A few days ago we reported a new Watering Hole campaign affecting a U.S Department of Labor website. In our first analysis we reported that the exploited vulnerability was CVE-2012-4792 . Further analysis showed that the vulnerability exploited wasn’t CVE-2012-4792 but a new zeroday vulnerability affecting Internet Explorer 8 (CVE-2013-1347). It was confirmed by Microsoft that released a … Read more
New Internet Explorer zeroday was used in the DoL Watering Hole campaign
May 5th, 2013 | Posted by in Advisory | APT | Attacks | Exploits | Malware - (0 Comments)U.S. Department of Labor website hacked and redirecting to malicious code
May 1st, 2013 | Posted by in APT | Attacks | Exploits - (0 Comments)During the last few hours we have identified that one the U.S. Department of Labor website has been hacked and it is serving malicious code. Clarification: The website affected is the The Department of Labor (DOL) Site Exposure Matrices (SEM) Website “The Department of Labor (DOL) Site Exposure Matrices (SEM) Website is a repository of information gathered from … Read more
UrlQuery Chrome Extension
April 29th, 2013 | Posted by in General | Malware | News | Tutorial - (0 Comments)UrlQuery is a service for detecting and analyzing web-based malware, claims its website, this service is very useful and provides a detailed report of the submitted webpage. We use these services a lot in the lab, so we’ve decided to make our lives easier by developing a simple context menu extension which automatically sends urls to the service. The extension … Read more
How cybercriminals are exploiting Bitcoin and other virtual currencies
April 16th, 2013 | Posted by in Attacks | Exploits | Malware | News | Snort - (0 Comments)- What is Bitcoin? Bitcoin is an online descentralised virtual currency based on an open source, P2P protocol. Bitcoins can be transferred using a computer without relying on a financial institution. If you haven’t heard about Bitcoin I recommend you watch the following video: Both the Bitcoin creation and transfer is performed by computers called … Read more
New Sykipot developments
March 21st, 2013 | Posted by in APT | Attacks | Exploits | Malware | News | Snort - (Comments Off)Summary During the last few years, we have been publishing about a group of hackers who have focused on targeting DIB (Defence Industrial Base) and other government organizations: – Another Sykipot sample likely targeting US federal agencies – Are the Sykipot’s authors obsessed with next generation US drones? – Sykipot variant hijacks DOD and Windows … Read more
