13.6 C
London
Tuesday, September 26, 2017
Home Tags Byte

Tag: Byte

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them.

They were in OLE2 format and contained no macros, exploits or any other active content.
A collection of Bluetooth implementation vulnerabilities known asBlueBornehas been released.

These vulnerabilities collectively affect Windows,iOS,and Linux-kernel-based operating systems including Android and Tizen,and may in worst case allow an unauthenticated attacker to perform commands on the device.
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.

For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.
In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family.

A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy.
Incredible hack perpetually alters game through nothing but controller input.
In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.
Yahoo promptly retired ImageMagic library after failing to install 2-year-old patch.
The simple line of code made it possible for attackers to view private Yahoo Mail images.
Purple Palace pays researcher US$778 bounty per byte How would you like US$778 per byte for your exploit?…
Sigh ... people just leave it on without blocking the port world+dog knows it uses.
So patch it or close it, people A 60 byte payload sent to a UDP socket to the rpcbind service can crash its host by filling up the target's memory.…
Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.