Thursday, May 23, 2019

Mirai A Self-propagating Mutating Bot Malware

In May 2019, Wapack Labs performed an inventory of recent Mirai specimens on Virus Total. A total of 29K malware specimens were observed during the period spanning from early March to mid-May 2019. A comprehensive indicator list is provided as a companion document to this product.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , , ,

Wednesday, May 22, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 20, 2019 

On 20 May 2019, Wapack Labs identified 28 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: May 20 2019

Wapack Labs identified connections from 68,359 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 
Posted by at
Labels: ,

Thursday, May 16, 2019

LinkedIn, Twitter and Facebook, are not Likely to Survive Russian Internet Isolation Legislation

Social media giants, Twitter and Facebook, are in a legal struggle over previous Russian legislation which requires these companies to store Russian personal data in Russia. Currently, LinkedIn is banned in Russia. On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill.  Russia will develop its own DNS system to conduct special Internet controls. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , , , ,

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: May 13 2019

Wapack Labs identified connections from 51,037 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 
Posted by at

Tuesday, May 7, 2019

Remote Desktop Protocol (RDP) a Deep Dive Webinar


Save the Date: Friday Noon EST, May 10th 
Click Here to Register

Wapack Labs is excited to invite you to our 2nd Cyber Intelligence on-line Briefings (CIB). This webinar is a deep dive into Remote Desktop Protocol (RDP). Jesse Burke, Advanced Cyber Analyst, will share research on RDP Wrap, Backdoors, Inception, and MiTM. Join our webinar on Friday noon for the webinar and the reports.
Posted by at
Labels: , , , , , , , , , ,

Wednesday, May 1, 2019

Wipro Attack Exposes Multiple Targets


In April 2019, Krebs reported that Wipro, an Indian IT outsourcing company, was the victim of a successful cyber attack by suspected state-sponsored actors. The actors leveraged ScreenConnect, a remote administration tool, to gain access to various Wipro systems which were then used as launching points for additional attacks against Wipro’s customers.

 To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM
Posted by at
Labels: , , , , ,

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: April 29 2019

Wapack Labs identified connections from 53,562 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 
Posted by at
Labels: ,

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: April 29, 2019 

On 29 April 2019, Wapack Labs identified 12 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 
Posted by at
Labels: ,
Subscribe to: Posts (Atom)