of critical security incidents by advanced threat actors. Last week, after Guccifer 2.0 claimed responsibility for the intrusion into the Democratic National Committee’s (DNC) servers

CERT alerts

Information about DUBNIUM’s flash-targeting exploit

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more detailson this vulnerability, see Adobe Security Bulletin APSB16-01 .

CERT alerts

Information about flash zero-day exploit deployed by the ScarCruft APT group

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit(CVE-2016-1010).

CERT alerts

Information about Threat Group-4127 targeting Hillary Clinton presidential campaign

SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-4127[1] (TG-4127), which targets governments, military, and international non-governmental organizations (NGOs).

CERT alerts

Information about new Sofacy attacks against US Government Agency

The Sofacy group, also known as APT28, is a well-known threat group that frequently conducts cyber espionage campaigns. Recently, Unit 42 identified a spear phishing e-mail from the Sofacy group that targeted the United States government.

CERT alerts

Information about a breach to Democratic National Committe the formal governing body of the US Democratic Party

There is rarely a dull day at CrowdStrike where we are not detecting or responding to a breach at a company somewhere around the globe. In all of these cases, we operate under strict confidentiality rules with our customers and cannot reveal publicly any information about these attacks.

CERT alerts

Information about spear phishing e-mails targeting Indian government officials

On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials.

CERT alerts

Information about Irongate malware masking malicious activity on SCADA systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment.

Microsoft

MS Security Bulletin Summary june 2016

This bulletin summary lists security bulletins released for June 2016.

CERT alerts

Information about IXESHE rerivative IHEATE that targets users in America

Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany.