Vulnerabilities, Tools, and Tactics
Rogue Apache modules appear to be the source of a surge in iFrame injection attacks targeting legitimate websites like those used in the NBC.com compromise, to drive traffic to the Blackhole exploit kit. How the rogue modules are being injected is still unknown: http://t.co/29C1kXMLmA
Malicious Java applet uses certificate stolen from Clearesult Consulting to exploit trust and install automatically: http://www.net-security.org/secworld.php?id=14557
A report released from Cenzic claims 99% of web applications remain vulnerable to attacks, calling for increased emphasis on mitigation: http://www.net-security.org/secworld.php?id=14556
Free malicious Java applet generating tool discovered in the wild. The tool can clone a legitimate website, creates a malicious java applet, then redirect victims to a site of the attackers choice: http://t.co/4oDZsDdAL5
Web browser proxy auto-configuration tactic used in recent banking campaigns in Brazil to capture and redirect certain user traffic, expected to increase in use globally. http://t.co/V1s2TB2lCL
Example of Android mobile malware commoditization found in an ad for the tool “perkele lite,” used to intercept and forward SMS messages. http://t.co/10o3vJmrXj
Adversary Activity & Campaigns
Bank DDoS attacks resume: Izz ad-Din al-Qassam, believed to be directly supported by the Iranian government, announced and began execution of a new phase of attacks targeting US banks. http://t.co/E1UVVqamX0 , http://t.co/3oGt2BKE6A
Emerging phishing campaigns, exploiting payroll and banking trustADP TotalSource Payroll Invoice: http://t.co/5n8QilMqqM Bank of America: http://t.co/YlRBbncKJS
Targeted attack against Australia’s central bank, Reserve Bank of Australia (RBA) succeeded in compromising at least one system. Target of the attack was information which included Group of 20 negotiations. China is implicated. http://t.co/iHxZwwwp0W
Kaspersky discovers AlbaBotnet being used to target Chilean banks in an emerging campaign. http://www.securitybistro.com/blog/?p=5524
APT-1: Industry reporting attribution of past campaigns to APT-1, including US, Japan, and India victims, thanks to indicators from Mandiant’s report. One example: http://threatpost.com/en_us/blogs/apt1-themed-spear-phishing-campaign-linked-china-030613 , http://t.co/iQ4DrbJkn0 ,
Surge in reports of hacktivism
Czech central bank, stock exchange, banks hacked: http://t.co/WCA5c3yodYNullcrew defaces Time Warner Cable: http://t.co/yPJ4aK2e1TArabian Gulf Oil Company (Agoco) by QuisterTow: http://t.co/bDCrpnRKQBSaudi Aramco Twitter account hacked: http://t.co/RmQxB532aa54 Israeli sites hacked and defaced: http://t.co/YySGtJhf0GOver 180 Egypt sites hacked by P@khTuN: http://t.co/SJkUTcjq3uDefense and Response News
China, in response to Mandiant and related APT-1 claims, begins a response campaign claiming they are the victim of repeated US sourced intrusions, calls for new international agreements on cyber: http://t.co/HO1NvvvZ6l , http://t.co/YmGGkZI2QW
Deutsche Telekom unveils real-time map of global cyber-attacks detected on their global infrastructure: http://t.co/We0TJJ6YOk
Microsoft launches new Cybercrime Center to combat piracy and malware: http://t.co/wllk2eJ0cw
New cyber security, forensics center formed by UMASS to advance research on cyber security and forensics theory: http://www.uml.edu/News/stories/2013/Cyber-forensics-center.aspx
Prolexic successfully defends against large scale DDoS against utility: http://t.co/yg6iU0Sx7g
No comments:
Post a Comment