National University Threat Analysis Report The following report is a deep analysis the threat known as CVE-2017-11292; as mentioned in the previous threat analysis report summarizing three current threats. The purpose of the report is to notify National University of the harm that may be caused by CVE-2017-11292 and provide mitigations and solutions. CVE-2017-11292 Kaspersky has discovered on October 10, 2017, an Adobe Flash zero-day exploit. Adobe assigned it CVE-2017-11292. The payload is delivered, most commonly by a socially engineered email, through a Microsoft Office document. Embedded within the document is an ActiveX object which contains the Flash exploit as shown in the image below. (GReAT, 2017) The Flash object contains an ActionScript which is responsible for extracting the exploit using a custom packer. This custom packer has been seen in other FinSpy exploits, according to Kaspersky. The main exploit is a memory corruption vulnerability that is within the “com.adobe.tvsdk.mediacore.BufferControlParameters” class. If successful, attackers will gain read / write operations within memory; which is only stage one of the attack. …show more content…
Download FinSpy (mo.exe) 2. Download a lure document to display to the victim 3. Execute the payload and display the lure document Mo.exe is the newest version of Gamma International FinSpy malware which is normally sold to law enforcement for surveillance. “This newer variant has made it especially difficult for researchers to analyze the malware due to many added anti-analysis techniques, to include a custom packer and virtual machine to execute code. (GReAT, 2017)” Once the payload is started, it will copy files to these locations: • C:\ProgramData\ManagerApp\AdapterTroubleshooter.exe • C:\ProgramData\ManagerApp\15b937.cab •
This particular program is a Windows Trojan but what makes it unique is that it does not rely on the presence of a Windows binary file (an executable file on disk) to maintain its infection of a computer (Information on malware known as Poweliks, 2014).
Vulnerable eventually gotten from the Latin word vulnus ("wound"). "Vulnerable" initially signified "capable for being physically injured" or "having the ability to wound", yet since the late 1600s, it has additionally been utilized metaphorically to propose a lack of protection against non-physical assaults.
Like all the threat, this adware intrudes computer via free software, this software does not disclose that they are bundled with this malware. Sometimes this threat can enter into a computer by spam email attachment and hyperlinks. Some misleading websites such as questionable web pages, torrent sites, social media platforms etc.
The framework for managing and leading a security will lead efforts to achieve a safe, secure, and resilient homeland (Storm 1998). Homeland security encounters terrorism and enhances our security; secure and manage our borders; enforce and administer our immigration laws; protect cyber networks and critical infrastructure; and ensure resilience from disasters (Foxell 2009). Homeland Security will accomplish strengthening both the Department of Homeland Security and the homeland security enterprise.
I have used the THIRA for Central Texas in conjunction with the THIRA from Brazos County to compare with Texas A&M University's EOP. The Central Texas THIRA for 2016 was found online, but I had to schedule an appointment with the Program Manager of Public Safety with the Brazos County Council of Governments to receive any type of information concerning the THIRA for Brazos County. We spoke of the Brazos County THIRA, but I was not allowed access to the document itself and instead was informed of the information I was interested in. Their THIRA was very similar to the Central Texas THIRA in that floods, tornados, active shooters, and fires are all threats discussed. Brazos County has a population of around 220,000 people with College
The Defense Threat Reduction Agency (DTRA) is a multifaceted organization, providing expertise to America and our allies in order to reduce the potential threat of weapons of mass destruction. This organization was developed to mitigate the potential threat, providing reach-back capabilities, eliminate, and reduce the usage of any chemical, biological, radiological, nuclear and high yield explosives. We will discuss the creation of the organization, the Joint Improvised Threat Defeat Organization (JIDO), and the DTRA reach back capabilities.
June 2010, VirusBlokAda a computer company in Belarus receives an email containing information on a computer located in Iran that appears to have a virus causing it to continually reboot. The virus is using a “zero-day” exploit from a LNK file of Windows Explorer, then infects the computer when a flash drive (USB stick) is installed and scanned and then the virus is automatically copied from the flash drive to the computer. Zero-day exploits are extremely rare occurring in approximately 1 in 1 million viruses. Because of the rarity of “zero-day” exploits, the cyber community usually takes notice and contacts the appropriate vendor, in this case Microsoft, so the vendor can patch the software and eliminate the issue. Microsoft then began building its patch for Stuxnet, but in the background Stuxnet continued on its mission.
A zero-day exploit aiming a vulnerability in Adobe Flash in order to trickle another malicious file which is a backdoor onto the receiver’s desktop computer. By doing so, this gave the attackers a foothold to excavate further into the network and obtain the access that they required.
I am talking about computer viruses. I talk about the main things people should know about computer viruses. This should know more about computer viruses. I also talk about how to get rid of a computer virus and many other things. Computer viruses are dangerous, that’s why I have chosen this topic.
You did a good job with the creation of your ruff daft for your threat model process flow diagram and threat model process description document.IT appears from both these document you have a excellent base for the creation of your final product. However, I do have a couple of recommendations which I hope will be able to help you in the creation of your final product. My first recommendation is for the steps of your threat model process. Though you have some very important steps which are need for an threat model process, it may be necessary to add a few more steps for better clarity and more guidance on how to perform your threat model process. To do this you might want to go back and look at the week one instructions. In these instruction the professor provided several steps which are commonly used in thereat modeling processes. These steps included:
THREAT PROFILING: Threat or Threat profiling is a method of proactively identifying threats based on human behavior. The key word is proactively. In Left of Bang, Patrick Van Horne and Jason A. Riley discuss this method and explains how to identify threat by using six domains; Kinesics, Biometric Cues, Proxemics, Geographics, Iconography, and Atmospherics (Van Horne, Riley 67).
Main crime use: This malware spreads via social networking sites MySpace and Facebook with faked messages or comments from "friends." When a user is enticed into clicking on a provided link to view a video, the user is prompted to obtain a necessary update, like a codec -- but it's really malware that can take control over the computer.
You did an excellent job creating your threat model process for week one assignment. It appears that you have an excellent start and bases for the creation of your final threat model process. After reviewing both your threat model process flow diagram and your threat model process document describing each step of your thereat modeling process I have a couple of suggestions which I hope can help you in the creation of your final threat model process. My first recommendation is in regard to the flow of your threat model process. It appears that though you have many excellent steps it’s hard to tell where to start and stop the threat modeling process, the next steps in the process, and if the process repeats. My recommendation is to
Computer viruses are minute program which is “embedded inside an application or within a data file which can copy itself into another program“(Adams et al, 2008 ) for the sole determination of meddling with normal computer operations. The consequences may range from corruption and deletion of data; propagation of virus on to network and deployment through attachments through emails in order to further creating havoc to all associated computing devices.
According to lecture note and presentation from Dr. Tamir Bechor on October 21, 2016, “advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.” (Bechor, 2016) These objectives include building and strengthening its harmful system within an organization infrastructure in order to disrupt activities, obstruct normal operations, and extract sensitive information. Hence, this paper will clarify how advanced persistent threats (APTs) were achieved in the Sony Picture Entertainment (SPE) breach. In addition, examine the characteristics of the SPE threat level and adversary level relating to the threat actors’ capabilities, intent, and targets. Moreover, review why SPE previous security vulnerabilities and weaknesses or significant investments didn’t benefit to detect or prevent this breach. (Bechor, 2016)