OSINT News - December 11, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 1,180
0 Likes

Iran-Linked APTs target energy, industrial sectors with ZeroCleare WiperSecurity Affairs

Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file ...

securityaffairs.co

 

Clop Ransomware attempts to disable Win Defender and MalwarebytesSecurity Affairs

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems.. The malicious code executes a small program, just before starting the encryption ...

securityaffairs.co

 

Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED

For the last decade, the hackers behind Evil Corp have led a sustained assault on the bank accounts of thousands of victims across dozens of countries. By steadily evolving malware known as Bugat ...

www.wired.com

 

Microsoft Security Intelligence Report

Welcome to the interactive Microsoft Security Intelligence Report. We created this site as a complement to our annual report to enable you to dig into the data in more detail. Some key highlighted takeaways may differ from the written report as we add new data monthly. Come back and visit often to ...

www.microsoft.com

 

Incident Response Casefile – A successful BEC leveraging lookalike domains - Check Point Research

By Matan Ben David, Incident response Analyst Imagine that you’re the owner of a startup and waiting for a million-dollar seed round of funding, only it never shows up in your bank account. Or imagine you’re the head of a venture capital firm who believes you’ve wired investment funds to one of the startups in... Click to Read More

research.checkpoint.com

 

Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet

Two malicious Python libraries caught stealing SSH and GPG keys. One library was available for only two days, but the second was live for nearly a year.

www.zdnet.com

 

iOS Device Acquisition with checkra1n Jailbreak | ElcomSoft blog

We've just announced a major update to iOS Forensic Toolkit, now supporting the full range of devices that can be exploited with the unpatchable checkra1n jailbreak. Why is the checkra1n jailbreak so important for the forensic community, and what new opportunities in acquiring Apple devices does it

blog.elcomsoft.com

 

StrandHogg: Serious Android vulnerability leaves most apps vulnerable to attacks.

The vulnerability makes it possible for a malicious app to ask for permissions while pretending to be the legitimate app. An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.

promon.co

 

30 506 internet domain names shut down for intellectual property infringement | Europol

Law enforcement authorities from 18 EU Member States1 and third parties in a joint investigation with Europol and the US National Intellectual Property Rights Coordination Centre 2, facilitated by Eurojust and INTERPOL, have seized over 30 506 domain names that distributed counterfeit and pirated items over the internet during oper

www.europol.europa.eu

 

Website of gunmaker Smith & Wesson hit by a Magecart attackSecurity Affairs

The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer.. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal customers’ payment card data.

securityaffairs.co

 

Experts reported DLL hijacking issues in Kaspersky, Trend Micro productsSecurity Affairs

Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application ...

securityaffairs.co

 

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter • The Register

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter Lazarus group goes back to the Apple orchard with new macOS trojan

www.theregister.co.uk

 

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) | FireEye Inc

Etienne Stalmans, a developer of SensePost’s RULER and the credited responsible discloser of CVE-2017-11774, chimed in about similar concerns on the patch that were re-raised after seeing a September 2018 blog post about applying the same technique to Outlook Today’s home page that is stored at HKCU\Software\Microsoft\Office\<Outlook Version>\Outlook\Today\UserDefinedUrl.

www.fireeye.com

 

CyrusOne, one of the major US data center provider, hit by ransomwareSecurity Affairs

Ransomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware.. The company reported the incident to law enforcement, it hired forensics firms to ...

securityaffairs.co

 

TrueDialog database leaked online tens of millions of SMS text messagesSecurity Affairs

Millions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. The company currently works with over 990 cell phone operators and has more than 5 billion subscribers. “Aside from private text messages, our team ...

securityaffairs.co

 

Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware | OPA | Department of Justice

The United States of America, through its Departments of Justice and State, and the United Kingdom, through its National Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud ...

www.justice.gov

 

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, UnixSecurity Affairs

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. Researchers from the University of New Mexico have discovered a vulnerability, tracked as CVE-2019-14899, that can be exploited by an attacker to determine if a user is connected to a VPN and hijack active TCP connections in a VPN tunnel.

securityaffairs.co

 

OpenBSD addresses authentication bypass, privilege escalation issuesSecurity Affairs

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three ...

securityaffairs.co

 

Talos experts found a critical RCE in GoAhead Web ServerSecurity Affairs

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.

securityaffairs.co

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.