OSINT News - January 20, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 174
0 Likes

FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw

https://www.bleepingcomputer.com/news/security/fbi-says-state-actors-hacked-us-govt-network-with-pulse-vpn-flaw/ 

COEST_22-1579529246226.jpeg

 

FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw

FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw. Hackers Are Securing Citrix Servers, Backdoor Them for Access. Fraudsters Set Up Site Selling Temporary Social Security Numbers

www.bleepingcomputer.com

 

---

 

A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github

https://www.wired.com/story/windows-10-vulnerability-rickroll-nsa-github/ 

COEST_23-1579529246236.jpeg

 

Critical Windows 10 vulnerability used to Rickroll the NSA and Github | Ars Technica

GOT CERT VALIDATION? — Critical Windows 10 vulnerability used to Rickroll the NSA and Github Attack demoed less than 24 hours after disclosure of bug-breaking certificate validation.

www.wired.com

 

---

Law enforcement seized WeLeakInfo.com for selling access to data from data breaches

https://securityaffairs.co/wordpress/96508/breaking-news/weleakinfo-domain-seized.html 

COEST_24-1579529246251.png

 

Law enforcement seized WeLeakInfo.com for selling access to data from data breachesSecurity Affairs

The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of ...

securityaffairs.co

 

---

Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html 

COEST_25-1579529246298.png

 

Project Zero: Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

The vulnerability was found as part of a joint vulnerability research project with Natalie Silvanovich and reported to Apple on July 29 2019, followed by the proof-of-concept exploit on August 9, 2019.The vulnerability was first mitigated in iOS 12.4.1, released on August 26, by making the vulnerable code unreachable over iMessage, then fully fixed in iOS 13.2, released on October 28 2019.

googleprojectzero.blogspot.com

 

---

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor

https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html 

COEST_26-1579529246301.png

 

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor | FireEye Inc

As noted in Rough Patch: I Promise It'll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recognized multiple groups of post-exploitation activity.

www.fireeye.com

 

---

CVE-2020-0601: The chainoffools/curveball attack explained with POC

https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/ 

COEST_27-1579529246350.jpeg

 

CVE-2020-0601: the ChainOfFools attack explained with PoC

On Tuesday the 14th of January 2020, in the frame of their first Patch Tuesday of 2020, Microsoft addressed a critical flaw discovered by the NSA in the Windows 10, Windows Server 2016 and 2019 versions of crypt32.dll, the library implementing Windows' CryptoAPI. It didn't take too long until it got branded "ChainOfFools" by Kenn…

research.kudelskisecurity.com

 

---

Stolen emails reflect Emotet's organic growth

https://blog.talosintelligence.com/2020/01/stolen-emails-reflect-emotets-organic.html 

COEST_28-1579529246365.jpeg

 

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Stolen emails reflect Emotet's organic growth

However, more often, Emotet will leave the contact information for the individual victim inside the propagation email. The message may also include the contents of a previous email exchange between the two recipients, just to add extra authenticity.

blog.talosintelligence.com

 

---

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers

https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh 

COEST_29-1579529246398.jpeg

 

Hackers Are Breaking Directly Into AT&T, T-Mobile, and Sprint to Take Over Customer Phone Numbers - VICE

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers ...

www.vice.com

 

---

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

https://securityaffairs.co/wordpress/96486/uncategorized/cve-2020-0601-nsacrypto-exploits.html 

COEST_30-1579529246401.png

 

Two PoC exploits for CVE-2020-0601 NSACrypto flaw releasedSecurity Affairs

Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been ...

securityaffairs.co

 

---

TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection

TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection. PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks. Google to Kill Chrome Apps Across All Platforms

www.bleepingcomputer.com

---

Seventeen Android Nasties Spotted in Google Play, Total Over 550K Downloads – Bitdefender Labs

Bitdefender Announces Complete Endpoint Prevention, Detection and Response Platform Designed for all Organizations. Bitdefender, a global cybersecurity company protecting over 500 million systems worldwide, today announced GravityZone Ultra 3.0, the industry’s first single-agent, single-console endpoint protection solution to combine prevention and hardening with...

labs.bitdefender.com

---

Cisco addressed a high-severity bug in Webex that could allow RCESecurity Affairs

Tech giant Cisco has recently addressed two high-severity vulnerabilities affecting its Webex and IOS XE Software products. Cisco Systems has released security fixes for two high-severity vulnerabilities in its products, including a remote code execution flaw in the Webex video conferencing platform.

securityaffairs.co

---

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at hackSecurity Affairs

A flaw, dubbed Cable Haunt, in Broadcom’s cable modem firmware exposed as many as 200 million home broadband gateways in Europe alone, at risk of remote hijackings. Hundreds of millions of Broadcom-based cable modems are at risk of remote hijacking due to the presence of a vulnerability dubbed ...

securityaffairs.co

---

Australia Bushfire Donors Affected by Credit Card Skimming Attack

Australia Bushfire Donors Affected by Credit Card Skimming Attack. Maze Ransomware Publishes 14GB of Stolen Southwire Files. Sodinikibi Ransomware Hits New York Airport Systems

www.bleepingcomputer.com

---

Texas school district loses $2.3 million from phishing scam

Manor Independent School District, just east of Austin, is out of $2.3 million from a phishing scam. Investigators say the phishing email was sent to multiple people at the school district and it ...

www.ksat.com

---

P&N Bank data breach may have impacted 100,000 West AustraliansSecurity Affairs

The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident to its ...

securityaffairs.co

---

Two MageCart groups competed to steal credit cards data from Perricone MD 's European skincare sitesSecurity Affairs

The expert Sam Jenkins, from RapidSpike, noticed that the flawed code attempted to contact the js-react[.]com domain, that was involved in other attacks.. The scenario that sees two Magecart groups competing for compromising the same websites is not new, in November 2018, where the MageCart Group 9 and the MageCart Group 3 targeted the websites of Umbro Brazil and the B. Liv online cosmetics shop.

securityaffairs.co

---

Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII

Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII. Ako Ransomware Uses Spam to Infect Its Victims. Online Pharmacy PlanetDrugsDirect Discloses Security Breach

www.bleepingcomputer.com

---

Maze Ransomware operators leak 14GB of files stolen from SouthwireSecurity Affairs

The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

securityaffairs.co

---

Albany County Airport authority hit by a ransomware attack - Security AffairsSecurity Affairs

Officials at the Albany County Airport Authority revealed that New York airport servers were infected with ransomware on Christmas. Officials at the Albany County Airport Authority announced this week that a ransomware attack hit the New York airport and its computer management provider LogicalNet over Christmas.. The news of the attack was disclosed after LogicalNet reported its own ...

securityaffairs.co

---

PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online

https://securityaffairs.co/wordpress/96288/hacking/citrix-cve-2019-19781-poc.html 

COEST_31-1579529246404.jpeg

 

PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw releasedSecurity Affairs

Experts announced the availability online of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. While security researchers were warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway ...

securityaffairs.co

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.