Tuesday, February 26, 2019

Chinese Cameras Get the Hook!

US officials allege Chinese technology manufacturers are producing equipment that allegedly permits China to spy on users. US universities are replacing telecom equipment made by Huawei and other Chinese companies to avoid losing federal funding under the NDAA.  

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , , , , , ,

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: February 25, 2019 

On 25 February 2019, Wapack Labs identified 243 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: February 25, 2019

Wapack Labs identified connections from 72,499 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: , ,

Tuesday, February 19, 2019

BlackBullet Credential Stuffing

Wapack Labs has identified a new credential stuffing tool named BlackBullet for sale through third-party hacking sites. Credential stuffing is a type of cyber attack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized access to user accounts.

 To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: February 19, 2019 

On 19 February 2019, Wapack Labs identified 18 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: February 19, 2019

Wapack Labs identified connections from 59,921 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,

Tuesday, February 12, 2019

Cyber Criminals Conducting Successful Spearphishing Campaigns Against Students at Multiple Universities

US federal authorities have identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes.  In general, the spearphishing emails request students’ login credentials for the University’s internal intranet.  The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.

 To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: February 11, 2019

Wapack Labs identified connections from 53,521 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,

Monday, February 4, 2019

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities after a security researcher released their proof-of-concept exploit code on the Internet last weekend. 

 To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , ,

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: February 4, 2019 

On 4 February 2019, Wapack Labs identified 392 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: February 4, 2019

Wapack Labs identified connections from 76,207 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: ,
Subscribe to: Posts (Atom)