Hacking Malware

French manufacturer LaCie admits data breah

LaCie is a french manufacturer of  hard drive. It was a victim of a security breach and obviously sent notifications to customers about the incident . The breach was detected by the FBI on March 19,2014 which forwarded the alarm. A malware was used to gain access to customer’s transactions made between March 27,2013 and March 10,2014. Names, addresses,email addresses,payment card numbers and cards expiration dates belonging to customers  have been accessed by the unauthorized party. LaCie urged everyone to change their password believing that customers’ usernames and passwords  on LaCie’s website could have also been accessed.


Free Antivirus Scanning Sites…


These sites can give you indications when analysing malicious files . If you are a target of an APT and care about the privacy of your organisation’s information, then do not upload the file, instead use the hash.



Metascan Online


Hacking Malware

Ukraine , target of Snake or Uroburo malware


A dangerous cyber weapon has infected many computers in Ukraine in 2014. It is a spyware designed to steal sensitive secret information from high potential networks . Experts believe that this rootkit has been undetected for more than three years. Due to the complexity and the estimated high cost of this malware, G Data the German security company believes a sponsored state is behind this attack, possibly linked to Russia, since the developers of this malicious program speak Russia language.

Uroburo works autonomously and works on peer-to-peer mode .The infected computers spy on documents and send those to a PC connected to the internet. It supports 32 and 64 bit Windows Operating System.


Kaspersky uncovered Mask malware


A big cyber espionage has been uncovered by Kaspersky Lab. A multiplatform malware named Mask (Aka Careto) was used to target victims since 2007. It was a real nation-state spying tool. Infections have been observed in many countries among those France, Germany, Morocco, United States and Venezuela… The detection name to look for is Trojan.Win32/Win64.Careto.* The name Careto was fund in the malicious code. It was collecting a large piece of document from infected system,including encryption keys,SSH Keys, VPN configuration and RDP files.


Updated Standard

The new ISO 27001:2013 has been released as well as ISO 27002:2013.

The ISO 27001:2013 contents the following topics :

  • 0 Introduction
  • 1 Scope – states what the standard is about
  • 2 Normative references
  • 3 Terms and definitions
  • 4 Context of the organisation – The old section 4 risk assessment component, now more aligned with ISO 31000
  • 5 Leadership
  • 6 Planning – More risk management and preventative and corrective processes
  • 7 Support – Management support
  • 8 Operation – the implement and operate section of the old standard
  • 9 Performance evaluation – Monitoring, audit and management review
  • 10 Improvement – Continuous Improvement

The ISO 27002:2013 has reduced the domains from 133 to 114, some domains have been removed, some combined.

  • 5 Information security policies
  • 6 Organisation of information security
  • 7 Human resource security
  • 8 Asset management
  • 9 Access control
  • 10 Cryptography
  • 11 Physical and environmental security
  • 12 Operations security
  • 13 Communications security
  • 14 System acquisition, development and maintenance
  • 15 Supplier relationships
  • 16 Information security incident management
  • 17 Information security aspects of business continuity management
  • 18 Compliance

On the other side the payment Card Industry PCI and Payment application PA  DSS  version 3 being released.


International Atomic Energy Agency hits by an unknown malware

The computers of the IAEA have been infected by a malware.The nuclear agency holds sensitive information from many European states and is an active actor in the fight against Nuclear weapons. It appears that the malicious software once installed was able to transfer information from USB drive of any visitors to the office in Vienna. Though the thumb drive was not a vector, but the victim in this infection.


Hackers targeted Finland for years


Finland has been a target of a cyber espionage for years. The minister of foreign affairs Erkki Tuomioja has admitted : I can confirm there has been a severe and large hacking in the ministry’s data network.” The intrusion has not been discovered by the finns themselves, but by another agency reporting to CERT-FI . The malicious code use by the cybercrook is similar to the Red October malware source code . The malware was implanted in the finnish ministry of Foreign affairs network for years during the spying campaign. The actor of this crime is unknown, but the finnish television MTV3 is suspecting Russia or China.


Avira Antivirus Site hacked…

The German software company is experiencing an intrusion. The web page has been hacked by palestinian hackers called KDMS as seen in the picture below.  The two messages put by the attacker does still remain, the first message :” Long live Palestine” and the second message ” There is no full security”. Let see how Avira will bypass it, the page is still Pwned



Adobe Breach

Adobe as usual has been hacked,  customers information and source code stolen.

How did they get in? It obviously appears that they use a vulnerability in Coldfusion as the attack vector this time to breach an adobe site used for payment processing.

What can I do as A coldfusion user? Just patch..

Do I need to reset my password? No, Adobe is taking care of that, concerned customers will get email notifications.


Fighting Cybercrime

Microsoft Digital crime unit has introduced a cloud based technology to help organizations worldwide to fight against malware. It is a technology called Windows Azure-based Cyber Threat Intelligence Program (C-TIP) that will allow the interested parties to share information on real time. But Microsoft advises to use the Malicious Software Removal Tool to clean infected computers. The new C-TIP takes this effort to a new level.