OSINT News - February 17, by Bart Otten

Micro Focus Expert
Micro Focus Expert
0 0 219
0 Likes

 

blog.pngFBI warns about ongoing attacks against software supply chain companies | ZDNet

FBI warns about ongoing attacks against software supply chain companies. Exclusive: FBI alerts US private sectors about attacks aimed at their supply chain software providers.

www.zdnet.com

 

---

MA-770.022020: MyCERT Advisory - Espionage campaign targeting Malaysia government officials

https://www.mycert.org.my/portal/advisory?id=MA-770.022020 

MyCERT : Advisories - Espionage campaign targeting Malaysia government officials

Malaysia Computer Emergency Response Team MyCERT

www.mycert.org.my

---

Suspected Sapphire Mushroom (APT-C-12) malicious LNK files

https://bitofhex.com/2020/02/10/sapphire-mushroom-lnk-files/ 

Suspected Sapphire Mushroom (APT-C-12) malicious LNK files | bit_of_hex

Analysis indicates one of these samples is very similar to the same analysed in the 360 TIC report (of which the hash was not released) and the other four were previously unreported.

bitofhex.com

 

---

Threat actors attempt to capitalize on coronavirus outbreak

https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html 

 

 

Threat actors attempt to capitalize on coronavirus outbreak

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

blog.talosintelligence.com

 

---

Goblin Panda APT: Recent infrastructure and RAT analysis

https://meltx0r.github.io/tech/2020/02/12/goblin-panda-apt.html 

02/12/2020 - Goblin Panda APT: Recent infrastructure and RAT analysis

Threat Intelligence, Research, and Analysis.

meltx0r.github.io

 

---

2019 Internet Crime Report Released | Data Reflects an Evolving Threat and the Importance of Reporting

https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120 

 

 

2019 Internet Crime Report Released — FBI

Internet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center (IC3) in its 2019 Internet Crime Report. The last calendar ...

www.fbi.gov

 

---

[PDF] Malwarebytes labs | 2020 State of Malware Report

https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf 

PRESENTS 2020 State of Malware Report

It was the last year of the 2010s, and cybercriminals let the world know they meant business. From an increase in enterprise-focused threats to diversification

resources.malwarebytes.com

 

---

Massive DDoS attack brought down 25% Iranian Internet connectivity

https://securityaffairs.co/wordpress/97559/breaking-news/iran-internet-access-outage.html 

 

 

Massive DDoS attack brought down 25% Iranian Internet connectivitySecurity Affairs

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The NetBlocks internet observatory, which […]

securityaffairs.co

 

---

The number of cyber attacks on Saudi Aramco is increasing

https://securityaffairs.co/wordpress/97527/breaking-news/saudi-aramco-under-attack.html 

 

 

The number of cyber attacks on Saudi Aramco is increasingSecurity Affairs

Saudi Aramco, the Saudi Arabian national petroleum and natural gas company, revealed that it has seen an increase in attempted cyber attacks since the Q4 2019. The energy industry is under attack, Saudi Aramco announced it has seen an increase in attempted cyber attacks since the final quarter of 2019. The data is alarming, even […]

securityaffairs.co

 

---

Wireshark Tutorial: Examining Qakbot Infections

https://unit42.paloaltonetworks.com/tutorial-qakbot-infection/ 

 

 

Wireshark Tutorial: Examining Qakbot Infections

Overview. Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections.

unit42.paloaltonetworks.com

 

---

Three Italian universities hacked by LulzSec_ITA collective

https://securityaffairs.co/wordpress/97802/breaking-news/lulzsec-ita-hacked-italian-universities.html 

 

 

Three Italian universities hacked by LulzSec ITA collectiveSecurity Affairs

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. The hacktivists claim that once hacked the universities did not disclose the data […]

securityaffairs.co

 

---

Security Researchers Partner With Chrome To Take Down Browser Extension Fraud Network Affecting Millions of Users

https://duo.com/labs/research/crxcavator-malvertising-2020 

 

 

Security researchers partner with Chrome to take down browser extension fraud network affecting millions of users. | Duo Security

01. Introduction. Cisco’s Duo Security released CRXcavator, our automated Chrome extension security assessment tool, for free last year in order to reduce the risk that Chrome extensions present to organizations and to enable others to build on our research to create a safer Chrome extension ecosystem for all.. In a perfect example of the research we hoped to facilitate, security researcher ...

duo.com

 

---

KBOT: sometimes they come back

https://securelist.com/kbot-sometimes-they-come-back/96157/ 

 

 

KBOT: sometimes they come back | Securelist

At the end of the polymorphic code is a classic piece of code for obtaining the kernel32.dll base: Next, the API address of the VirtualProtect function is retrieved and used to set permissions to write and execute encrypted virus data located at the end of the above-mentioned .rsrc, .data, and .rdata sections. The data is decrypted, and the switch to the relevant code is made:

securelist.com

 

---

OT attacks increased by over 2000 percent in 2019, IBM reports

https://securityaffairs.co/wordpress/97653/malware/ot-attacks-increased-2019.html 

OT attacks increased by over 2000 percent in 2019, IBM reports - Security AffairsSecurity Affairs

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware.. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks.

securityaffairs.co

 

---

PoS malware infected systems at 71 locations operated by US store chain Rutter’s

https://securityaffairs.co/wordpress/97831/data-breach/rutters-pos-malware.html 

PoS malware infected systems at US store chain Rutter’sSecurity Affairs

US store chain Rutter disclosed a security breach, 71 locations were infected with a point-of-sale (POS) malware used to steal customers’ credit card information. The Rutter’s, a U.S. convenience store, fast food restaurant, and gas station chain owner, has disclosed a security breach. The company confirmed that attackers gained access to its stores’ network system […]

securityaffairs.co

 

---

Report: The cost of ransomware in 2020. A country-by-country analysis

https://blog.emsisoft.com/en/35583/report-the-cost-of-ransomware-in-2020-a-country-by-country-analysis/ 

Report: The cost of ransomware in 2020. A country-by-country analysis | Emsisoft | Security Blog

In The State of Ransomware in the US: Report and Statistics 2019, we examined the number of ransomware attacks on the U.S. public sector and the cost of those attacks.In this report, we will examine the number of attacks on both the public and private sectors for a number of countries and estimate the cost, including the cost of downtime, of those attacks on a country-by-country basis as well ...

blog.emsisoft.com

 

---

Safer internet day – Cybercrime facts Infographic

https://securityaffairs.co/wordpress/97639/cyber-crime/safer-internet-day-cybercrime-infographic.html 

Safer internet day - Cybercrime facts Infographic ...Security Affairs

Dear readers, I decided to create a simple Infographic that shows Cybercrime facts in 2019, I’ve done it for Safer Internet Day 2020. Enjoy it! Pierluigi Paganini (SecurityAffairs – cybercrime, hacking)

securityaffairs.co

 

---

Mobile Phishing Campaign Uses over 200 Pages to Spoof Bank Sites

https://www.bleepingcomputer.com/news/security/mobile-phishing-campaign-uses-over-200-pages-to-spoof-bank-sites/ 

Mobile Phishing Campaign Uses over 200 Pages to Spoof Bank Sites

Mobile Phishing Campaign Uses over 200 Pages to Spoof Bank Sites. US Govt Updates Info on North Korean Malware. Tech Conferences in Asia On Hold Due To Coronavirus Outbreak

www.bleepingcomputer.com

 

---

Report: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak

https://www.vpnmentor.com/blog/report-nextmotion-leak/ 

Report: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company

www.vpnmentor.com

 

---

Report: Inmates’ Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses

https://www.vpnmentor.com/blog/report-jailcore-leak/ 

Report: Inmates’ Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses

The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with 36,077 files of visible data on an Amazon server, belonging to JailCore.

www.vpnmentor.com

 

---

Estee Lauder Exposed 440 Million Records Online

https://securitydiscovery.com/estee-lauder/ 

Estee Lauder Exposed 440 Million Records Online - Security Discovery

On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder.

securitydiscovery.com

 

---

Nedbank client data compromised in security breach at third-party provider

https://securityaffairs.co/wordpress/97840/breaking-news/nedbank-third-party-provider-breach.html 

Nedbank client data compromised in security breach at third-party providerSecurity Affairs

Nedbank bank announced on Thursday that a security breach at a third-party supplier has compromised the details of as many as 1.7 million of its clients. Nedbank bank disclosed on Thursday a security breach at a third-party supplier that has compromised the details of as many as 1.7 million of its clients. The bank revealed that […]

securityaffairs.co

 

---

Netanyahu’s party Elector app exposes data on over 6.5M Israelis

https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html 

Netanyahu's party Elector app exposes data on over 6.5M IsraelisSecurity Affairs

A misconfiguration in the Elector election day app developed by Likud, the Netanyahu’s party might have exposed data on over 6.5 million Israelis. A misconfiguration in an election day app developed by the N etanyahu’s party L ikud, might have exposed p ersonal details of over 6.5 million ...

securityaffairs.co

 

---

1.2 million CPR numbers for Danish citizen leaked through tax service

https://securityaffairs.co/wordpress/97571/data-breach/1-2m-cpr-numbers-leak.html 

1.2 million CPR numbers for Danish citizen leaked through tax serviceSecurity Affairs

A glitch in the TastSelv Borger ta x service has sent over one million Danish CPR numbers to the US companies Google and Adobe.. The Danish Agency for Development and Simplification has discovered the data leak that involved the TastSelv Borger service, which is managed by the US company DXC Technology.. The TastSelv service allows everyone with a tax liability to Denmark to view and change ...

securityaffairs.co

 

---

Helix Bitcoin Mixer operator charged for laundering over $300M worth of Bitcoin

https://securityaffairs.co/wordpress/97815/cyber-crime/helix-bitcoin-mixer-operator-indictment.html 

Helix Bitcoin Mixer operator charged for laundering over $300MSecurity Affairs

An American was charged with money laundering while operating the dark web Helix Bitcoin mixer service between 2014 and 2017. Larry Dean Harmon (36), from Akron, Ohio, was charged with laundering more than $310 million worth of Bitcoin while he was operating a Darknet-based cryptocurrency laundering service between 2014 and 2017. According to three-count indictment […]

securityaffairs.co

 

---

Dell SupportAssist flaw exposes computers to hack, patch it asap!

https://securityaffairs.co/wordpress/97644/breaking-news/dell-supportassist-flaw-2.html 

Dell SupportAssist flaw exposes computers to hack, patch it asap!Security Affairs

Dell addresses a flaw in the Dell SupportAssist Client software that could allow local attackers to execute arbitrary code with Administrator privileges. Dell released a security update to address a vulnerability, tracked as CVE-2020-5316, in its SupportAssist Client software. The flaw could be exploited by local attackers to execute arbitrary code with Administrator privileges on affected ...

securityaffairs.co

 

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.