There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked.
MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well.
CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.
The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.
The exploit was discovered in the wild in August 2015, when it was used in a targeted attack by the Platinum group, presumably against targets in India. Over the following months, there was significant growth in the number of threat actors using the vulnerability as a primary tool for initial penetration, with both the attack groups and their targets located in South-East and Central Asia and the Far East.
In this research paper, we discuss examples of attacks using the CVE-2015-2545 vulnerability undertaken by some of these groups.
The investigation into the attempted $1 billion electronic heist at the Bangladesh central bank has expanded to as many as 12 more banks that all use the SWIFT payment network.
Security firm FireEye, investigating the hack, has been contacted by numerous other banks, including some in New Zealand and the Philippines. While most of the attempted transfers in the original heist were cancelled, some $81 million was sent to the Philippines and subsequently laundered through casinos. The SWIFT organization in a statement said that some of these reports may be false positives, and that banks should rigorously review their computing environments to look for hackers.