OSINT News - August 3rd, by Bart Otten

Community Manager Community Manager
Community Manager
0 0 144
0 Likes

Lazarus on the hunt for big game

https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ 

COEST_0-1596546927063.jpeg

 

Lazarus on the hunt for big game | Securelist

We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks.

securelist.com

 

---

WhatsApp confirms Catalan politician's phone was target of 2019 attack

https://www.theguardian.com/technology/2020/jul/28/whatsapp-confirms-catalan-politicians-phone-was-target-of-2019-attack 

WhatsApp confirms Catalan politician's phone was target of 2019 attack | WhatsApp | The Guardian

WhatsApp has confirmed that the mobile phone of a leading pro-independence politician in Catalonia was targeted over its messaging app in a 2019 attack that has been condemned as a possible case ...

www.theguardian.com

 

---

Doki, an undetectable Linux backdoor targets Docker Servers

https://securityaffairs.co/wordpress/106519/malware/doki-linux-backdoor-docker.html 

COEST_1-1596546927070.png

 

Doki, an undetectable Linux backdoor targets Docker Servers--Security Affairs

Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware, dubbed Doki, that exploits undocumented evasion techniques while targeting publicly accessible Docker servers. The ongoing Ngrok mining botnet campaign is ...

securityaffairs.co

 

---

How to Survive a Ransomware Attack Without Paying the Ransom

https://www.bloomberg.com/news/features/2020-07-23/how-to-survive-ransomware-attack-without-paying-ransom 

COEST_2-1596546927092.jpeg

 

How to Survive Ransomware Attack Without Paying Ransom - Bloomberg

At around midnight Oslo time on March 19, 2019, computers owned by Norsk Hydro ASA, a large aluminum manufacturer, started encrypting files and going offline en masse. It took two hours before a ...

www.bloomberg.com

 

---

There’s a hole in the boot

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ 

There’s a Hole in the Boot - Eclypsium

“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with Secure Boot must release new installers and bootloaders. Join Eclypsium for a webinar "Managing The Hole In Secure Boot" on August 5th, where CEO Yuriy Bulygin and…

eclypsium.com

 

---

REMnux 7, a Linux toolkit for malware analysts released

https://securityaffairs.co/wordpress/106380/malware/remnux-malware-analysis.html

COEST_3-1596546927096.jpeg

 

REMnux 7, a Linux toolkit for malware analysts released--Security Affairs

REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware. The toolkit was first […]

securityaffairs.co

 

---

Expert discloses details of 3 Tor zero-day flaws … new ones to come

https://securityaffairs.co/wordpress/106567/hacking/tor-zero-day-flaws.html 

COEST_4-1596546927099.jpeg

 

Expert discloses details of 3 Tor zero-day flaws ... new ones to come--Security Affairs

The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more. Oppressive regimes could exploit these Tor zero-day flaws to prevent users from […]

securityaffairs.co

 

---

[PDF] ESET Threat Report Q2 2020

https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf 

---

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

https://us-cert.cisa.gov/ncas/alerts/aa20-209a 

Potential Legacy Risk from Malware Targeting QNAP NAS Devices | CISA

This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

us-cert.cisa.gov

 

---

‘Curveball’ cyber attack leaves Australian TV networks in the dark

https://www.smh.com.au/culture/tv-and-radio/curveball-cyber-attack-leaves-australian-tv-networks-in-the-dark-20200724-p55f4o.html 

Nielsen cyber attack: Australian TV networks in the dark after hack

A cyber attack on market researcher Neilson could leave Australian television networks in the dark about the success of their three big-budget reality shows, which will go head-to-head for the ...

www.smh.com.au

 

---

Hacking IoT & RF Devices with BürtleinaBoard

https://securityaffairs.co/wordpress/106477/hacking/hacking-iot-rf-devices-burtleinaboard.html 

COEST_5-1596546927104.jpeg

 

Hacking IoT & RF Devices with BürtleinaBoard .... ....Security Affairs

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Disclaimer: due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard 😛 Few months ago I have presented #FocacciaBoard: a similar multipurpose breakout board […]

securityaffairs.co

 

---

DJI Android GO 4 application security analysis

https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html 

DJI Android GO 4 application security analysis | Synacktiv

Drones are currently one of the most dynamic products, with multiple use cases across sectors such as personal and commercial videography, farming and land surveying, law enforcement and national security, and more. One of the market leaders, China-based Daijiang Innovations (DJI), is often in the news for suspected cybersecurity and data privacy issues

www.synacktiv.com

 

---

Hacker, 22, seeks LTR with your data: vulnerabilities found on popular OkCupid dating app

https://research.checkpoint.com/2020/hacker-22-seeks-ltr-with-your-data-vulnerabilities-found-on-popular-okcupid-dating-app/ 

COEST_6-1596546927136.jpeg

 

Hacker, 22, seeks LTR with your data: vulnerabilities found on popular OkCupid dating app - Check Point Research

Mobile Platform. We began our research with some reverse engineering the OkCupid Android Mobile application (v40.3.1 on Android 6.0.1). During the reversing process, we discovered that the application is opening a WebView (and enables JavaScript to execute in the context of the WebView window) and loads remote URLs such as https://OkCupid.com, https://www.OkCupid.com, https://OkCupid.onelink ...

research.checkpoint.com

 

---

 

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

https://securityaffairs.co/wordpress/106590/data-breach/indieflix-streaming-data-leak.html 

COEST_7-1596546927139.png

 

IndieFlix streaming service leaves confidential data on public server--Security Affairs

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server; EU has imposed sanctions on foreign actors for the first time ever

securityaffairs.co

 

---

ShinyHunters leaked over 386 million user records from 18 companies

https://securityaffairs.co/wordpress/106504/data-breach/shinyhunters-data-leak.html 

COEST_8-1596546927142.jpeg

 

ShinyHunters leaked over 386 million user records from 18 companies--Security Affairs

The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app Dave.com disclosed a security […]

securityaffairs.co

 

---

Nefilim ransomware operators leaked data alleged stolen from the Dussmann group

https://securityaffairs.co/wordpress/106487/data-breach/dussmann-group-nefilim-ransomware.html 

COEST_9-1596546927151.png

 

Nefilim ransomware crew leaked data alleged stolen from Dussmann group--Security Affairs

Researchers from threat intelligence firm Cyble reported that Nefilim ransomware operators allegedly targeted the Dussmann group, the German largest private multi-service provider. The Dussmann Group has over 64,500 employees in 22 countries, it ...

securityaffairs.co

 

---

Canadian MSP discloses data breach, failed ransomware attack

https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/ 

Canadian MSP discloses data breach, failed ransomware attack

Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers.

www.bleepingcomputer.com

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.