ESET discovers Attor, a spy platform with curious GSM fingerprinting - and other news articles

Micro Focus Expert
Micro Focus Expert
0 0 395
0 Likes

Apple zero-day exploited in new bitpaymer campaign

http://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign 

 

Apple Zero-Day Exploited in New BitPaymer Campaign

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.. This time we have identified the abuse of an Apple zero-day vulnerability in the Bonjour updater that comes packaged with iTunes for Windows.

blog.morphisec.com

 

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

https://blog.trendmicro.com/trendlabs-security-intelligence/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops/ 

 

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops - TrendLabs Security Intelligence Blog

We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market.

blog.trendmicro.com

 

Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539, and CVE-2018-13379 to gain access to vulnerable VPN devices.

https://media.defense.gov/2019/Oct/07/2002191601/-1/-1/0/CSA-MITIGATING-RECENT-VPN-VULNERABILITIES.PDF 

MITIGATING RECENT VPN VULNERABILITIES - media.defense.gov

U/OO/196888-19 PP-19-1293 07 October 2019 1 MITIGATING RECENT VPN VULNERABILITIES ACTIVE EXPLOITATION Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539,

media.defense.gov

 

FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication

https://publicintelligence.net/fbi-circumventing-multi-factor-authentication/ 

FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication | Public Intelligence

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts.

publicintelligence.net

 

Cybercrime is becoming bolder with data at the centre of the crime scene

https://www.europol.europa.eu/newsroom/news/cybercrime-becoming-bolder-data-centre-of-crime-scene 

 

Cybercrime is becoming bolder with data at the centre of the crime scene | Europol

Europol’s 2019 cybercrime report provides insights into emerging threats and key developments. Cybercrime is continuing to mature and becoming more and more bold, shifting its focus to larger and more profitable targets as well as new technologies. Data is the key element in cybercrime, both from a crime and an investigate perspective.

www.europol.europa.eu

 

[PDF] Abusing third-party cloud services in targeted attacks

https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-LunghiHorejsi.pdf 

Abusing third-party cloud services in

Abusing third-party cloud services in targeted attacks Daniel Lunghi (@thehellu), Jaromir Horejsi (@JaromirHorejsi) October 02, 2019, Virus Bulletin, London, UK

www.virusbulletin.com

 

Recent cyberattacks require us all to be vigilant

https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/ 

 

Recent cyberattacks require us all to be vigilant - Microsoft on the Issues

Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government. We’re sharing this for two reasons. First, it is important that we all – governments and private sector – are increasingly transparent about nation-state attacks...

blogs.microsoft.com

 

How Tortoiseshell created a fake veteran hiring website to host malware

https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html 

 

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: How Tortoiseshell created a fake veteran hiring website to host malware

The attacker retrieves information such as the date, time and drivers. The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc.

blog.talosintelligence.com

 

Hackers compromised Volusion infrastructure to siphon card details from thousands of sites

https://securityaffairs.co/wordpress/92294/hacking/volusion-security-breach.html 

 

Hackers compromised Volusion infrastructure to siphon card details from thousands of sitesSecurity Affairs

Hackers have compromised the infrastructure of Volusion and are distributing malicious software skimmers to steal payment card data provided by users. Volusion is a privately-held technology company that provides ecommerce software and marketing and web design services for small and medium ...

securityaffairs.co

 

Experts found a link between a Magecart group and Cobalt Group

https://securityaffairs.co/wordpress/92264/cyber-crime/magecart-cobal-link.html 

 

Experts found a link between a Magecart group and Cobalt GroupSecurity Affairs

Researchers from MalwareBytes and HYAS Threat Intelligence linked one of the hacking groups under the Magecart umbrella to the notorious Cobalt cybercrime Group. Hacker groups under the Magecart umbrella continue to target organizations worldwide to steal payment card data with so-called software ...

securityaffairs.co

 

Hackers continue to exploit the Drupalgeddon2 flaw in attacks in the wild

https://securityaffairs.co/wordpress/92239/malware/drupalgeddon2-campaign.html 

 

Hackers continue to exploit the Drupalgeddon2 flaw in attacks in the wildSecurity Affairs

Researchers from Akamai uncovered a new campaign targeting the Drupalgeddon2 vulnerability to deliver malware. The popular security expert Larry W. Cashdollar from Akamai has uncovered a new campaign targeting the popular Drupalgeddon2 vulnerability (CVE-2018-7600) to deliver malware.. Drupalgeddon2 is a “highly critical” vulnerability that affects Drupal 7 and 8 core, it could be ...

securityaffairs.co

 

Magecart hackers are expanding their operations

https://securityaffairs.co/wordpress/92136/cyber-crime/magecart-hackers-report.html 

 

Magecart hackers are expanding their operations - ReportSecurity Affairs

Cybercrime gangs under the Magecart umbrella continue to compromise e-commerce platforms to steal payment card data from users worldwide. According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to ...

securityaffairs.co

 

Ukrainian police dismantled a bot farm involved in multiple spam campaigns

https://securityaffairs.co/wordpress/92079/cyber-crime/ukrainian-police-bot-farm.html 

 

Ukrainian police dismantled bot farm involved in multiple spam campaignsSecurity Affairs

The Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to ...

securityaffairs.co

 

Dutch police shut down bulletproof service hosting tens of DDoS botnets

https://securityaffairs.co/wordpress/92070/cyber-crime/dutch-police-seized-bulletproof-hosting-service.html 

 

Dutch police shut down bulletproof service hosting tens of DDoS botnetsSecurity Affairs

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks. A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down ...

securityaffairs.co

 

How to break PDF Encryption (September 2019)

https://pdf-insecurity.org/ 

Researchers released a free decryptor for the Nemty Ransomware

https://securityaffairs.co/wordpress/92386/malware/nemty-ransomware-decryptor.html 

 

Researchers released a free decryptor for the Nemty RansomwareSecurity Affairs

Good news for the victims of the Nemty Ransomware, security researchers have released a free decryptor that could be used to recover files.. I have great news for the victims of the recently discovered Nemty Ransomware, security researchers have released a free decryptor tool that could be used to recover files.. In mid-August, the Nemty ransomware appeared in the threat landscape, the name of ...

securityaffairs.co

 

PoS malware infections impacted four restaurant chains in the U.S.

https://securityaffairs.co/wordpress/92202/data-breach/restaurant-chains-pos-malware.html 

 

PoS malware infections impacted four restaurant chains in the U.S.Security Affairs

Four restaurant chains in the U.S. disclose d payment card theft via PoS malware that took place over the summer. Four restaurant chains in the United States disclosed security breaches that impacted their payment systems over the summers, crooks used PoS malware to steal payment card data of the ...

securityaffairs.co

 

A bug in Signal for Android could be exploited to spy on users

https://securityaffairs.co/wordpress/92159/hacking/bug-signal-android.html 

 

A bug in Signal for Android could be exploited to spy on users via microphoneSecurity Affairs

Researcher discovered a logical flaw in the Signal messaging app for Android that could be exploited by a malicious caller to force a call to be answered at the receiver’s end without interaction. Google Project Zero white-hat hacker Natalie Silvanovich discovered a logical vulnerability in the ...

securityaffairs.co

 

VC's Message - Release of the data breach incident report

https://www.anu.edu.au/news/all-news/vcs-message-release-of-the-data-breach-incident-report 

 

VC's Message - Release of the data breach incident report

Sent to the ANU community on 2 October 2019 ***** Dear all, You will recall when I notified you in June this year that we had been the victims of a data breach I promised to release the findings of the investigation we were conducting into the incident. That report is now available.

www.anu.edu.au

 

Hacker breached escort forums in Italy and the Netherlands and is selling user data

https://securityaffairs.co/wordpress/92375/hacking/escort-forums-hack.html 

 

Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts

https://www.justice.gov/usao-ndca/pr/former-yahoo-software-engineer-pleads-guilty-using-work-access-hack-yahoo-users 

 

Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts | USAO-NDCA | Department of Justice

SAN JOSE – Reyes Daniel Ruiz pleaded guilty in federal court in San Jose today to hacking into the accounts of thousands of Yahoo users in search of private and personal records, primarily sexual images and videos of the account holders, announced United States Attorney David L. Anderson and Federal Bureau of Investigation Special Agent in Charge John F. Bennett.

www.justice.gov

 

Data from Sephora and StreetEasy data breaches added to HIBP

https://securityaffairs.co/wordpress/92211/data-breach/sephora-streeteasy-hibp.html 

 

Data from Sephora and StreetEasy data breaches added to HIBPSecurity Affairs

The popular data breach notification service Have I Been Pwned? (HIBP) has added the stolen data from the StreetEasy and Sephora data incidents. Have I Been Pwned? (HIBP), the popular service that allows users to check whether their personal data has been compromised by data breaches has added ...

securityaffairs.co

 

Hacker is auctioning a database containing details of 92 million Brazilians

https://securityaffairs.co/wordpress/92169/data-breach/92-million-brazilians-database.html 

 

Hacker is auctioning a database containing details of 92 million BraziliansSecurity Affairs

A database containing details of 92 million Brazilians was auctioned by a threat actor on underground forums along with a search service focused on Brazilians. Someone is auctioning on several restricted underground forums a database containing personal information of 92 million Brazilian citizens ...

securityaffairs.co

 

Security Advisory for Muhstik Ransomware

https://www.qnap.com/en/security-advisory/NAS-201910-02 

 

Security Advisory for Muhstik Ransomware - Technical Advisory | QNAP

This page includes important information about technical issues that could affect specific versions of QNAP products. Please use the following information and solutions to correct the technical issues and vulnerabilities.

www.qnap.com

 

Demant A/S: Estimated financial impact of IT incident reflected in outlook

https://tools.eurolandir.com/tools/Pressreleases/GetPressRelease/?ID=3649403&lang=en-GB&companycode=dk-wdh&v=redesign 

Demant A/S: Estimated financial impact of IT incident reflected in outlook - tools.eurolandir.com

Estimated financial impact of IT incident reflected in outlook. As previously communicated in Company announcements on 3, 4 and 17 September, the Demant Group experienced a critical incident on our internal IT infrastructure on 3 September 2019.

tools.eurolandir.com

 

Ad-hoc: Rheinmetall AG: Regional disruption of production due to malware at Rheinmetall Automotive

https://www.rheinmetall.com/en/rheinmetall_ag/press/news/latest_news/index_18496.php 

Rheinmetall Group - Latest News Ad-hoc: Rheinmetall AG: Regional disruption of production due to malware at Rheinmetall Automotive

The Rheinmetall Group uses cookies saved to your device in order to optimise and continuously improve its websites, as well as for statistical purposes.For further information please refer to our imprint and our privacy policy. You can close this banner and object to the use of cookies by clicking on the "X".

www.rheinmetall.com

 

AG James Sues Dunkin' Donuts For Glazing Over Cyberattacks Targeting Thousands

https://ag.ny.gov/press-release/2019/ag-james-sues-dunkin-donuts-glazing-over-cyberattacks-targeting-thousands 

AG James Sues Dunkin' Donuts For Glazing Over Cyberattacks Targeting Thousands | New York State Attorney General

AG James Sues Dunkin’ Donuts for Glazing Over Cyberattacks Targeting Thousands Dunkin’ Failed to Undertake Investigation or Notify Nearly 20,000Impacted Customers After Being Informed of Hacked Accounts in 2015

ag.ny.gov

 

Sophos fixed a critical vulnerability in Cyberoam firewalls

https://securityaffairs.co/wordpress/92364/hacking/critical-vulnerability-cyberoam-firewalls.html 

 

Sophos fixed a critical vulnerability in Cyberoam firewallsSecurity Affairs

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network ...

securityaffairs.co

 

Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012

https://securityaffairs.co/wordpress/92315/hacking/iterm2-critical-rce.html 

 

iTerm2 macOS Terminal App is affected by a critical RCE since 2012Security Affairs

Security experts discovered a critical remote code execution vulnerability, tracked as CVE-2019-9535, in the GPL-licensed iTerm2 macOS terminal emulator app. Security experts at cybersecurity firm Radically Open Security (ROS) discovered a 7-year old critical remote code execution vulnerability in ...

securityaffairs.co

 

vBulletin addresses three new high-severity vulnerabilities

https://securityaffairs.co/wordpress/92303/hacking/vbulletin-high-severity-vulnerabilities.html 

 

vBulletin addresses three new high-severity vulnerabilitiesSecurity Affairs

vBulletin has recently published a new security patch update that addresses three high-severity vulnerabilities in the popular forum software. vBulletin has recently published a new security patch update that addresses three high-severity flaws in vBulletin 5.5.4 and prior versions. The ...

securityaffairs.co

 

D-Link router models affected by remote code execution issue that will not be fixed

https://securityaffairs.co/wordpress/92227/hacking/d-link-router-models-flaw.html 

 

D-Link router models affected by RCE issue that will not be fixedSecurity Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers.. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920.The vulnerability is an unauthenticated command injection issue that was discovered on September 2019.

securityaffairs.co

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.