cau-dawn.github.io

2018-06-15

\n\n- Banking Trojan\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Target: India</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-06-13</h2>\n\n- UK VS KasperskyLAB\n\n<ul>\n\t<li>TMI</li>\n\t<li>Point\n\t<ul>\n\t\t<li>UK ban KasperskyLAB's program.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-06-12</h2>\n\n- Apple's App store\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Integrity Verification is attacked by virus.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-06-08</h2>\n\n- Android Debug Bridge\n\n<ul>\n\t<li>ADB: Provide unix shell to developer for communicating with device remotly, to execute commands and control device.</li>\n\t<li>Point\n\t<ul>\n\t\t<li>ADB is enabled and exported.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-06-06</h2>\n\n- Desbloquear Conteúdo_{ (chrome extension)}\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Target: Brazil</li>\n\t\t<li>Harvest online-banking user's login and password information and steal money from their bank account.</li>\n\t\t<li>With WebSocket protocol, communication with C&C server for exchanging message.\n\t\t<ul>\n\t\t\t<li>When user visits bank web site, C&C server acts like proxy server for redirecting traffic.</li>\n\t\t\t<li>MITM (Man-In-The-Middle_attack)</li>\n\t\t</ul>\n\t\t</li>\n\t\t<li>Already removed from Chrome Web store.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-05-29</h2>\n\n- Sonic Tone Attack\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Target: HDD</li>\n\t\t<li>with Audible sound: Head stack vibrate outside of operational bounds.</li>\n\t\t<li>with Ultrasonic: Shock sensor that designed to prevent head crash, make altered output.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n\n\n<hr />\n<h2>2018-05-23</h2>\n\n- VPNFilter_{ (router malware)}\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>200,000 devices infected. (Router, NAS, End_Point)</li>\n\t\t<li>Unlike most other IoT threats, it can servive after device rebooting.</li>\n\t\t<li>Spying on traffic.</li>\n\t\t<li>Intercepts SCADA communication.\n\t\t<ul>\n\t\t\t<li>Can destroy social infrastructure.</li>\n\t\t</ul>\n\t\t</li>\n\t\t<li>It use machine-based attack.\n\t\t<ul>\n\t\t\t<li>Can guarant attacker's anonymity.</li>\n\t\t</ul>\n\t\t</li>\n\t\t<li>In Jun. 2018, FBI destroy VPNFilter's some infra system, but it still active.</li>\n\t</ul>\n\t</li>\n\t<li>Attack Flow\n\t<ol>\n\t\t<li>Contact to C&C server and download some modules.</li>\n\t\t<li>Collecting information such as command excution, data exfiltration, and device management.</li>\n\t\t<li>Packet sniffer for spying on traffic such as routing data and steal website credentials and monitoring SCADA protocol.</li>\n\t</ol>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-05-16 </h2>\n\n- TeleGrab_{ (malware)}\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Target: User of PC-Telegram</li>\n\t\t<li>It first appeared in Apr. 4. 2018, second in Apr. 10. 2018.</li>\n\t\t<li>ver. Apr. 4. 2018: Collects browser credentials and cookies.</li>\n\t\t<li>ver. Apr. 10. 2018: Collects cache and key files from end-2-end computer.</li>\n\t\t<li>Attacker uploaded tutorial video in YouTube.\n\t\t<ul>\n\t\t\t<li>Ban already.</li>\n\t\t</ul>\n\t\t</li>\n\t</ul>\n\t</li>\n\t<li>Vulnerability\n\t<ul>\n\t\t<li>PC-Telegram's non-secret chat services.</li>\n\t\t<li>PC-Telegram's non-auto logout feature.</li>\n\t\t<li>PC-Telegram encrypt the chat with user's password and key.\n\t\t<ul>\n\t\t\t<li>It can decipher with brute-force.</li>\n\t\t</ul>\n\t\t</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-05-15</h2>\n\n- Adobe Acrobat Reader DC_{ (vulnerability)}\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Specific Javascript's script embedded in PDF files can cause unbounded copy operation and it can leading buffer-overflow.\n\t\t<ul>\n\t\t\t<li>It can overwrite return address and it can result arbirary code execution.</li>\n\t\t</ul>\n\t\t</li>\n\t\t<li>Specific Javascript's script embedded in PDF files can use some pointer that previous file used.\n\t\t<ul>\n\t\t\t<li>Sensitive memory can disclosed with careful memory manipulation.</li>\n\t\t</ul>\n\t\t</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-03-24</h2>\n\n- Cryptocurrency coin mining malware\n\n<ul>\n\t<li>Point\n\n\t<ul>\n\t\t<li>Exploded in 2017</li>\n\t\t<li>Purpose is 'Earning money' with infected computer's CPU cycle.</li>\n\t\t<li>Browser-Based malware, but it can operate without browser open.</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>2018-03-15</h2>\n\n- FakeBank_{(malware-app)}\n\n<ul>\n\t<li>Full Name: FakeBank.B</li>\n\t<li>Point\n\t<ul>\n\t\t<li>Target: Korea</li>\n\t\t<li>Spread through infected or disguised App.</li>\n\t\t<li>It first appeared in 2016, second in Jan. 2018, and Mar. 2018</li>\n\t\t<li>ver. 2016: Block the bank's call for preventing report about leakage of credit card information.</li>\n\t\t<li>ver. Jan. 2018: Targeting Russia, it collects SMS related to the bank.</li>\n\t\t<li>ver. Mar. 2018: Tageting Korea, it collects peronal information, SMS, and calling events, and it prints fake display for stealing information of bank's client. Moreover, it can intercept bank's call both incoming and outgoing.</li>\n\t\t<li>Android Oreo (ver. 8.0, 8.1) can block this malware.</li>\n\t</ul>\n\t</li>\n\t<li>Attack Flow\n\t<ol>\n\t\t<li>When app is launched, it starts to collect user information and submit in C&C server.</li>\n\t\t<li>Attacker upload setting files that based on user information.</li>\n\t\t<li>Infected phone download the setting files that uploaded in C&C server.</li>\n\t</ol>\n\n\t<ul>\n\t\t<li>Setting File Info.\n\t\t<ul>\n\t\t\t<li>phoneNum_ChangeNum: bank’s phone number that will be replaced when the user dials it</li>\n\t\t\t<li>phoneNum_To: number of a scammer and be dialed when the user tries to call the bank</li>\n\t\t\t<li>phoneNum_Come: number of a scammer that will call the victim. When this number calls the phone, the fake caller ID overlay will appear</li>\n\t\t\t<li>phoneNum_ShowNum: legitimate bank number that should be used to overlay the scammer’s incoming/outgoing caller ID</li>\n\t\t</ul>\n\t\t</li>\n\t</ul>\n\t</li>\n</ul>\n\n<hr />\n<h2>Caution</h2>\n\nThis document will uploaded irregularly.\n\nIf you find the wrong grammer or word, just look.\n\n- Posted by Jeve\n”

cau-dawn.github.io

<span style=\"font-size:16px\">2018-06-15</span>