Threat Intelligence

8 03, 2019

Google Reveals Rare macOS Zero-Day Vulnerability, BuggyCow

By |2019-03-08T12:52:07-07:00March 8th, 2019|Threat Intelligence|Comments Off on Google Reveals Rare macOS Zero-Day Vulnerability, BuggyCow

On November 30, 2018, Google’s Project Zero researchers discovered BuggyCow, a high-severity security flaw in the macOS kernel. They gave Apple a 90-day deadline to patch the issue: a deadline that, in this instance, was missed. As a direct result of Apple’s inaction, Google’s team revealed details about the flaw and posted a proof-of-concept on March [...]

30 01, 2019

Kuwait Oil Company Spreadsheet Delivering OmniRAT to OT Networks

By |2019-01-31T08:10:02-07:00January 30th, 2019|Threat Intelligence|Comments Off on Kuwait Oil Company Spreadsheet Delivering OmniRAT to OT Networks

A weaponized Excel file titled “Kuwait Oil Company Business Profile” breathes new life into an old vulnerability, raising concern for unsuspecting OT networks

28 12, 2018

OT Threat Shamoon Returns with its Biggest Attack Yet

By |2019-01-03T10:31:24-07:00December 28th, 2018|Threat Intelligence|Comments Off on OT Threat Shamoon Returns with its Biggest Attack Yet

Notorious OT threat Shamoon returned with its third iteration in December, wiping the disks of hundreds of computers in an attack that started at oil giant Saipem. Shamoon 3: Here's What Happened Over the last 7 years, the notoriety of disk-wiping malware "Shamoon" (also known as "Disttrack") has grown. It has been implicated in three [...]

7 12, 2018

Zero-Day Attack on Russia Prompts OOB Patches

By |2019-03-08T12:58:41-07:00December 7th, 2018|Threat Intelligence|Comments Off on Zero-Day Attack on Russia Prompts OOB Patches

A targeted zero-day attack on Russia centered around a bug in Adobe Flash Player, but carried on the back of a malicious “mule” document, prompting both Adobe and Microsoft to release patches. The Zero-Day Attack on Russia: What Happened? In the early hours of November 29, 2018, a professional questionnaire issued by a Russian medical [...]

21 08, 2018

MikroTik Routers Infected in Mass-Scale Coinhive Cryptojacking Campaign

By |2018-08-21T14:06:30-07:00August 21st, 2018|Threat Intelligence|Comments Off on MikroTik Routers Infected in Mass-Scale Coinhive Cryptojacking Campaign

A massive cryptojacking campaign that targets MikroTik routers and utilizes Coinhive was initially discovered on July 31 and has infected more than 200,000 routers worldwide. The Coinhive malware started spreading on routers in Brazil and later targeted MikroTik routers in other countries around the globe. MikroTik Infection Process and Exploit Method The infection exploited a [...]

27 07, 2018

Oracle WebLogic Vulnerability Used for Cryptomining and Other Attacks

By |2018-07-30T09:23:30-07:00July 27th, 2018|Threat Intelligence|Comments Off on Oracle WebLogic Vulnerability Used for Cryptomining and Other Attacks

A critical Oracle WebLogic vulnerability (CVE-2018-2893) is being utilized by attackers three days after the publication of a proof of concept. Since the sample exploit code was released, there has been a rise in its exploitation attempts. The vulnerability has received a "critical" severity level and a score of 9.8 out of 10 on the [...]

28 05, 2018

VPNFilter Malware: What we know so far on the router threat

By |2019-03-08T12:58:10-07:00May 28th, 2018|Threat Intelligence|Comments Off on VPNFilter Malware: What we know so far on the router threat

Recently, a malware known as “VPNFilter” was discovered infecting various types of routers. VPNFilter is a modular, multi-stage malware that works mainly on home or small office routers. Since 2016, when the malware was initially introduced, it has compromised more than 500,000 home and small office routers and NAS boxes. Infection of such a large [...]

10 05, 2018

Double Kill Exploit Jumps From MS Office to Internet Explorer

By |2018-05-10T14:57:32-07:00May 10th, 2018|Threat Intelligence|Comments Off on Double Kill Exploit Jumps From MS Office to Internet Explorer

This week, Microsoft released a patch for the zero-day vulnerability (CVE-2018-8174) — central to the Double Kill exploit — affecting VBScript Engine. In this coordinated release, Qihoo 360 researchers discovered that it was exploited in the wild as early as April 18, 2018, allowing code execution by remote attackers. The vulnerability was used to install [...]