Vulnerabilities, Tools, and Tactics
Android app developer licenses being sold in malware black market for $100 each, providing buyers “unfettered access to the official Google Play app store.” At least one purchase, accredited to a banking Trojan author has been leaked. http://t.co/o7nAiecghyMalware authors using fictitious business created legally in Brazil to generate application certificates, using them to sign malware to evade detection. http://t.co/U1gBpwXI5a
According to a report by Websense, 85% of websites used in attacks during 2012 were “legitimate sites.”
Related: Israeli website for “international institute for counter-terrorism used in wateringhole attack to deliver malware. http://bit.ly/X4TZ1p
Seagate blog website used to serve malware http://bit.ly/ZsiEii
Fake Bank of America Online Digital Certificate themed emails used in phishing attack. http://bit.ly/WkYSGc
Travnet Trojan implicated in APT campaign http://bit.ly/10WKoei
Blackhole, Sweet Orange, and Cool exploit kits named top weapons for cyber crooks http://bit.ly/10WJRyi
ArchiveLock Trojan used in France and Spain targeted attacks to encrypt the files of users, demanding $5,000 ransom http://bit.ly/100CZ07
Adversary Activity & Campaigns
Decoy ICS/SCADA Water Utility Networks hit by attacks http://ubm.io/ZOplV1Warning of vulnerabilities among California energy providers http://bit.ly/XiuzNK
US Department of State and Pentagon’s Army National Guard websites hacked through SQL injection and XSS scripting attacks by Tunisian Cyber Army with assistance from Al Qaida Electronic Army. Purpose appears to be to gain information for upcoming OpBlackSummer, which the attackers claim us being coordinated with Chinese hackers. http://t.co/Axd3ylFYQc
APT1 Watch: Royal Bank of Australia (RBA), documents released in 2012 acknowledge victim status of at least two breaches in 2011 with close connections to APT1. http://t.co/YtN2Z0KI6k
ADP Package Delivery Notification phishing attack directs victims to Blackhole Exploit Kit websites http://bit.ly/ZOqnFZZ
Cyber Attack heads-up: campaign announced to “wipe Israel from the Internet on April 7, 2013.
Bank watch: JP Morgan Chase website taken down through denial-of-service http://cnet.co/ZM57UH
US NIST National Vulnerability Database hacked and taken offline for days http://bit.ly/16umBld
Continued in reports of hacktivism
42 Russian websites hacked by SiR Abdou http://t.co/5K2OzhXvd4Celebrity financial information and social security numbers leaked following hack of free credit report provider http://bit.ly/15KAbpl
OpBlackSummer: US Govnerment sites hacked http://bit.ly/Z1DmWJ - Possible preparation for larger event
Toshiba Turkey Website defaced by reMin hacker http://bit.ly/Z1DiWZ
Anonymous takes down political party website in Italy http://bit.ly/Z1E2vw
Indian Hacker “Godzilla” infiltrates Pakistan government websites and leaks information http://bit.ly/YkHykr
Service Center Website of Acer Thailand defaced by Turkish hacker http://bit.ly/YtNynP
Anonymous attacks Philippines President and related government websites http://bit.ly/YtNNzu
Poland Sergianist hackers destroy popular Traditionalist website http://bit.ly/Zsiojc
Syrian Cyber Eagles defaces Saudi General Authority for Tourism and Antiquities website http://bit.ly/Zkfmyi
Anonymous defaces Philippines National Telecommunications Commission website http://bit.ly/Z97Wuu
152 Spanish websites hacked in protest against the deaths of 7 Moroccan immigrants http://bit.ly/107uw1z
Defense and Response News
Pentagon creating new teams to launch cyberattacks http://wapo.st/Y9GNbCUK develops global cyber security capacity, supported by the ICSPA http://bit.ly/;Z1DVQo
HBGary releases virtual classroom for incident response professional http://bit.ly/Zsibwp
Cyber-attacks eclipse terrorism in impact according to US leaders http://bit.ly/15SWHwx