CERT alerts

Information about Prince of Persia malware campaign

Unit 42 published a blog at the beginning of May titled “Prince of Persia,” in which we described the discovery of a decade-long campaign using a formerly unknown malware family, Infy, that targeted government and industry interests worldwide.

CERT alerts

Infomation about Threat Group-4127 targets Google accounts

SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-41271 (TG-4127), which traditionally targets governments, military, international non-governmental organizations (NGOs), and most recently, Hillary Clinton’s email.

CERT alerts

Information about tracking Elirks variants in Japan

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation.

CERT alerts

Information about NDC intrusion malware

The Security Consulting team here at Fidelis specializes in investigations of critical security incidents by advanced threat actors. Last week, after Guccifer 2.0 claimed responsibility for the intrusion into the Democratic National Committee’s (DNC) servers

CERT alerts

Information about DUBNIUM’s flash-targeting exploit

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more detailson this vulnerability, see Adobe Security Bulletin APSB16-01 .

CERT alerts

Information about flash zero-day exploit deployed by the ScarCruft APT group

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit(CVE-2016-1010).

CERT alerts

Information about Threat Group-4127 targeting Hillary Clinton presidential campaign

SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-4127[1] (TG-4127), which targets governments, military, and international non-governmental organizations (NGOs).

CERT alerts

Information about new Sofacy attacks against US Government Agency

The Sofacy group, also known as APT28, is a well-known threat group that frequently conducts cyber espionage campaigns. Recently, Unit 42 identified a spear phishing e-mail from the Sofacy group that targeted the United States government.

CERT alerts

Information about a breach to Democratic National Committe the formal governing body of the US Democratic Party

There is rarely a dull day at CrowdStrike where we are not detecting or responding to a breach at a company somewhere around the globe. In all of these cases, we operate under strict confidentiality rules with our customers and cannot reveal publicly any information about these attacks.

CERT alerts

Information about spear phishing e-mails targeting Indian government officials

On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials.

CERT alerts

Information about Irongate malware masking malicious activity on SCADA systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment.

Microsoft

MS Security Bulletin Summary june 2016

This bulletin summary lists security bulletins released for June 2016.

CERT alerts

Information about IXESHE rerivative IHEATE that targets users in America

Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany.

CERT alerts

Information about malicious e-mails against Banks in the Middle East

In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region.

CERT alerts

Information about operation Ke3chang

Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal.

CERT alerts

Information about Suckfly attacks targeting Indian organizations

In March 2016, Symantec published a blog on Suckfly, an advanced cyberespionage group that conducted attacks against a number of South Korean organizations to steal digital certificates.

CERT alerts

Exploring CVE-2015-2545

This report, available at TLP:GREEN to researchers and network defenders, gives an overview of different attacks using CVE-2015-2545.

Regulations

GDPR regulation (in English)

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

Regulations

GDPR regulation (in Hungarian)

AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/679 RENDELETE (2016. április 27.) a természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról

CERT alerts

Information about two Windows variants of Derusbi malware

To follow up on the March report on the discovery of a 64-bit Linux variant of Derusbi used in the Turbo campaign, this post covers our analysis of two unique Windows variants of the Derusbi PGV_PVID malware.

CERT alerts

Information about Prince of Persia: Infy malware

Attack campaigns that have very limited scope often remain hidden for years. If only a few malware samples are deployed, it’s less likely that security industry researchers will identify and connect them together.

Microsoft

MS Security Bulletin Summary may 2016

This bulletin summary lists security bulletins released for May 2016.

McAfee

Report may 2016

During Intel Security’s RSA keynote on March 1, Chris Young discussed an important cybersecurity challenge: the dearth of truly effective models and alliances for sharing threat intelligence

FireEye

Beyond the bottom line: the real cost of data breaches

FireEye commissioned independent technology market researchspecialist Vanson Bourne to undertake the research upon which thisreport is based.

CERT alerts

Information about malware attacking the Bangladesh Bank's SWIFT payment system

In February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank’s (BB) SWIFT payment system