Indonesia, South Korea central bank websites hit by cyber attacks; no losses

"The central banks of Indonesia and South Korea have been hit by cyber
attacks on their public websites since activist hacking group Anonymous
pledged last month to target banks across the world, senior officials in
the two countries told Reuters.

In response to the

Rabu, 22 Jun 2016
Angler Exploit Kit Evading Emet

"We recently encountered some exploits from Angler Exploit Kit (EK) that
are completely evading Microsoft’s Enhanced Mitigation Experience
Toolkit (EMET). This is something we are seeing for the first time in
the wild, and we only observed it affecting systems running

Rabu, 15 Jun 2016
Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript

We have recently observed new campaigns of Locky and have described
them below.

XOR obfuscation

Locky arrives through a spam email attachment that evades antispam
filters and attempts to trick users via social engineering into opening
the attachment. In general p

Rabu, 15 Jun 2016
On-Demand Polymorphic Code in Ransomware

"Virlock is a ransomware that has metamorphic algorithm, as discussed in
the blog post cited above. It also has what I have coined as an
on-demand polymorphic algorithm.

Similar to a regular polymorphic malware using a key, it decrypts the
malware code into t

Rabu, 15 Jun 2016
Ransomware Leaves Server Credentials in its Code

While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine
or interface, its coarse and bland façade hid quite a surprise. After
looking closer at its code, we discovered that this ransomware contains
the credentials for the access of its own server.

Rabu, 15 Jun 2016
Key player in Silk Road successor site gets eight years in U.S. prison

"A Washington state man was sentenced on Friday to eight years in prison
for his role in helping the management of the successor website to Silk
Road, an online black market where illegal drugs and other goods were sold.

Brian Farrell, who prosecutors say was a staff memb

Selasa, 14 Jun 2016
Banks: Credit Card Breach at CiCi’s Pizza

"CiCi’s Pizza, an American fast food business based in Coppell, Texas
with more than 500 stores in 35 states, appears to be the latest
restaurant chain to struggle with a credit card breach. The data
available so far suggests that hackers obtained access to card data

Selasa, 14 Jun 2016
VK.com Data Breach Includes 100 Million Cleartext Passwords

A hacker has put up for sale 100,544,934 records he claims were stolen
from VK.com, a Russian-based social network. This is the same hacker who
had previously sold data dumps from MySpace, LinkedIn, Tumblr, and

Named Peace (or Peace_of_mind), the hacker is ask

Selasa, 14 Jun 2016
Iran-Saudi tensions erupt in 'cyberwar'

"Mainly Shia Iran and Saudi Arabia have long been regional rivals but
tensions worsened dramatically last year, partly because of the
conflicts in Syria and Yemen.

Within days of Gen Jalali's remarks, Iranian and Saudi hackers were
attacking websites in each oth

Selasa, 14 Jun 2016
US Visa Applicants Targets of Espionage Campaign with Qarallax RAT

"People who applied for a US visa in Switzerland complained about
receiving malware from an unknown person via Skype, posing as a US
government official guiding applications through the said process.

The victims said the person sent them a file named "US Travel Docs<

Selasa, 14 Jun 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: