Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

OSINT News - December 2, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 94

Experts discovered control systems for aircraft warning lights open onlineSecurity Affairs   clipboard_image_1.png

Aircraft warning lights, an essential component of the aviation infrastructure, but they pose a serious risk if controlled by hackers. The independent researcher Amitay Dan discovered that control panels for aircraft warning lights were exposed to the Internet, potentially allowing attackers to control them with unpredictable and catastrophic consequences.

securityaffairs.co

 

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK - TrendLabs Security Intelligence Blog

We found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group's sponsor and endanger national security. In this research brief, we show the timeline of the group's activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.

blog.trendmicro.com

 

How the NYPD's fingerprint database got shut down by a computer virus

The NYPD’s high-tech fingerprint database was temporarily brought down by a bumbling contractor with a virus-infected mini computer, The Post has learned. A contractor was setting up a digital ...

nypost.com

 

Protecting users from government-backed hacking and disinformation 

clipboard_image_2.png

 

Phishing. We’ve had a long-standing policy to send users warnings if we detect that they are the subject of state-sponsored phishing attempts, and have posted periodically about these before. From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers.

www.blog.google

 

Insights from one year of tracking a polymorphic threat - Microsoft Security    

clipboard_image_3.png

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.

www.microsoft.com

 

Trickbot Updates Password Grabber Module

First seen in 2016, Trickbot is malware that steals system information, login credentials, and other sensitive data from vulnerable Windows hosts. Trickbot is a modular malware, and one of its modules is a password grabber. In November 2019, we started seeing indicators of Trickbot's password grabber targeting data from OpenSSH and OpenVPN applications.

unit42.paloaltonetworks.com

 

RevengeHotels campaign - crooks target the hospitality industrySecurity Affairs

RevengeHotels campaign – The hospitality industry continues to be a privileged target for cybercriminals that target hotels, restaurant chains, and tourism services.. Security experts at Kaspersky have published a report on a targeted cybercrime malware campaign, tracked as RevengeHotels, that hit hotels, hostels, hospitality and tourism companies.

securityaffairs.co

 

Upbit cryptocurrency exchange hacked, crooks stole $48.5M worth of ETHSecurity Affairs

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 million in cryptocurrency.. The South Korean cryptocurrency exchange Upbit disclosed a security breach, the company told its customers that hackers have stolen $48.5 million in crypto-currency from its hot wallet.

securityaffairs.co

 

Full(z) House Magecart group mix phishing and MiTM in its attacksSecurity Affairs

A group under the Magecart umbrella adopted a new tactic that leverages on MiTM and phishing attacks to target sites using external payment processors. The Full (z) House group started using a hybrid technique in August-September of 2019. Hacker groups under the Magecart umbrella continue to target ...

securityaffairs.co

 

PoC exploit code for Apache Solr RCE flaw is available onlineSecurity Affairs

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open ...

securityaffairs.co

 

After 1 Million of malware samples analyzedSecurity Affairs

After almost one year of fully automated static analyzed samples through Yara rules, Malware Hunter analyzed more than one Million samples, distributed in the following way. Malware Analyses Distribution It looks like on April 2019 the engine extracted and analyzed a small set of samples if compared ...

securityaffairs.co

 

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gatewaysSecurity Affairs

Crooks behind the Raccoon Stealer have adopted a simple and effective technique to circumvent popular anti-spam messaging gateways. Cybercriminals behind the Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways.. The Raccoon stealer was first spotted in April, it was designed to steal victims’ credit card data, email ...

securityaffairs.co

 

Law enforcement agencies arrested 79 people involved in fraudulent online purchases of flight ticketsSecurity Affairs

Law enforcement agencies arrested 79 people worldwide as part of the Global Airline Action Days operation to fight fraudulent online purchases of flight tickets An international operation of law enforcement to fight fraudulent online purchases of flight tickets resulted in the arrest of 79 people as ...

securityaffairs.co

 

Some Fortinet products used hardcoded keys and weak encryptionSecurity Affairs

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications.. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web ...

securityaffairs.co

 

110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ...

krebsonsecurity.com

 

Great Plains center hit by ransomware attack ... ... ...Security Affairs

A few days ago the Great Plains center was hit by a ransomware attack that forced its staff to to pen and paper. A few days ago the Great Plains Health medical center was hit by a ransomware attack that forced its staff to switch to pen and paper.A few days ago the Great Plains center was hit by a ransomware attack that forced its staff to to pen and paper.

securityaffairs.co

 

Dutch NCSC warns ransomware infected thousands of businessesSecurity Affairs

According to a confidential report from the Dutch National Cyber Security Centre (NCSC), at least 1,800 companies were infected with 3 ransomware. A confidential report published by the Dutch National Cyber Security Centre (NCSC) revealed that at least 1,800 companies are affected by three strain s ...

securityaffairs.co

 

A Ransomware infected the network of the cybersecurity firm ProsegurSecurity Affairs

A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it.. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform.

securityaffairs.co

 

Livingston School District hit by a ransomware attackSecurity Affairs

Livingston School District in New Jersey is the last victim of a ransomware attack that caused a two hour delayed opening. Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. A new ransomware attack hit a school district in ...

 

Adobe revealed that the Magento Marketplace was hackedSecurity Affairs

Hackers accessed data of registered users and developers that registered on the portal to sell their plugins and themes. Exposed data include name, email, store username (MageID), billing and shopping addresses, phone number, and some commercial information, while financial data and passwords were not compromised.

securityaffairs.co

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.