Tuesday, May 29, 2018

Overcome Outdated Cyber Risk Processes & Compliance - Top 2 Events in Huntsville Alabama, Next Week

Huntsville, Alabama, is one of the nation's largest technological hubs. Home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA, and DOE. Looking for cyber risk and compliance solutions?  Next week there will be two cyber events, in Huntsville that will have the answers you are looking for:

National Cyber Summit, June 5-7, 2018

3rd Annual H2L & Wapack Labs 2018 Threat Symposium, June 5, 2018

Use the links above to register NOW for both of these events. Both offer a unique opportunity to network with your peers, find real solutions and learn new skills.


Highlights on the H2L & Wapack Labs Threat Symposium

  • KEYNOTE - Dr. Jim Armstrong |Former CIO of a Missile Defense Agency|
    Chinese Cyber Cycle & Technology Transfer Strategy
  • Stan Lozovsky |Vice President & COO, H2L Solutions, Inc.|
    Cyber in the National Guard
  • Jeff Stutzman, CISSP | Chief Intelligence Officer, Wapack Labs LLC|
    NIST Compliance
  • Jesse Burke | Advanced Cyber Analyst, Wapack Labs LLC|
    Weaponizing the Blockchain

See You There!

WWW.WAPACKLABS.COM
Posted by at

Wednesday, May 23, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 21, 2018 

On 21 May 2018, Wapack Labs identified 626 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
Posted by at

Wapack Labs Sinkhole Blacklist


TLP AMBER ANNOUNCEMENT:   
Reporting Period: May 21, 2018

 Wapack Labs identified connections from 818 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Friday, May 18, 2018

AndroidRAT: SpyNote


SpyNote is a free, Android RAT that establishes control over Android devices utilizing a user-friendly GUI. Key features include: view all messages, listen and record all audio, and query the phone location (GPS). 28 Samples have been identified In The Wild (ITW) with 1,334 known Command and Control Nodes, delivered by binding the payload to an existing Android Packages (APK) (i.e.: game, social media, or banking app). The apps are downloaded from the Google Play Store and can transmit Personally Identifiable Information (PII) from the infected device back to the threat actor’s server.


To read the full article and find an archive of related reporting can be found in READBOARD.


WWW.WAPACKLABS.COM 
Posted by at

Wednesday, May 16, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: May 15, 2018
 
Wapack Labs identified connections from 713 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
 
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 15, 2018 

On 15 May 2018, Wapack Labs identified 527 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
Posted by at

Monday, May 7, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 7, 2018 

On 7 May 2018, Wapack Labs identified 59 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM



This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   


Reporting Period: May 7, 2018
 
Wapack Labs identified connections from 757 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
 
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Tuesday, May 1, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: May 1, 2018
 
Wapack Labs identified connections from 629 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
 

This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 1, 2018 

On 1 May 2018, Wapack Labs identified 75 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM


This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at

Chinese Military Cyber Attack Research

Following identification of the PLA 54th Research Institute (54th RI) as a Chinese military cyberattack research entity, further research was conducted by Wapack Labs to identify its leadership and key researchers.   The current 54th RI Director was not found.  Maj Gen Hao Yeli is a former Director, but she has advanced to become Deputy Director of the PLA Fourth Department, under which the 54th RI is subordinated.  Maj Gen Lu Yueguang appears to be the current Deputy Director of the 54th RI.

A review of academic work by 54th RI personnel identified 37 articles and 8 patents that reflected research on cyberattack techniques. Two authors—Zhao Xinjie and Guo Shize—were by far the most prolific over the last ten years, accounting for 26 and 32 articles and patents related to cyberattack, respectively. Four other authors—Xiao Qixue, Wu Zhiyong, Wang Xiaojuan, and Niu Wei—had written four to eight articles or patents each.

Most of the papers found, described techniques for an attack against cryptographic protection systems.  These included side-channel attacks, cache timing attacks, algebraic fault attacks, and cube attacks.  If these publications are representative of the work being done inside the 54th RI, then the term “attack” appears to mean an attack on a cryptosystem to extract its keys, rather than a destructive attack.  Papers on cryptosystem attack technologies by the 54th RI authors were still being published in 2016-2018, indicating that development of these techniques is part of China’s present-day cyber strategy.

An archive of related reporting can be found in the Red Sky Alliance portal.

WWW.WAPACKLABS.COM
Posted by at
Subscribe to: Posts (Atom)