Flash Cybersecurity May 1, 2017

The Open Source Intelligence (OSINT) Flash  is the collection and analysis of information that is gathered from public, or open, sources. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines.


Title : Malware Author Inflates Backdoor Trojan With Junk Data Hoping to Avoid Detectio

Date Published : May 1, 2017

Source : https://www.bleepingcomputer.com/news/security/malware-author-inflates-backdoor-trojan-with-junk-data-hoping-to-avoid-detection/

Exerpt : A malware coder is injecting megabytes of junk data inside his malicious payloads, hoping to avoid detection by some antivirus solutions or delay investigations of infosec professionals. Known only as “123”, this malware coder has been active since 2015, when he was first spotted deploying the XXMM malware. His activity falls in the category of targeted attacks, this crook focusing on infecting computers at Japanese companies for the purpose of exfiltrating sensitive data.

Title : New OSX.Dok malware intercepts web traffic

Date published : April 28, 2017

Source : https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/

Exerpt : OSX.Dok, which was discovered by Check Point, uses sophisticated means to monitor—and potentially alter—all HTTP and HTTPS traffic to and from the infected Mac. This means that the malware is capable, for example, of capturing account credentials for any website users log into, which offers many opportunities for theft of cash and data.



Title : Lenovo warns of IBM Storwize shipped with infected initialization USB drives

Date published : April 30, 2017

Source : http://securityaffairs.co/wordpress/58571/malware/ibm-storwize-infected.html

Exerpt : Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code.


Title : iCloud support scams

Date published : April 25, 2017

Source : https://blog.malwarebytes.com/cybercrime/2017/04/icloud-support-scams/

Exerpt : The results of such scams can vary. Some are interested in the purchasing power since iCloud accounts double as Apple IDs, which can be used to make purchases from the Mac App Store, iOS App Store, and even the online and brick-and-mortar Apple Stores.


Cyber Warfare

Title : NATO Locked Shields 2017, world’s largest cyber defence exercise just ended

Date published : May 1, 2017

Source : http://securityaffairs.co/wordpress/58586/cyber-warfare-2/nato-locked-shields-2017.html

Exerpt : Locked Shields 2017 is organised in cooperation with the Estonian Defence Forces, the Finnish Defence Forces, the Swedish Defence University, the British Joint Army, the United States European Command, Air Operations COE and Tallinn University of Technology.



Title : How to Bring HID Attacks to the Next Level

Date published : May 1, 2017

Source :  http://securityaffairs.co/wordpress/58587/hacking/whid-injector-bring-hid-attacks

Exerpt : WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Red-Teamers & Pentesters needs related to HID Attacks, during their engagements.

Title : FIN7 group has enhanced its phishing techniques

Date published : April 29, 2017

Source : http://securityaffairs.co/wordpress/58508/cyber-crime/fin7-group-phishing.html

Exerpt : The FIN7 group has adopted new phishing techniques, it is leveraging on hidden shortcut files (LNK files) to compromise targets. Experts from FireEye highlighted that attacks were launched by FIN7 group and not the  Carbanak Group as suspected by other security experts.


Data Leak


Date Published : April 28, 2017

Source : https://threatpost.com/wikileaks-reveals-cia-tool-scribbles-for-document-tracking/125299/

Exerpt : WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists.