Sunday, December 30, 2018

Huawei Arrest: Chinese Government and Media Spin

Meng Wanzhou, the CFO of Huawei
Industries arrested.
Huawei has worked hard against the Western narrative that it is somehow an agent of the Chinese government or its intelligence services.  In this instance, the Chinese government has lept to its defense.  However, the seriousness of the Chinese government response to Meng’s arrest appears to reflect their defense of Huawei as a premier Chinese industry rather than as a government entity. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: December 28, 2018 

On 28 December 2018, Wapack Labs identified 16 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: December 28, 2018

Wapack Labs identified connections from 71,459 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Tuesday, December 18, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: December 17, 2018 

On 17 December 2018, Wapack Labs identified 208 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: December 17, 2018

Wapack Labs identified connections from 51,581 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wednesday, December 12, 2018

Physical Security Risks that Threaten Cybersecurity

Researchers report that one in four breaches in the financial services sector were due to lost or stolen devices, while one in five were the result of hacking.  Physical security often is viewed as a necessary evil in many corporations, yet remain very important in overall cybersecurity. Many researchers, as well as Wapack Labs, completely understand the critical point that cybersecurity involves hardware and humans as much as it does malware and networks.


To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Tuesday, December 11, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: December 10, 2018 

On 10 December 2018, Wapack Labs identified 497 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: December 10, 2018

Wapack Labs identified connections from 90,371 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Thursday, December 6, 2018

SamSam Ransomware Actors Magnify Exploitation of Victim Network Vulnerabilities

This report is an update to previous Wapack Labs postings regarding the SamSam malware.  US federal authorities are providing current information about the vulnerabilities and exploits used to deploy SamSam ransomware, also known as MSIL/Samas.A.  This malware was being deployed by cyber criminals Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi.  On 26 November 2018, the District of New Jersey indicted Mansouri and Savandi for developing and deploying SamSam ransomware.  SamSam infects whole networks and encrypts victim data, allowing Mansouri and Savandi to demand considerable ransoms in Bitcoin in return for decryption keys.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: December 3, 2018 

On 3 December 2018, Wapack Labs identified 305 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: December 3, 2018

Wapack Labs identified connections from 81.527 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.