InfoSec Week 7, 2017
Posted
Ukraine’s security service attributed Russia as an actor behind ongoing malware attacks against their critical infrastructure.
http://www.reuters.com/article/us-ukraine-crisis-cyber-idUSKBN15U2CN
Researchers from the Georgia Institute of Technology have created a ransomware that targets programmable logic controllers.
https://www.bleepingcomputer.com/news/security/researchers-create-poc-ransomware-that-targets-ics-scada-systems/
http://www.cap.gatech.edu/plcransomware.pdf
An in-depth analysis of a Marcher Android banking trojan targeting financials mostly in Germany, France, UK. Most infected devices are running Android 6.0.1.!
https://www.securify.nl/blog/SFY20170202/marcher___android_banking_trojan_on_the_rise.html
First person narrative about a modus operandi of a red-team social engineer. Non so technical, more about the reconnaissance and the possibilities of a macro driven phishing.
http://www.informationsecuritybuzz.com/articles/getting-know-phishing-story-eyes-hacker/
Symantec and BAE Systems linked watering hole attacks on Polish Banks to the Lazarus Group.
http://securityaffairs.co/wordpress/56235/apt/lazarus-group-polish-bank.html
Malware written in SQL, executed inside the database, targets Magento-powered online stores.
https://gwillem.gitlab.io/2017/02/14/triggered-malware/
Data Selfie is a Chrome extension that logs what Facebook learns about you. It shows you your own data traces and reveal how machine learning algorithms use your data to gain insights about your personality. User data are stored only locally. Scary stuff! Try it.
http://dataselfie.it/
theZoo is a repository of a malware samples for people interested in malware analysis. Be careful.
https://github.com/ytisf/theZoo
Malboxes is a tool which builds malware analysis Windows virtual machines automatically using VirtualBox and Vagrant.
https://github.com/GoSecure/malboxes