Archive for February, 2019


On February 22, 360 Threat Intelligence Center captured the first ACE archive[1] to spread malware in the wild through exploiting WinRAR vulnerability (CVE-2018-20250). In the meanwhile, we also reminded users to take actions against this high-risk vulnerability. Continue reading

Last week, 360 Threat Intelligence Center captured multiple bait documents specifically for Japanese users. The phishing email contains an Office Excel attachment with malicious macro embedded to launch subsequent PowerShell script. By analyzing recipients of the collected phishing emails, we found that the victims are employees from Japanese high-tech enterprises. Continue reading

A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password. Continue reading

On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). Continue reading

Hundred of thousands of website users trying to access local news have been effected by a virus that has been injected into a Newsquest server we can reveal. Web users trying to access any of the Newsquest titles are having their phones or web site browsers hijacked, greeting them with a thank you for your loyalty message following a security breach. Continue reading

KEY WEST, Fla.Feb. 27, 2019 /PRNewswire/ — Florida Keys Community College (the “College”) is taking action after discovering that it became the target of a phishing email campaign that compromised several employee email account credentials. Continue reading

Investigators tracked him down after he logged into his rented servers using his home IP addresses. Continue reading

we’re not waiting for adversaries to come to us. Our adversaries understand this, and they are always working to improve that contact. Second, our security is challenged in cyberspace. We have to actively defend; we have to conduct reconnaissance; we have to understand where our adversary is and his capabilities; and we have to understand their intent. Third, superiority in cyberspace is temporary; we may achieve it for a period of time, but it’s ephemeral. That’s why we must operate continuously to seize and maintain the initiative in the face of persistent threats. Continue reading

Abstract—Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operatingsystem (OS) vendors have incorporated support for Input-Ouptut Memory Management Units (IOMMUs), which impose memory protection on DMA, and are widely believed to protect against DMA attacks. Continue reading

The Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data. Continue reading