OSINT News - November 16, by Bart Otten

by in Security

Costaricto APT: Cyber mercenaries use previously undocumented malware

https://securityaffairs.co/wordpress/110818/apt/costaricto-apt-cyber-mercenaries.html 

Costaricto APT: Cyber mercenaries use previously undocumented malware--Security Affairs

Blackberry researchers have documented the activity of a hackers-for-hire group, dubbed CostaRicto, that has been spotted using a previously undocumented piece of malware to target South Asian financial institutions and global entertainment companies. “During the past ...

securityaffairs.co

 

---

New modular ModPipe POS Malware targets restaurants and hospitality sectors

https://securityaffairs.co/wordpress/110802/hacking/modpipe-backdoor-pos.html 

Modular ModPipe POS Malware targets restaurants and hospitality sectors--Security Affairs

ESET researchers discovered a new modular backdoor, dubbed ModPipe, that was designed to target PoS systems running ORACLE MICROS Restaurant Enterprise Series (RES) 3700, which is a management suite widely used in restaurant and hospitality sectors. The ...

securityaffairs.co

 

---

The alleged decompiled source code of Cobalt Strike toolkit leaked online

https://securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html 

The alleged source code of Cobalt Strike toolkit leaked online--Security Affairs

The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy […]

securityaffairs.co

 

---

Former Microsoft worker sentenced to nine years in prison for stealing $10 million

https://securityaffairs.co/wordpress/110777/cyber-crime/former-microsoft-worker-sentenced.html 

Former Microsoft worker sentenced to nine years in prison for stealing $10 million--Security Affairs

Volodymyr Kvashuk (26), a former Microsoft software engineer, was sentenced this week to nine years in prison for a scheme to steal $10 million in digital currency. Kvashuk is a Ukrainian citizen living in […]

securityaffairs.co

 

---

Muhstik botnet adds Oracle WebLogic and Drupal exploits

https://securityaffairs.co/wordpress/110763/uncategorized/muhstik-botnet-weblogic-drupal.html 

Muhstik botnet adds Oracle WebLogic and Drupal exploits--Security Affairs

Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig, cgmining and with DDoS-for-hire services. The botnet leverages IRC servers for […]

securityaffairs.co

 

---

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

https://securityaffairs.co/wordpress/110693/malware/fake-microsoft-teams-cobalt-strike.html 

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike--Security Affairs

Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […]

securityaffairs.co

 

---

Tetrade hackers target 112 financial apps with Ghimob banking Trojan

https://securityaffairs.co/wordpress/110671/cyber-crime/ghimob-banking-trojan.html 

Tetrade hackers target 112 financial apps with Ghimob banking Trojan--Security Affairs

Ghimob is a new Android banking Trojan discovered by Kaspersky that is able to steal data from 112 financial apps. In July, cybersecurity researchers from Kaspersky Lab have detailed four different families of […]

securityaffairs.co

 

---

xHunt hackers hit Microsoft Exchange with two news backdoors

https://securityaffairs.co/wordpress/110644/apt/xhunt-attackers-hit-microsoft-exchange.html 

xHunt hackers hit Microsoft Exchange with two news backdoors--Security Affairs

Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor […]

securityaffairs.co

 

---

FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses

https://securityaffairs.co/wordpress/110594/hacking/fbi-alert-sonarqube-attacks.html 

FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses--Security Affairs

The Federal Bureau of Investigation has issued an alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and businesses. The alert, coded […]

securityaffairs.co

 

---

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

https://securityaffairs.co/wordpress/110609/hacking/tianfu-cup-2020.html 

Tianfu Cup 2020 - 5 minutes to hack Windows 10, Ubuntu iOS ...Security Affairs

This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. The Tianfu Cup is the most important hacking contest held in China, the […]

securityaffairs.co

 

---

Decrypting OpenSSH sessions for fun and profit

https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ 

Decrypting OpenSSH sessions for fun and profit – Fox-IT International blog

Author: Jelle Vergeer Introduction A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. The customer had pcaps and a hypervisor snapshot…

blog.fox-it.com

 

---

New Platypus attack can steal data from Intel CPUs

https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/ 

New Platypus attack can steal data from Intel CPUs | ZDNet

A team of academics has disclosed today a new attack method that can extract data from Intel CPUs. Best Chromebook laptops in 2020: Google, Dell, Asus, Lenovo, and more Our pick of the best ...

www.zdnet.com

 

---

DNS cache poisoning attacks return due to Linux weakness

https://www.bleepingcomputer.com/news/security/dns-cache-poisoning-attacks-return-due-to-linux-weakness/ 

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks. The findings reopen a vulnerability that ...

www.bleepingcomputer.com

 

---

Ransomware Group Turns to Facebook Ads

https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/ 

Ransomware Group Turns to Facebook Ads — Krebs on Security

It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other hacked Facebook accounts. A spokesperson for Facebook said the company is still ...

krebsonsecurity.com

 

---

Security flaws in Schneider Electric PLCs allow full take over

https://securityaffairs.co/wordpress/110840/ics-scada/schneider-electric-plcs-flaws.html 

Security flaws in Schneider Electric PLCs allow full take over--Security Affairs

Four encryption and authentication issues in Modicon M221 PLCs were reported by Trustwave, three of which have been independently found by the security firm Claroty. “Schneider Electric is aware of multiple vulnerabilities in its Modicon M221 product. The Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines.

securityaffairs.co

 

---

Google addresses two new Chrome zero-day flaws

https://securityaffairs.co/wordpress/110793/hacking/google-chrome-zero-day-flaws.html 

Google addresses two new Chrome zero-day flaws--Security Affairs

Google has addressed two zero-day vulnerabilities, actively exploited in the wild, with the release of Chrome version 86.0.4240.198. The IT giant has fixed a total of five Chrome zero-day vulnerabilities in only three weeks. Both zero-day flaws, […]

securityaffairs.co

 

---

Google and Mozilla fixed issues exploited at 2020 Tianfu Cup hacking contest

https://securityaffairs.co/wordpress/110773/security/google-mozilla-2020-tianfu-cup.html 

Google and Mozilla fixed issues exploited at 2020 Tianfu Cup contest--Security Affairs

Google addressed the flaw with the release of Chrome 86.. The CVE-2020-16016 flaw, along with the CVE-2020-26950 issue, was exploited by a team named “360 Enterprise Security and Government and (ESG) Vulnerability ...

securityaffairs.co

 

---

Microsoft Patch Tuesday fixes CVE-2020-17087 currently under active exploitation

https://securityaffairs.co/wordpress/110730/security/microsoft-patch-tuesday-nov-20.html 

Microsoft Patch Tuesday fixes CVE-2020-17087 currently under active exploitation--Security Affairs

Microsoft Patch Tuesday updates for November 2020 address 112 vulnerabilities in multiple products, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based and Chromium-based), ChakraCore ...

securityaffairs.co

 

---

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

https://securityaffairs.co/wordpress/110638/malware/compal-ransomware-attack.html 

Compal, the Taiwanese giant laptop manufacturer hit by ransomware--Security Affairs

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. Compal Electronics is a Taiwanese original design manufacturer (ODM), handling the production of notebook computers, monitors, tablets and televisions for a variety of clients around the world, including Apple Inc., Acer, Lenovo, Dell, Toshiba, Hewlett ...

securityaffairs.co

 

---

E-commerce platform X-Cart hit by a ransomware attack

https://securityaffairs.co/wordpress/110623/malware/x-cart-ransomware-attack.html 

E-commerce platform X-Cart hit by a ransomware attack--Security Affairs

At the end of October, the e-commerce software platform X-Cart suffered a ransomware attack, the infection brought down customers’ e-stores hosted by the company on its platform. The software and services company X-Cart was recently acquired […]

securityaffairs.co

 

---

Vertafore data breach exposed data of 27.7 million Texas drivers

https://securityaffairs.co/wordpress/110848/data-breach/vertafore-data-breach.html 

Vertafore data breach exposed data of 27.7 million Texas drivers--Security Affairs

Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. The company pointed out that the data breach did not expose Social Security numbers or financial account information.

securityaffairs.co

 

---

46M accounts were impacted in the data breach of children’s online playground Animal Jam

https://securityaffairs.co/wordpress/110831/data-breach/animal-jam-data-breach.html 

46M accounts were impacted in the Animal Jam data breach--Security Affairs

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam is a safe, award-winning online playground for kids created by WildWorks. Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has […]

securityaffairs.co

 

---

Prestige reservation platform exposes millions of hotel guests

https://securityaffairs.co/wordpress/110658/data-breach/prestige-data-leak.html 

Prestige reservation platform exposes millions of hotel guests--Security Affairs

Researchers at Website Planet discovered a misconfigured S3 bucket used by the Prestige Software’s Cloud Hospitality that exposed millions of hotel guests worldwide. The reservation system Prestige Software’s “Cloud Hospitality” allows ...

securityaffairs.co

 

 

Anonymous