OSINT News - October 5, by Bart Otten

by in Security

Healthcare giant UHS hit by ransomware attack, sources say

https://techcrunch.com/2020/09/28/universal-health-services-ransomware/ 

COEST_1-1601899978326.jpeg

 

Healthcare giant UHS hit by ransomware attack, sources say – TechCrunch

Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack. The attack hit UHS systems early on Sunday morning, according to two people ...

techcrunch.com

 

---

German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed

https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/ 

COEST_2-1601899978338.jpeg

 

German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed | Amnesty International

• FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more. Because of this, Amnesty International’s Security Lab tracks ...

www.amnesty.org

 

---

4 hackers arrested in Poland in nation-wide action against cybercrime

https://www.europol.europa.eu/newsroom/news/4-hackers-arrested-in-poland-in-nation-wide-action-against-cybercrime 

COEST_3-1601899978395.jpeg

 

4 hackers arrested in Poland in nation-wide action against cybercrime | Europol

Today, the Polish authorities are announcing the arrest of 4 suspected hackers as part of a coordinated strike against cybercrime. Those arrested are believed to be among the most active cybercriminals in the country. This operation was carried out by the Polish Police Centre Bureau of Investigation (Centralne Biuro Śledecze Policji) under the supervision of the Regional Prosecutor’s Office ...

www.europol.europa.eu

 

---

XDSpy APT remained undetected since at least 2011

https://securityaffairs.co/wordpress/109015/apt/xdspy-apt-group.html 

COEST_4-1601899978399.png

 

XDSpy APT remained undetected since at least 2011--Security Affairs

XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The APT group, recently discovered by ESET, targeted government and private companies […]

securityaffairs.co

 

 

REvil ransomware operators are recruiting new affiliates

https://securityaffairs.co/wordpress/108867/cyber-crime/revil-ransomware.html 

COEST_5-1601899978402.jpeg

 

REvil ransomware operators are recruiting new affiliates--Security Affairs

The REvil Ransomware (Sodinokibi) operators have deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. Some hacker forum allows members to deposit funds ...

securityaffairs.co

 

---

Researchers use ‘fingerprints’ to track Windows exploit developers

https://www.bleepingcomputer.com/news/security/researchers-use-fingerprints-to-track-windows-exploit-developers/ 

COEST_6-1601899978426.jpeg

 

Researchers use ‘fingerprints’ to track Windows exploit developers

Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity.

www.bleepingcomputer.com

 

---

Windows Subsystem for Linux 2 bypasses the Windows 10 Firewall

https://www.bleepingcomputer.com/news/microsoft/windows-subsystem-for-linux-2-bypasses-the-windows-10-firewall/ 

COEST_7-1601899978455.jpeg

 

Windows Subsystem for Linux 2 bypasses the Windows 10 Firewall

The Windows Subsystem for Linux 2 will bypass the Windows 10 firewall and any configured rules, raising security concerns for those who use the feature. In a blog post today, Mullvad VPN explained ...

www.bleepingcomputer.com

 

---

Exploiting MFA Inconsistencies on Microsoft Services

https://www.blackhillsinfosec.com/exploiting-mfa-inconsistencies-on-microsoft-services/ 

COEST_8-1601899978568.jpeg

 

Exploiting MFA Inconsistencies on Microsoft Services - Black Hills Information Security

Beau Bullock // Overview On offensive engagements, such as penetration tests and red team assessments, I have been seeing inconsistencies in how MFA is applied to the various Microsoft services. Across Microsoft 365 and Azure, there are multiple endpoints. These endpoints can all be configured under different Conditional Access policy settings, which sometimes lead to […]

www.blackhillsinfosec.com

 

---

Apps on Google Play Tainted with Cerberus Banker Malware

https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/ 

COEST_9-1601899978574.jpeg

 

Apps on Google Play Tainted with Cerberus Banker Malware – Bitdefender Labs

The official Android app market has traditionally been regarded as a safe place to install applications from. Every once in a while, remarkably malicious apps slip right through and start wreaking havoc before they're spotted and retired. Today's blog post focuses... #android #Cerberus #GooglePlay

labs.bitdefender.com

 

---

The Fresh Smell of ransomed coffee

https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/ 

The Fresh Smell of ransomed coffee - Avast Threat Labs

response_type differs based on the command, but the general rule is: If the response contains data response_type = command 1, if it’s just a status then response_type=3 and then there is only one data byte which contains resulting status, where 1 means success. The complete list of commands is in the GitHub repository.. So just for illustration, by issuing this command:

decoded.avast.io

 

---

How to check if an email or a domain was used in Emotet attacks?

https://securityaffairs.co/wordpress/109007/malware/have-i-been-emotet-service.html 

How to check if an email or a domain was used in Emotet attacks?--Security Affairs

Cyber security firm launches a new service that allows users to check if an email domain or address was part of an Emotet spam campaign.

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. When opened and macros are enabled, it will install ...

securityaffairs.co

 

---

Flaws in leading industrial remote access systems allow disruption of operations

https://securityaffairs.co/wordpress/108991/hacking/industrial-remote-access-systems-flaws.html 

Flaws in industrial remote access systems allow disruption of operations--Security Affairs

Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper […]

securityaffairs.co

 

---

Ransomware attack on Tyler Technologies might be worse than initially thought

https://securityaffairs.co/wordpress/108899/malware/tyler-technologies-ransomware-attack.html 

Ransomware attack on Tyler Technologies might be worse than initially thought--Security Affairs

Customers of Tyler Technologies are reporting finding suspicious logins and previously unseen remote access tools on their infrastructure Tyler Technologies, Inc. is the largest provider of software to the United States public sector.

 

The company last week disclosed a ransomware attack, and now its customers are reporting finding suspicious logins and previously unseen remote access tools […]

securityaffairs.co

 

---

Mount Locker ransomware operators demand multi-million dollar ransoms

https://securityaffairs.co/wordpress/108840/malware/mount-locker-ransomware.html 

Mount Locker ransomware operators demand multi-million dollar ransoms--Security Affairs

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to BleepingComputer, the ransomware operators are demanding multi-million dollar ransoms. Like other ransomware operators, Mount

securityaffairs.co

 

---

Netwalker ransomware operators leaked files stolen from K-Electric

https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html 

Netwalker ransomware operators leaked files stolen from K-Electric--Security Affairs

In early September, K-Electric (KE), the electricity provider for the city of Karachi, Pakistan, was hit by a Netwalker ransomware attack that blocked billing and online services. K-Electric is the largest power supplier in the […]

securityaffairs.co

 

---

Swiss watchmaker Swatch shuts down IT systems in response to a cyberattack

https://securityaffairs.co/wordpress/108948/malware/cyber-attack-hit-swatch.html 

Swatch shuts down IT systems in response to a cyberattack--Security Affairs

Swiss watchmaker Swatch Group shut down its IT systems in response to a cyber attack that hit its infrastructure over the weekend. The company turned off its systems to avoid other systems on […]

securityaffairs.co

 

---

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html 

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack--Security Affairs

US-based Arthur J. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. The company did not provide technical details about the attack, it is not clear how the ransomware […]

securityaffairs.co

 

---

Maritime transport and logistics giant CMA CGM hit with ransomware

https://securityaffairs.co/wordpress/108885/malware/cma-cgm-ransomware-attack.html 

Maritime transport and logistics giant CMA CGM hit with ransomware--Security Affairs

CMA CGM S.A., a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 […]

securityaffairs.co

 

---

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

https://securityaffairs.co/wordpress/108960/cyber-crime/russian-hacker-nikulin-sentence.html 

Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison--Security Affairs

The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. Let’s summarize the criminal activities of the man who was arrested in […]

securityaffairs.co

 

---

Maryland Man Sentenced to Prison for Intentionally Damaging the Computers of His Former Employer

https://www.justice.gov/opa/pr/maryland-man-sentenced-prison-intentionally-damaging-computers-his-former-employer 

Maryland Man Sentenced to Prison for Intentionally Damaging the Computers of His Former Employer | OPA | Department of Justice

A Maryland man was sentenced by U.S. District Judge Catherine C. Blake today to 12 months and one day in federal prison, followed by three years of supervised release, for illegally accessing and damaging the computer network of his former employer. Judge Blake also entered an order requiring Stafford to pay restitution in the amount of $193,258.10 to his former employer.

www.justice.gov



 

 

Anonymous