OSINT News - December 16, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 1,357
0 Likes

Iran announced it foiled 'really massive' foreign cyber attackSecurity Affairs

Iran telecommunications minister announced that the Islamic republic had recently thwarted a “highly organized cyber attack” targeting government infrastructure. The Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced today that the Islamic Republic had recently thwarted ...

securityaffairs.co

 

Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT - SentinelLabs

Vitali Kremez leads SentinelLabs. He specializes in researching and investigating complex cyberattacks, network intrusions, data breaches, and hacking incidents mainly emanating from the Eastern European cybercriminal ecosystem.

labs.sentinelone.com         

 

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect ...

www.microsoft.com

 

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium | Securelist

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as well as escaping ...

securelist.com

 

Russian police raid NGINX Moscow office | ZDNet

Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet's most popular web server technology. Equipment was seized and ...

www.zdnet.com

 

The FireEye Approach to Operational Technology Security | FireEye Inc

Today FireEye launches the Cyber Physical Threat Intelligence subscription, which provides cyber security professionals with unmatched context, data and actionable analysis on threats and risk to cyber physical systems.

www.fireeye.com

 

Flaws in Siemens SPPA-T3000 expose power plants to hackSecurity Affairs

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attack fossil and renewable power plants.. Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues.

securityaffairs.co

 

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets | WIRED

"Writing to memory takes power," says Flavio Garcia, a computer scientist at the University of Birmingham who, along with his colleagues, will present the Plundervolt research at IEEE Security and ...

www.wired.com

 

Cyber Attack Halts Radiation Treatment By Oahu Cancer Center

A cyber security breach temporarily halted cancer radiation treatment services at The Cancer Center of Hawaii on Oahu, the center acknowledged today. The company, which conducts radiation ...

www.civilbeat.org

 

City of Pensacola hit by a cyberattack few days after military base shootingSecurity Affairs

The city of Pensacola, Florida, had been hit by a cyberattack, just days after a Saudi officer killed three American sailors at the city’s naval base.. The city of Pensacola has been hit by a cyber attack over the weekend, the incident took place around 1:30 a.m. on Saturday. City IT staff has been working to restore the network, but some services are still down.

securityaffairs.co

 

New 'PyXie' Python RAT targets multiple industriesSecurity Affairs

The threat actors behind PyXie were observed attempting to deliver ransomware to the healthcare and education industries with this new RAT. Attackers used legitimate LogMeIn and Google binaries to sideload payloads in the first stage of the attack chain, then a second stage malware gathers information on the victim machine, gain persistence . As part of the PyXie attacks, legitimate LogMeIn ...

securityaffairs.co

 

China 3-5-2 directive orders state offices to remove foreign technologySecurity Affairs

3-5-2 Directive – The Chinese government s to replace foreign hardware and software with its national technology within the next three years. Officials from the Beijing government ordered all government offices and public institutions to replace foreign hardware and software with Chinese solutions ...

securityaffairs.co

 

Hundreds of counterfeit online shoe stores injected with credit card skimmer | Malwarebytes Labs

There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer.

blog.malwarebytes.com

 

Caution! Ryuk Ransomware decryptor damages larger files, even if you pay | Emsisoft | Security Blog

In one of the latest versions of Ryuk, changes were made to the way the length of the footer is calculated. As a result, the decryptor provided by the Ryuk authors will truncate files, cutting off one too many bytes in the process of decrypting the file.

blog.emsisoft.com

 

Snatch ransomware reboots PCs into Safe Mode to bypass protection – Sophos News

The Sophos Managed Threat Response (MTR) team and SophosLabs researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process.

news.sophos.com

 

Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has ...

krebsonsecurity.com

 

Zeppelin Ransomware targets Tech and Health CompaniesSecurity Affairs

Experts found a new variant of the Vega ransomware, dubbed Zeppelin, targeting technology and healthcare companies across Europe, the US, and Canada. Experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin, that was recently involved in attacks aimed at technology and ...

securityaffairs.co

 

Another Ransomware Will Now Publish Victims' Data If Not Paid

Another Ransomware Will Now Publish Victims' Data If Not Paid. Google Achieves Its Goal of Erasing the WWW Subdomain From Chrome. Microsoft Warns of GALLIUM Threat Group Attacking Global Telcos

www.bleepingcomputer.com

 

Maze Ransomware Demands $6 Million Ransom From Southwire

Maze Ransomware Demands $6 Million Ransom From Southwire. Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards. Microsoft Office 365 to Add Reply-All Mail Storm Protection

www.bleepingcomputer.com

 

VISA warns of cyber attacks on PoS systems of fuel dispenser merchantsSecurity Affairs

VISA is warning of ongoing targeted cyber attacks conducted by crooks on point-of-sale (POS) systems of North American fuel dispenser merchants. According to a security alert published by VISA, the PoS systems of North American fuel dispenser merchants are under attack. Visa Payment Fraud ...

securityaffairs.co

 

AirDoS attack could make iPhones, iPads unusable via AirDrop attackSecurity Affairs

This week, Apple addressed a flaw that can be exploited to trigger a DoS condition (AirDoS) iPhones and iPads by forcing them to continuously display a popup message.. The denial-of-service (DoS) attack was discovered by . The security researcher Kishan Bagaria devised a DoS attack dubbed the AirDoS that works against iPhone, iPad, Mac and iPod.. The AirDoS technique allows to remotely render ...

securityaffairs.co

 

460,000+ payment card details offered for sale on a black marketSecurity Affairs

More than 455,000 Turkish payment card details are available for sale on a popular forum . Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected a massive upload of debit and credit card records mostly related to the largest Turkish banks on one of the most popular underground cardshops.More than 460,000 records in total were uploaded ...

securityaffairs.co

 

Unsecured AWS bucket exposes over 750,000 birth certificate applicationsSecurity Affairs

A massive data leak made the headlines, over 750,000 birth certificate applications have been exposed online due to an unsecured AWS bucket. Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured ...

securityaffairs.co

 

CRTC issues $115,000 in penalties to stop the spread of malicious software

OTTAWA and GATINEAU, QC, Dec. 10, 2019 /CNW/ - The CRTC's Chief Compliance and Enforcement Officer today issued a penalty of $100,000 to John Paul Revesz and Vincent Leo Griebel, partners ...

www.newswire.ca

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.