OSINT News - January 7, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 645

JsOutProx: A New Enterprise Grade Implant ... ... ... ...

Experts at Yoroi/Cybaze ZLab spotted a new sophisticated malware implant dubbed JsOutProx that seems to be unrelated to mainstream cyber weapons. During our threat intelligence source monitoring operations, we spotted a new sophisticated malware implant, dubbed JsOutProx, that seems to be unrelated ...



Maze Ransomware operators threaten victims to publish their data online

The victims of the Maze Ransomware now face another threat because operators behind the malware could become publish their data online. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.



Emotet distributed with emails posing as German authorities, BSI warns

BSI, Germany’s federal cybersecurity agency warns of an active malspam campaign that distributing the infamous Emotet banking Trojan. Germany’s federal cybersecurity agency BSI is warning of an active malspam campaign that aims at distributing the Emotet banking Trojan.. The malicious messages camouflaged to look like messages delivered by German federal authorities.



LifeLabs releases open letter to customers following cyber-attack – LifeLabs

TORONTO, ON. [December 17, 2019] – LifeLabs is releasing the below open letter to its customers in Canada, following a recent cyber security-attack.



Ransomware response—to pay or not to pay? - Microsoft Security

The increased connectivity of computers and the growth of Bring Your Own Device (BYOD) in most organizations is making the distribution of malicious software (malware) easier. Unlike other types of malicious programs that may usually go undetected for a longer period, a ransomware attack is usually ...



Hackensack Meridian: We paid ransom to hackers to stop hospital cyber-attack

Hackensack Meridian Health paid an undisclosed amount in ransom to stop a cyber-attack that has disrupted the hospital owner's computer network since it began last week, the company said Friday ...



Ryuk Ransomware is suspected to be involved in the New Orleans attack

The dump discovered by Cowie is associated with an executable named ‘ yoletby.exe,’ it was containing references to the City of New Orleans including domain names, domain controllers, internal IP addresses, user names, file shares, The same dump contained references to the Ryuk ransomware, a circumstance that suggests that this family of malware was used in the attack of the City of New ...



Siemens Contract Employee Gets Jail Time for Intentionally Damaging Computers | USAO-WDPA | Department of Justice

PITTSBURGH - A contract employee for Siemens Corporation at the Monroeville, PA location has been sentenced in federal court to a six-month term of imprisonment to be followed by a two-year term of supervised release, and a fine of $7,500 on his conviction of intentional damage to a protected computer, United States Attorney Scott W. Brady announced today.



Flaws in Acer and ASUS pre-installed software could lead to arbitrary code execution

Experts found several flaws in Acer and ASUS software preinstalled on most of their PCs that could lead to privilege escalation and arbitrary code execution.. SafeBreach experts discovered several vulnerabilities in Acer and ASUS software that comes pre-installed on most PCs from these vendors. The flaws could be exploited by attackers for privilege escalation and to execute arbitrary payloads.



TP-Link Archer routers allow remote takeover without passwords

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “This is a zero-day flaw that was not previously reported and can affect both home and business environments.” explained IBM X-Force Red‘s Grzegorz ...



Experts found binary planting and arbitrary file overwrite flaws in NPM

The vulnerability affects older versions of yarn, an open-source alternative client developed by Facebook for fetching modules from the registry.. NPM maintainers also addressed a separate vulnerability that could be exploited to create arbitrary symlinks to any file.. The experts pointed out that vulnerable NPM versions, and all current versions of yarn allow the arbitrary overwriting of an ...




The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.