Cool News Story Bro! Week of 5-12-2017

by Otakun
Categories: News
Tags: No Tags
Comments: Leave a Comment

Hi Guys,

Some big stuff this week so let’s get right into it !

News Stories:

  1. EPS Processing Zero-Days Exploited by Multiple Threat Actors

    1. First story of the week is by FireEye and brings news of a zero-day being actively exploited in the wild in the Office EPS processing component. Both a well known nation state actor and a financially motivated one were seen utilizing the exploits.
    2. Read More @ https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html
  2. Beware! Built-in Keylogger Discovered In Several HP Laptop Models

    1. Next, a security researcher has discovered that certain HP laptop models come with a built in keylogger that was installed as part of the audio driver software. Seems like this was in there for debugging purposes and just not taken out or implemented properly.
    2. Read More @ http://thehackernews.com/2017/05/hp-audio-driver-laptop-keylogger.html
  3. Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

    1. Next, another article by FireEye about a new APT group (APT32) that has been targeting organizations in Vietnam, or with ties to Vietnam. This is a brand new group FireEye is tracking so there is no attribution as of yet to any specific nation state.
    2. Read More @ https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
  4. Microsoft Patches Malware Protection Engine Vulnerability

    1. Next, Microsoft has patched a rather severe vulnerability in its Malware Protection Engine discovered by the researchers at Google’s Project Zero. Microsoft responded extremely quickly to patch this vulnerability drawing much praise from Tavis Ormandy who was one of the researchers responsible for the discovery.
    2. Read More @ https://www.infosecurity-magazine.com/news/microsoft-patch-malware
  5. Hackers Face $8.9 Million Fine for Law Firm Breaches

    1. 3 Chinese hackers were fined $8.9 million for hacking into law firms and using the discovered data for stock trading.
    2. Read More @ http://www.darkreading.com/attacks-breaches/hackers-face-$89-million-fine-for-law-firm-breaches/d/d-id/1328840
  6. WannaCry ransomware used in widespread attacks all over the world

    1. Next, easily the biggest story of the week is in regards to a massive new ransomware attack named “WannaCry” that was utilizing the ShadowBroker leaked NSA exploits ETERNALBLUE and DOUBLEPULSAR to infect and spread to over 200,000+ machines over the weekend.  Some of the first victims were the British NHS and a Spanish telecommunications giant Telefonica.  So far there are reported infections in over 99 countries in what’s being called the biggest ransomware attack to date.
    2. Read More @ https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
  7. WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives

    1. Continuing on the theme of WannaCry, there was some success in slowing down the spread of this ransomware due to a built in “kill switch” discovered by a U.K researcher @MalwareTech who registered the domain used for the kill switch thus rending that sample inert. However, since then 2.0 versions of WannaCry have been reported that use a different kill switch domain.
    2. Read More @ http://thehackernews.com/2017/05/wannacry-ransomware-cyber-attack.html
  8. Indicators Associated With WannaCry Ransomware

    1. Next, the US-Cert has released a number of IOCs for the WannaCry ransomware. There is a collection of IOCs from different vendors trickling in since the attack began, so here is another source of them to check your environment for.
    2. Read More @ https://www.us-cert.gov/ncas/alerts/TA17-132A
  9. Microsoft blasts spy agencies for hoarding security exploits

    1. Lastly, Microsoft President Brad Smith has posted quite a scathing post blasting the agencies like NSA/CIA for hoarding exploits and essentially allowing attacks like WannaCry to happen. Smith argues that if the agency had reported these flaws when they were discovered to Microsoft, attack like this would have been prevented. I have to say, I agree. Though I don’t believe it will happen.
    2. Read More @ https://www.engadget.com/2017/05/14/microsoft-blasts-spy-agency-exploit-hoarding/


– Otakun –

Leave a Reply

Your email address will not be published. Required fields are marked *

Today is Tuesday