OSINT News - December 7, by Bart Otten

by in Security

APT groups targets US Think Tanks, CISA, FBI warn

https://securityaffairs.co/wordpress/111806/apt/cisa-fbi-us-think-tanks.html 

APT groups targets US Think Tanks, CISA, FBI warn - Security Affairs

APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a […]

securityaffairs.co

 

---

Turla Crutch: Keeping the “back door” open

https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/ 

Turla Crutch: Keeping the “back door” open | WeLiveSecurity

ESET researchers found a previously undocumented backdoor and document stealer. Dubbed Crutch by its developers, we were able to attribute it to the infamous Turla APT group. According to our ...

www.welivesecurity.com

 

---

Multi-Vector Miner Tsunami Botnet with SSH Lateral Movement

https://securityaffairs.co/wordpress/111761/malware/multi-vector-miner-tsunami-botnet.html 

Multi-Vector Miner Tsunami Botnet with SSH Lateral Movement--Security Affairs

Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @BadPackets 5 days ago and it is still active as of now, December 1, 2020. The botnet carries two […]

securityaffairs.co

 

---

Trickbot now offers ‘trickboot’: persist, brick, profit

https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ 

TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit - Eclypsium

Executive Summary. Collaborative research between Advanced Intelligence (AdvIntel) and Eclypsium has discovered that the TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This new functionality, which we have dubbed “TrickBoot,” makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers ...

eclypsium.com

 

---

Hey Alexa what did i just type? decoding smartphone sounds with a voice assistant

https://arxiv.org/pdf/2012.00687.pdf 

 

---

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

https://securityaffairs.co/wordpress/111743/hacking/darkirc-oracle-weblogic-cve-2020-14882.html 

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882--Security Affairs

Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system

securityaffairs.co

 

---

Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

https://securityaffairs.co/wordpress/111692/hacking/schneider-electric-zero-days.html 

Experts from TIM’s Red Team Research (RTR) found 6 zero-days--Security Affairs

Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020. Schneider Electric is a vendor ...

securityaffairs.co

 

---

 

GettyImages-519518247 (1).jpgHundreds of millions of Android users exposed to hack due to CVE-2020-8913--Security Affairs

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913 The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out […]

securityaffairs.co

 

---

Hackers hide software skimmer in social media sharing icons

https://securityaffairs.co/wordpress/111872/malware/software-skimmer-social-share-icon.html 

Hackers hide software skimmer in social media sharing icons--Security Affairs

Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages. E-skimming took place when hackers compromise an e-commerce site and plant a malicious […]

securityaffairs.co

 

---

Hackers are targeting COVID-19 vaccine cold chain

https://securityaffairs.co/wordpress/111858/apt/covid-19-cold-chain-attacks.html 

Hackers are targeting COVID-19 vaccine cold chain--Security Affairs

Researchers from IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating ...

securityaffairs.co

 

---

Four New SonicWall Firewalls Announced

https://www.storagereview.com/news/four-new-sonicwall-firewalls-announced 

Four New SonicWall Firewalls Announced - StorageReview.com

Today, SonicWall announced four new firewalls, the NSa (note that the ‘a’ is not capitalized) 2700, the TZ270, TZ370, and TZ470. The new firewalls are in addition to the two other x70 firewalls, the TZ570 and the TZ670, they announced earlier this year. SonicWall was founded in 1991. SonicWall ...

www.storagereview.com

 

---

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

https://securityaffairs.co/wordpress/111659/cyber-crime/black-box-attack-italy.html 

Crooks stole 800,000€ from ATMs in Italy with Black Box attack--Security Affairs

A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the […]

securityaffairs.co

 

---

Stride Identifies a Cyberattack on Its Systems and Network

https://www.businesswire.com/news/home/20201130005970/en/Stride-Identifies-a-Cyberattack-on-Its-Systems-and-Network 

Stride Identifies a Cyberattack on Its Systems and Network

K12 Inc. (NYSE: LRN) (“Stride” or “we”) – to be Stride, Inc. effective December 16, 2020 – has detected unauthorized activity on its network, which ha

www.businesswire.com

 

---

GO SMS Pro Vulnerable to File Theft: Part 2

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/go-sms-pro-vulnerable-to-file-theft-part-2/ 

GO SMS Pro Vulnerable to File Theft: Part 2 | Trustwave

Last week we released an advisory about an SMS app called GO SMS Pro. Media files sent via text in the app are stored insecurely on a publicly accessible server. With some very minor scripting, it is trivial to throw a wide net around that content. While it's not directly possible to link the media to specific users, those media files with faces, names, or other identifying characteristics do ...

www.trustwave.com

 

---

A scan of 4 Million Docker images reveals 51% have critical flaws

https://securityaffairs.co/wordpress/111833/hacking/docker-hub-scan-analysis.html 

A scan of 4 Million Docker Images reveals 51% have critical flaws--Security Affairs

Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prevasio Analyzer […]

securityaffairs.co

 

---

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

https://securityaffairs.co/wordpress/111788/mobile-2/iphone-devices-hack.html 

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices--Security Affairs

Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over Wi-Fi.

securityaffairs.co

 

---

Malicious npm packages spotted delivering njRAT Trojan

https://securityaffairs.co/wordpress/111751/hacking/npm-packages-installs-njrat.html 

Malicious npm packages spotted delivering njRAT Trojan--Security Affairs

Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and […]

securityaffairs.co

 

---

Talos reported WebKit flaws in WebKit that allow Remote Code Execution

https://securityaffairs.co/wordpress/111698/hacking/webkit-browser-engine-flaws.html 

Talos reported WebKit flaws in WebKit that allow Remote Code Execution--Security Affairs

Cisco’s Talos team discovered security flaws in the WebKit browser engine, including flaws that can be exploited by a remote attacker to gain code execution by tricking the user into visiting a malicious website.

securityaffairs.co

 

---

A critical flaw in industrial automation systems opens to remote hack

https://securityaffairs.co/wordpress/111646/ics-scada/automation-systems-opens-flaw.html 

A critical flaw in industrial automation systems opens to remote hack--Security Affairs

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […]

securityaffairs.co

 

---

Exploring malware to bypass DNA screening and lead to ‘biohacking’ attacks

https://securityaffairs.co/wordpress/111681/hacking/biohacking-attacks-dna-screening.html 

Exploring malware to bypass DNA screening and lead to 'biohacking' attacks--Security Affairs

A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. Scientists play a crucial role in modern society, especially during […]

securityaffairs.co

 

---

BlackShadow hackers extort Israeli insurance company for $1 million

https://www.bleepingcomputer.com/news/security/blackshadow-hackers-extort-israeli-insurance-company-for-1-million/ 

BlackShadow hackers extort Israeli insurance company for $1 million

BlackShadow hackers extort Israeli insurance company for $1 million. Metro Vancouver's transit system hit by Egregor ransomware. Learn to code like a pro with this extended Cyber Monday deal

www.bleepingcomputer.com

 

---

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7 TB of confidential data

https://securityaffairs.co/wordpress/111756/data-breach/apodis-pharma-data-leak.html 

French Apodis Pharma leaking 1.7 TB of confidential data--Security Affairs

The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma, a software company based in France.

Apodis Pharma is a company that offers a digital supply chain management platform and other software solutions created for pharmacies, healthcare institutions, pharmaceutical ...

securityaffairs.co

 

---

Egregor ransomware attack paralyzed for 3 days payment systems at Metro Vancouver’s transportation agency TransLink

https://securityaffairs.co/wordpress/111898/cyber-crime/egregor-ransomware-hit-translink.html 

Egregor ransomware hit Metro Vancouver transportation agency TransLink--Security Affairs

Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems. The news was also confirmed by Global News which has obtained the ransom letter ...

securityaffairs.co

 

---

Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land

https://securityaffairs.co/wordpress/111842/malware/clop-ransomware-e-land.html 

Clop Ransomware gang claims to have stolen 2M credit cards from E-Land--Security Affairs

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business. It ...

securityaffairs.co

 

---

K12 education giant paid the ransom to the Ryuk gang

https://securityaffairs.co/wordpress/111824/malware/k12-ryuk-ransomware.html 

K12 education giant paid the ransom to the Ryuk gang--Security Affairs

K12 Inc. is a for-profit education company that sells online schooling and curricula.K12 is an education management organization (EMO) that provides online education designed as an alternative to traditional “brick and mortar” education for public school students from kindergarten to 12th grade, Publicly traded K12 is the largest EMO in terms of enrollment.

securityaffairs.co

 

---

Baltimore County Schools close after a ransomware attack

https://securityaffairs.co/wordpress/111732/cyber-crime/baltimore-county-schools-ransomware.html 

Baltimore County Schools close after a ransomware attack--Security Affairs

Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume. School officials notified state and federal law enforcement […]

securityaffairs.co

 

---

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

https://securityaffairs.co/wordpress/111654/cyber-crime/delaware-county-doppelpaymer-ransomware.html 

Delaware County opted to pay 500K ransom to DoppelPaymer gang--Security Affairs

During the last weekend Delaware County, Pennsylvania, was the victim of a DoppelPaymer ransomware attack that brought down part of its network. According to local media, the ransomware operators have compromised systems containing sensitive information, […]

securityaffairs.co

 

---

Owner and Operator of India-Based Call Centers Sentenced to Prison for Scamming U.S. Victims out of Millions of Dollars

https://www.justice.gov/opa/pr/owner-and-operator-india-based-call-centers-sentenced-prison-scamming-us-victims-out-millions 

Owner and Operator of India-Based Call Centers Sentenced to Prison for Scamming U.S. Victims out of Millions of Dollars | OPA | Department of Justice

An Indian national was sentenced today to 20 years in prison followed by three years of supervised release in the Southern District of Texas for his role in operating and funding India-based call centers that defrauded U.S. victims out of millions of dollars between 2013 and 2016.

www.justice.gov

 

 

Anonymous