HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 11, 2014

Key Articles of Interest for July 11th, 2014

 

CrowdStrike Intelligence Report: Putter Panda
Crowdstrike has been tracking the activity of a cyber espionage group operating out of shanghai, China, with connections to the People’s liberation army third General staff department (Gsd) 12th Bureau Military Unit Cover designator (MUCd) 61486, since 2012. the attribution provided in this report points to Chen Ping, aka cpyy (born on May 29, 1979), as an individual responsible for the domain registration for the Command and Control (C2) of PUttEr Panda malware. In addition to cpyy, the report identifies the primary location of Unit 61486.

Protection from Kerberos Golden Ticket
Kerberos authentication protocol is the preferred authentication mechanism used by Windows in a domain- based environment, and interoperates with Kerberos implementations supported by other operating systems. While the pass-the-hash technique (PtH) is still used by Advanced Persistent Threats (APT), the equivalent technique misusing the Kerberos protocol, known as pass-the-ticket (PtT), is increasing1.

 

Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
Malware-poisoned handheld inventory scanners from China are stealing information from logistics and shipping firms as well as manufacturing companies around the globe in an attack campaign dubbed “ZombieZero” by the researchers who discovered it.

Brazilians in the Russian Underground
Monitoring the cybercriminal underground sometimes leads us down some interesting paths. We recently encountered a cybercriminal posting in a Russian underground forum which led to the discovery of more than 136,000 stolen credit card credentials.

On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More than 200,000 samples are built, packed and pushed on the market daily. Few of these threats manage to cause widespread havoc and only a meager handful become so successful that they spawn vast numbers of clones.

Information controls during Thailand’s 2014 Coup
The May 2014 coup d’etat in Thailand was the 19th coup attempt in the country’s history. It stands out from previous coups due to the military junta’s focus on information controls (defined below in more detail). It was also the first time that martial law was imposed before the coup, allowing the military to impose immediate restrictions on freedom of speech, association, and the press.

The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
We conduct a security analysis of five popular web-based password managers. Unlike “local” password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies.

When Adware Goes Bad: The Installbrain and Sefnit Connection
Adware is often perceived as low-risk, because these usually display unwanted popups and pop under advertisements. However, they can pose serious security risks when used by adware companies to load malware onto systems wherein their adware has been installed.

 

The information contained in this blog post is from publicly available sources. Avoid suspicious links and advertisements. These articles do not represent HP’s view or position on any of the topics listed. This blog post is provided as a news service only – it is not an official position by HP. The intent of this blog post is to share current events related to the cyber security industry within HP. 

Labels: HPSR
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.