Blog LBMC

Print Divider Print Divider Branding
 

Threat Intelligence Updates: August 2017

08/17/2017  |  By: Jason Riddle, CISSP, President, COO

Share

Social Logo Social Logo Social Logo Social Logo

Adobe Announces End-of-Life Timeline for Flash

On July 25th, Adobe announced the official end-of-life date (12/31/2020) for Flash. The software vendor’s popular browser plugin has been chronically plagued by security vulnerabilities and has been largely deprecated by newer technologies like HTML5. Quiet applause could be heard throughout the information security community when the news was released.

Learn more at Adobe’s website:

Three New CIA Hacking Tools Released on WikiLeaks

As part of the Vault 7 series, WikiLeaks published “Imperial,” which uncovered details about three hacking tools that target systems using Apple Mac OS X and different flavors of Linux operating systems.  According to WikiLeaks, Achilles is a tool that allows an individual to trojan an OS X disk image (.dmg file) installer with a malicious executable that can run in the background when a user unknowingly downloads and installs the infected disk image. The second tool is SeaPea, a rootkit providing tool-launching capabilities, which also targets the Apple Mac OS. Lastly, Aeris is an automated implant that is designed to backdoor portable Linux operating systems such as Debian, CentOS, and Red Hat.

For more information on these hacking tools, please visit:

Russian Hackers Targeting Hotels

Last Friday (8/11), FireEye published a blog post about Russian threat actors attacking European hotel chains using weaponized MS Word docs. From FireEye’s research, it appears the attackers are using the hotels’ systems to target their guests. According to the story, attackers also used the EternalBlue exploit to move laterally between systems. The story goes on to explain that cyber espionage activity is a long-standing threat to business travelers, especially those who frequent luxe brand hotels—as these properties are often high-value targets for criminal and nation-state threat actors.

More information on this incident can be found at the following sites: