OSINT News - February 10, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 132
0 Likes

Emotet Evolves With New Wi-Fi Spreader

https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ 

COEST_1-1581263734860.jpeg

 

Emotet Evolves With new Wi-Fi Spreader - Binary Defense

Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. Recently, Binary Defense has identified a new loader type that […]

www.binarydefense.com

 

---

Police are warning crooks are using cleaners to compromise businesses

https://securityaffairs.co/wordpress/97254/cyber-crime/crooks-using-cleaners-hack-firms.html 

COEST_2-1581263734877.jpeg

 

Police are warning crooks are using cleaners to compromise businessesSecurity Affairs

Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them. The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physical access IT infrastructure and hack them. The police are urging organizations to […]

securityaffairs.co

 

---

Forging SWIFT MT Payment Messages for fun and pr... research!

https://labs.f-secure.com/blog/forging-swift-mt-payment-messages 

Forging SWIFT MT Payment Messages for fun and pr... research!

TLDR: With a bit of research and support we were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message, and leveraging specific system trust relationships to do the hard work for us! Prologue. Before we begin: This research is based on work we performed in close-collaboration ...

labs.f-secure.com

 

---

STOMP 2 DIS: Brilliance in the (Visual) Basics

https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html 

COEST_3-1581263734881.png

 

STOMP 2 DIS: Brilliance in the (Visual) Basics | FireEye Inc

After executing all commands in the response, the sample sleeps for the designated C2 beacon-interval time. It repeats the process outlined above to send the next C2 beacon.

www.fireeye.com

 

---

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ 

COEST_4-1581263734970.png

 

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

Executive Summary. On September 10, 2019, we observed unknown threat actors exploiting a vulnerability in SharePoint described in CVE-2019-0604 to install several webshells on the website of a Middle East government organization. One of these webshells is the open source AntSword webshell freely available on Github, which is remarkably similar to the infamous China Chopper webshell.

unit42.paloaltonetworks.com

 

---

Critical Android Bluetooth flaw CVE-2020-0022 could be exploited without user interaction

https://securityaffairs.co/wordpress/97421/cyber-crime/cve-2020-0022-android-bluetooth-flaw.html 

COEST_5-1581263734976.jpeg

 

Critical Android Bluetooth flaw CVE-2020-0022 could be exploited without user interactionSecurity Affairs

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution flaw that could […]

securityaffairs.co

 

---

Living off another land: Ransomware borrows vulnerable driver to remove security software

https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/ 

Living off another land: Ransomware borrows vulnerable driver to remove security software – Sophos News

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack.

news.sophos.com

 

---

Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses (CVE-2019-19705)

https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705 

COEST_6-1581263735060.jpeg

 

Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses (CVE-2019-19705)

Peleg Hadar Security Researcher, SafeBreach Labs Introduction SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realte…

safebreach.com

 

---

Ghost in the shell: Investigating web shell attacks

https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/ 

COEST_7-1581263735129.png

 

Ghost in the shell: Investigating web shell attacks - Microsoft Security

Detection and Response Team (DART) Microsoft Defender ATP Research Team Microsoft Threat Intelligence Center (MSTIC) Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the ...

www.microsoft.com

 

---

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/ 

COEST_8-1581263735140.jpeg

 

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

tl;dr: This is the story of how I found and helped Facebook patch multiple critical security flaws in WhatsApp (CVE-2019-18426), all the way from a simple Open-Redirect through a Persistent-XSS and CSP-bypass to a full cross platforms Read From The Local File System on both Windows and Mac!

www.perimeterx.com

 

---

cdpwn – Millions of devices at risk due to flaws in implementations of Cisco Discovery Protocol (CDP)

https://securityaffairs.co/wordpress/97407/hacking/cdpwn-cdp-flaws.html 

COEST_9-1581263735149.png

 

cdpwn - Millions of devices at risk due to flaws in implementations of Cisco Discovery Protocol (CDP)Security Affairs

A set of vulnerabilities in the Cisco Discovery Protocol (CDP) exposes tens of millions of devices to the risk of cyber attacks. Researchers at IoT security firm Armis discovered a set of five serious vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) protocol. The experts tracked the set as CDPwn and warned that the […]

securityaffairs.co

 

---

Hackers abuse BitBucket to infect 500K+ hosts with arsenal of malware

https://securityaffairs.co/wordpress/97357/cyber-crime/bitbucket-malware-attack.html 

Hackers abuse BitBucket to infect 500K+ hosts with arsenal of malwareSecurity Affairs

Experts discovered some Bitbucket repositories linked to each other hosting the same p iece of malware with the same names, the operators behind this campaign in some cases p rovided updates as often as three hours. “Through research of other samples related to the campaign, we have identified additional Bitbucket repositories that are likely created by the same threat actor with the same ...

securityaffairs.co

 

---

Facebook fixed a WhatsApp bug that allowed hackers to access local file system

https://securityaffairs.co/wordpress/97331/hacking/whatsapp-bug-fixed.html 

FB fixed a WhatsApp bug that allowed hackers to access local file systemSecurity Affairs

Facebook addressed a critical issue in WhatsApp that would have allowed attackers to read files from a user’s local file system, on macOS and Windows. Facebook has addressed a critical vulnerability in WhatsApp, tracked as CVE-2019-18426, that would have allowed hackers to read files from a user’s local file system, on macOS and Windows systems. […]

securityaffairs.co

 

---

NCA arrested six men in UK over Malta Bank Cyber-Heist

https://securityaffairs.co/wordpress/97275/breaking-news/malta-bank-cyber-heist.html 

NCA arrested six men in UK over Malta Bank Cyber-HeistSecurity Affairs

Last week NCA arrested six individuals in the United Kingdom because they are suspected to be involved in a Malta cyber-heist and money laundering operation. Britain’s National Crime Agency (NCA) arrested six individuals in the United Kingdom because they are accused to be involved in a cyber-heist of a Malta bank and money laundering operation. […]

securityaffairs.co

 

---

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

https://securityaffairs.co/wordpress/97226/hacking/nsc-linear-emerge-e3-hack.html 

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacksSecurity Affairs

Hackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting a severe vulnerability that has yet to be fixed.. L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices.

securityaffairs.co

 

---

Apollon Darknet market is allegedly pulling an exit scam

https://securityaffairs.co/wordpress/97208/deep-web/apollon-market-exit-scam.html 

Apollon Darknet market is allegedly pulling an exit scamSecurity Affairs

The Apollon market, one of the largest marketplaces, is likely exit scamming after the administrators have locked vendors’ accounts. The Apollon market, one of the darknet’s largest marketplaces, is likely exit scamming, vendors and customers reported suspicious behavior of its administrators. Users on Reddit are reporting that vendors can’t withdrawal funds nor sign into their […]

securityaffairs.co

 

---

The city of Racine was offline following a ransomware attack

https://securityaffairs.co/wordpress/97310/malware/city-racine-ransomware-attack.html 

The city of Racine was offline following a ransomware attack - Security AffairsSecurity Affairs

The city of Racine joins to the long string of US municipalities that were hit with ransomware attack, it was forced offline following the infection. The city of Racine, Wisconsin, was hit with a ransomware, the incident took place on January 31, 2020. Most of non-emergency computer services of the city went offline following the […]

securityaffairs.co

 

---

Toll Group shuts down some online systems after ransomware attack

https://securityaffairs.co/wordpress/97297/cyber-crime/toll-group-ransomware-attack.html 

Toll Group shuts down some online systems after ransomware attackSecurity Affairs

The Australian transportation and logistics giant Toll Group has suffered a ransomware attack that forced it to shut down part of its services. The Australian transportation and logistics giant Toll Group was victim of a ransomware attack, in response to the incident the company has shut down some of its online services. The Toll Group is an […]

securityaffairs.co

 

---

Ransomware brought down services of popular TV search engine TVEyes

https://securityaffairs.co/wordpress/97240/malware/tveyes-ransomware-infection.html 

Ransomware brought down services of popular TV search engine TVEyesSecurity Affairs

TVEyes was brought down after its core server and engineering workstations were infected with a ransomware attack, company CEO confirmed.. TVEyes is a company that manages a popular platform for monitoring TV and radio news broadcasts, it is used worldwide by PR agencies and newsrooms.. On Thursday night, a ransomware attack hit the company network causing an outage of its multimedia messaging ...

securityaffairs.co

 

---

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

https://securityaffairs.co/wordpress/97445/data-breach/pasco-kobe-steel-breaches.html 

Japan defense contractors Pasco and Kobe Steel disclose breachesSecurity Affairs

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. Just last week, Japan’s Ministry of Defense announced in addition to Mitsubishi Electric and the NEC defense business division […]

securityaffairs.co

 

---

Pabbly Email Marketing Exposes 51.2 Million Records Online

https://securitydiscovery.com/pabbly-email-marketing/ 

Pabbly Email Marketing Exposes 51.2 Million Records Online - Security Discovery

Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential customers. In the modern world of over priced pay per click ads targeted email marketing lists are the holy grail of an organization’s marketing strategy.

securitydiscovery.com

 

---

Sudo CVE-2019-18634 flaw allows Non-Privileged Linux and macOS Users run commands as Root

https://securityaffairs.co/wordpress/97265/breaking-news/sudo-cve-2019-18634-flaw.html 

Sudo CVE-2019-18634 flaw allows Non-Privileged Linux and macOS Users run commands as RootSecurity Affairs

Apple researcher discovered an important vulnerability (CVE-2019-18634) in ‘sudo’ utility that allows non-privileged Linux and macOS users to run commands as Root. Security expert Joe Vennix from Apple has discovered an important vulnerability in ‘sudo‘ utility, tracked as CVE-2019-18634, that allows non-privileged Linux and macOS users to run commands as Root. The issue could be […]

securityaffairs.co

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.