OSINT News - January 13, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 94
0 Likes

Austria's foreign ministry is facing a ‘serious cyberattack’Security Affairs

Austria’s foreign ministry announced it was facing a “serious cyberattack ” and that it could be the work of a nation-state actor.. Austria’s foreign ministry was the victim of a cyber-attack that is suspected to have been conducted by a foreign state due to its level of sophistication.

securityaffairs.co

 

Irish National Cyber Security Strategy warns of ​attacks on Irish data centres

https://securityaffairs.co/wordpress/95825/laws-and-regulations/irish-national-cyber-security-strategy.html 

 

Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical and actively exploited severity vulnerability that could potentially allow attackers to execute code or trigger crashes ...

www.bleepingcomputer.com

 

Travelex currency exchange suspends services after malware attack

https://securityaffairs.co/wordpress/95939/hacking/travelex-malware-attack.html 

 

TrickBot gangs developed the PowerTrick backdoor for high-value targets

Researchers at SentinelLabs reported that TrickBot operators used a new PowerShell backdoor in recent attacks aimed at high-value targets.. SentinelLabs experts discovered a new PowerShell backdoor used by TrickBot operators in recent attacks aimed at Powershell high-value targets, such as financial institutions.. TrickBot is a popular banking Trojan that has been around since October 2016 ...

securityaffairs.co

 

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

An operation coordinated by Interpol, dubbed Goldfish Alpha, dismantled an illegal cryptocurrency network operating in Southeast Asia . Interpol announced that it has coordinated a successful international operation aimed at removing cryptocurrency miners that infected routers located in Southeast Asia.. The operation sees the contribution of Trend Micro, law enforcement and CERTs from ASEAN ...

securityaffairs.co

 

The city of Las Vegas announced it has suffered a cyber attackSecurity Affairs

The city of Las Vegas announced it has suffered a cyber attack that breached its computer systems, it is unclear whether any sensitive data was exposed. Las Vegas officials say a cyber attack breached the city’s computer systems, the attack took place on Tuesday, but it wasn’t immediately clear ...

securityaffairs.co

 

Experts warn of ongoing scans for Citrix servers affected by CVE-2019-19781

 

Threat actors are probing Citrix servers in the attempt to exploit the CVE-2019-19781 remote code execution vulnerability. Security researchers are warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers affected by the CVE ...

securityaffairs.co

 

United States government-funded phones come pre-installed with unremovable malware | Malwarebytes Labs

No current resolution. Although we do have a way to uninstall pre-installed apps for current Malwarebytes users, doing so on the UMX has consequences.Uninstall Wireless Update, and you could be missing out on critical updates for the OS. We think that’s worth the tradeoff, and suggest doing so.

blog.malwarebytes.com

 

INTERPOL-led action takes aim at cryptojacking in Southeast Asia

SINGAPORE – An INTERPOL-coordinated operation in Southeast Asia against an emerging form of cybercrime known as cryptojacking has led to a massive reduction in the number of infected devices across the region.

www.interpol.int

 

Cable Haunt, critical vulnerability found in cable modems from various manufacturers across the world.

https://cablehaunt.com/ 

---

Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools

https://www.bleepingcomputer.com/news/security/clop-ransomware-now-kills-windows-10-apps-and-3rd-party-tools/ 

 

Exploiting Wi-Fi Stack on Tesla Model S | Keen Security Lab Blog

The 88w8688 chip runs based on ThreadX OS which is an RTOS targeting for embedded devices. The code of ThreadX can be found in the ROM region, so the firmware “sd8688.bin” runs as an application of ThreadX.

 

Two MageCart groups competed to steal credit cards data from Perricone MD 's European skincare sites

The expert Sam Jenkins, from RapidSpike, noticed that the flawed code attempted to contact the js-react[.]com domain, that was involved in other attacks.. The scenario that sees two Magecart groups competing for compromising the same websites is not new, in November 2018, where the MageCart Group 9 and the MageCart Group 3 targeted the websites of Umbro Brazil and the B. Liv online cosmetics shop.

securityaffairs.co

 

MITRE presents ATT&CK for ICS, a knowledge base for ICS

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK.

securityaffairs.co

 

Security flaws allowed hijacking any TikTok account

A flaw in the popular TikTok app could allow attackers to hijack any user account just by knowing the mobile number of the victim. Security experts from CheckPoint have discovered a critical vulnerability in the popular TikTok app that could be exploited by a remote attacker to hijack any user ...

securityaffairs.co

 

MageCart gang compromised popular Focus Camera website

https://securityaffairs.co/wordpress/96104/hacking/magecart-focus-camera-website.html

 

Microsoft report: around 0.08% of RDP brute-force attacks are successful

The experts collected details about both failed and successful RDP login events, these events are coded with ID 4265 and 4264, respectively. Researchers also collected the usernames a user/attacker might have used.. In the attempt to remain under the radar, the attacks lasted days rather than hours, this means that attackers only try a few combinations per hour in each day.

securityaffairs.co

 

Crooks use Star Wars saga as bait in Phishing and malware attacks

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at ...

securityaffairs.co

 

Ransomware attack shuts down Richmond, Michigan school district

U.S. faces an epidemic of cyberattacks in which hackers seize computer systems and demand payment.

www.cbsnews.com

 

Maze Ransomware Sued for Publishing Victim's Stolen Data

The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ...

www.bleepingcomputer.com

 

Big Game Ransomware being delivered to organisations via Pulse Secure VPN

The Now ransomware. I follow big game ransomware and general cyberattacks, as I work in corporate cybersecurity, so want to know what attackers are up to.. I realised in some recent incidents, impacted companies ran Pulse Secure VPN (it’s super easy to spot with Shodan). I also realised through the vulnerability scanning which has been happening across the internet that many of the ...

doublepulsar.com

 

SNAKE Ransomware is targeting business networks

A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer ...

securityaffairs.co

 

California IT service provider Synoptek pays ransom after Sodinokibi attack

https://securityaffairs.co/wordpress/96017/malware/sodinokibi-ransomware-attack.html 

---

DeathRansom ransomware evolves encrypting files, but experts identified its author

https://securityaffairs.co/wordpress/95996/malware/deathransom-ransomware-evolution.html 

 

Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools

Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools. Microsoft Products Reaching End of Life in 2020. FBI Warns of Maze Ransomware Focusing on U.S. Companies

www.bleepingcomputer.com

 

56.25M US residents records collected by CheckPeople exposed online

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online. A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server ...

securityaffairs.co

 

Medical info of 49,351 patients exposed in Alomere Health hospital breach

Minnesota-based Alomere Health discloses a data leak that exposed personal and medical information of 49,351 patients. Personal and medical information of 49,351 patients of Minnesota-based Alomere Health might have been exposed following the compromise of two employees’ email accounts. Alomere ...

securityaffairs.co

 

Japanese HappyHotel discloses a data breach .... ....Security Affairs

HappyHotel, a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December.. HappyHotel is a popular Japanese search engine for “love hotels,” it is used by married couples and unfaithful spouses, it allows users to book rooms in love hotels in Japan.. Almex, the company that operates HappyHotel, published a data breach ...

securityaffairs.co

 

School software provider Active Network discloses data breach

The US-based School management software provider Active Network disclosed a severe security breach last week. Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach. The hackers gained access to ...

securityaffairs.co

 

US restaurant chain Landry's discloses payment card breach

The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems. The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems have been infected with malware specifically ...

securityaffairs.co

 

Poloniex forces password reset following a data leak

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak.. Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak.. The measure was necessary to prevent spear-phishing attacks against the users aimed at stealing credentials or ...

securityaffairs.co

 

Carriere, MS Man Pleads Guilty To Intentionally Accessing a Protected Computer In Excess Of Authorization | USAO-EDLA | Department of Justice

NEW ORLEANS – U.S. Attorney Peter G. Strasser announced that COLBI TRENT DEFIORE, age 27, a resident of Carriere, Mississippi, pleaded guilty on January 7, 2020 before United States District Judge Jay A. Zainey to a one-count indictment with intentionally accessing a protected computer in excess of authorization for the purpose of commercial advantage and private financial gain, and in ...

www.justice.gov

 

Computer Programmer Sentenced In Cyberattack Threat Case | USAO-KS | Department of Justice

WICHITA, KAN.. – A Wichita computer programmer was sentenced today to three years federal probation and a $2,000 fine for threatening cyberattacks against two web sites that posted criticism of Wichita lawyer Brad Pistotnik, U.S. Attorney Stephen McAllister said.

www.justice.gov

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.