OSINT News - January 11, by Bart Otten

by in Security

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/ 

COEST_0-1610354599998.jpeg

 

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

In the aftermath of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the ...

www.wired.com

 

---

Security News This Week: ‘Bulletproof’ Criminal VPN Taken Down in Global Sting

https://www.wired.com/story/security-news-bulletproof-criminal-vpn-taken-down/ 

COEST_1-1610354600049.jpeg

 

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting | WIRED

As 2020 comes to a close, it is perhaps only fitting that the US government and private sector are both scrambling to grasp and mitigate the fallout of a massive hacking spree widely attributed to ...

www.wired.com

 

---

Stopping Serial Killer: Catching the Next Strike

https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/ 

COEST_2-1610354600089.jpeg

 

Stopping Serial Killer: Catching the Next Strike - Check Point Research

Brief When we look at a prevalent malware family, we give credit to its authors regarding the established malicious infrastructure. New malicious activity is flowing smoothly, command-and-control servers appear, everything works like Swiss watch. Are there any weak points in such a construction? To answer this question we may think about a race car. It’s... Click to Read More

research.checkpoint.com

 

---

FBI alert warns private organizations of Egregor ransomware attacks

https://securityaffairs.co/wordpress/113151/breaking-news/fbi-alert-egregor-ransomware.html 

COEST_3-1610354600095.jpeg

 

FBI alert warns private orgs of Egregor ransomware attacks--Security Affairs

The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to […]

securityaffairs.co

 

---

SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes

https://securityaffairs.co/wordpress/113108/data-breach/solarwinds-hackers-o365-mailboxes.html 

COEST_4-1610354600098.png

 

SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes--Security Affairs

The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department’s O365 mailboxes.

 

The US Department of Justice (DoJ) published a press release to confirm that the threat actors behind the SolarWinds supply chain attack were able to access thousands of mailboxes of its employees. “On […]

securityaffairs.co

 

---

JetBrains denies involvement in the SolarWinds supply-chain hack

https://www.bleepingcomputer.com/news/security/jetbrains-denies-involvement-in-the-solarwinds-supply-chain-hack/ 

COEST_5-1610354600114.jpeg

 

JetBrains denies involvement in the SolarWinds supply-chain hack

JetBrains' CEO, Maxim Shafirov, denied reports from multiple news outlets that the company played a role in the SolarWinds supply chain attack. The privately-held software vendor was founded in ...

www.bleepingcomputer.com

 

---

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

https://securityaffairs.co/wordpress/113076/hacking/cve-2020-29583-zyxel-under-attack.html 

COEST_6-1610354600117.png

 

Recently disclosed CVE-2020-29583 Zyxel flaw already under attack--Security Affairs

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn.

 

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be ...

securityaffairs.co

 

---

Healthcare organizations faced a 45% increase in attacks since November

https://securityaffairs.co/wordpress/113038/hacking/healthcare-industry-attacks.html 

COEST_7-1610354600119.png

 

Healthcare organizations faced a 45% increase in attacks since November--Security Affairs

Check Point researchers reported a surge in the number of attacks against organizations in the healthcare industry, 45% since November. This is more than double the overall increase observed by the experts […]

securityaffairs.co

 

---

New alleged MuddyWater attack downloads a PowerShell script from GitHub

https://securityaffairs.co/wordpress/112972/hacking/muddywater-attack-github-imgur.html 

COEST_8-1610354600123.jpeg

 

Alleged MuddyWater attack downloads a PowerShell script from GitHub--Security Affairs

Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […]

securityaffairs.co

 

---

Adversary Infrastructure Report 2020: A Defender’s View

https://www.recordedfuture.com/2020-adversary-infrastructure-report/ 

COEST_9-1610354600162.jpeg

 

Adversary Infrastructure Report 2020: A Defender’s View

PLATFORM. Overview Explore the world’s most advanced security intelligence platform.; Security Intelligence Graph Learn how we produce superior security intelligence that disrupts adversaries at scale.; Interaction Points Investigate your options for interacting with elite security intelligence.; Integrations Insert unprecedented intelligence into the security tools you already use.

www.recordedfuture.com

 

---

Ezuri memory loader used in Linux and Windows malware

https://securityaffairs.co/wordpress/113160/malware/ezuri-loader-linux-attacks.html 

Ezuri memory loader used in Linux and Windows malware--Security Affairs

According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […]

securityaffairs.co

 

---

Ryuk ransomware operations already made over $150M

https://securityaffairs.co/wordpress/113142/cyber-crime/ryuk-ransomware-earnings.html 

Ryuk ransomware operations already made over $150M--Security Affairs

The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million.

The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries around the world. According to a joint report published by security firms Advanced-intel and HYAS, Ryuk operators […]

securityaffairs.co

 

---

Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack

https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html 

Flaws in Fortinet FortiWeb WAF could allow corporate networks to hackS--ecurity Affairs

Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could be exploited by attackers to hack into corporate networks. The flaws, tracked ...

securityaffairs.co

 

---

Google fixed a critical Remote Code Execution flaw in Android

https://securityaffairs.co/wordpress/113095/security/google-android-rce.html 

Google fixed a critical Remote Code Execution flaw in Android--Security Affairs

“The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.” reads Google’s January Android security bulletin. The bulletin also fixed a critical DoS vulnerability, tracked as CVE-2021-0313, that affects the ...

securityaffairs.co

 

---

New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

https://securityaffairs.co/wordpress/113064/malware/electrorat-campaign.html 

ElectroRAT employed in a wide-ranging op against cryptocurrency users--Security Affairs

Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. The campaign was uncovered in December, but according to the experts is active since at least January ...

securityaffairs.co

 

---

Analyzing Cobalt Strike for Fun and Profit

https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ 

Analyzing Cobalt Strike for Fun and Profit

Analyzing Cobalt Strike for Fun and Profit 20 Dec 2020 · 10 minutes read . I am not sure what happened this year but it seems that Cobalt Strike is now the most used malware around the world, from APT41 to APT32, even the last SolarWinds supply chain attack involved Cobalt Strike. Without relaunching the heated debate on publishing offensive tools, this blog post intends to summarize what an ...

www.randhome.io

 

---

Babuk Locker is the first new enterprise ransomware of 2021

https://www.bleepingcomputer.com/news/security/babuk-locker-is-the-first-new-enterprise-ransomware-of-2021/ 

Babuk Locker is the first new enterprise ransomware of 2021

It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks. Babuk Locker is a new ransomware operation that launched at the ...

www.bleepingcomputer.com

 

---

T-Mobile says hackers accessed some customer call records in data breach

https://techcrunch.com/2021/01/03/t-mobile-call-records-data-breach/ 

T-Mobile says hackers accessed some customer call records in data breach – TechCrunch

T-Mobile, the third-largest cell carrier in the U.S. after completing its recent $26 billion merger with Sprint, ended 2020 by announcing its second data breach of the year. The cell giant said in ...

techcrunch.com

 

---

Over 500,000 credentials for tens of gaming firm available in the Dark Web

https://securityaffairs.co/wordpress/113026/deep-web/gaming-industry-under-attack.html 

Over 500,000 credentials for tens of gaming firm available in the Dark Web--Security Affairs

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online. The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to top 25 gaming firms. The alarm was raised by the threat intelligence firm Kela […]

securityaffairs.co

 

---

Apex Laboratory disclose data breach after a ransomware attack

https://securityaffairs.co/wordpress/112994/malware/apex-laboratory-ransomware-attack.html 

Apex Laboratory disclose data breach after a ransomware attack--Security Affairs

At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical laboratory that has been providing home laboratory services to homebound and Nursing Home patients in the NY Metropolitan Area for over 20 years. The at-home laboratory services provider Apex Laboratory disclosed a ransomware attack, the […]

securityaffairs.co

 

---

Over 200 million records of Chinese Citizens for Sale on the Darkweb

https://securityaffairs.co/wordpress/112966/deep-web/chinese-citizens-data-darkweb.html 

Over 200 million records of Chinese Citizens for Sale on the Darkweb--Security Affairs

During a routine Dark web monitoring, the Research team at Cyble found multiple posts where threat actors are offering for sale alleged data leaks related to Chinese citizens. Data might have been stolen from […]

securityaffairs.co

 

---

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

https://www.bleepingcomputer.com/news/security/vodafones-ho-mobile-admits-data-breach-25m-users-impacted/ 

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data.

www.bleepingcomputer.com

 

---

Top data breaches of 2020 – Security Affairs

https://securityaffairs.co/wordpress/112954/data-breach/top-10-data-breaches-2020.html 

Top data breaches of 2020 – Security Affairs

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks. Below […]

securityaffairs.co

 

---

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions.

https://www.justice.gov/usao-sdny/pr/russian-hacker-sentenced-12-years-prison-involvement-massive-network-intrusions-us 

Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions At U.S. Financial Institutions, Brokerage Firms, A Major News Publication, And Other Companies

www.justice.gov

 

---

Former employee of medical packaging company sentenced to federal prison for disrupting PPE shipments

https://www.justice.gov/usao-ndga/pr/former-employee-medical-packaging-company-sentenced-federal-prison-disrupting-ppe

 

Former employee of medical packaging company sentenced to federal prison for disrupting PPE shipments | USAO-NDGA | Department of Justice

Christopher Dobbins has been sentenced to federal prison for hacking his former employer and sabotaging their electronic shipping records, causing more than $200,000 in damage and delaying the shipment of personal protective equipment (“PPE”) during the COVID-19 pandemic.

www.justice.gov

 

 

Anonymous