OSINT News - June 15, by Bart Otten

Community Manager Community Manager
Community Manager
0 0 78
0 Likes

Slovak police found wiretapping devices connected to the Govnet government network

https://securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html 

COEST_0-1592224136622.jpeg

 

Slovak police found wiretapping devices connected to the Govnet government network--Security Affairs

Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managing the government network. securityaffairs.co

 

---

Hackers target German Task Force for COVID-19 PPE procurement

https://securityaffairs.co/wordpress/104523/cyber-crime/hacker-covid-19-ppe-procurement.html 

COEST_1-1592224136629.jpeg

 

Hackers target German Task Force for COVID-19 PPE procurement--Security Affairs

Hackers targeted FIEGE, German railway company Deutsche Bahn, BASF, Bayer, Daimler, DHL, Lufthansa, Otto, and Volkswagen. The phishing messages originating from a Russia-based IP address 178[.]159[.]36[.]183, the experts noticed that over 280 URLs tied to this IP were involved in the campaign.

securityaffairs.co

 

---

Facebook Helped the FBI Hack a Child Predator

https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez 

COEST_2-1592224136683.jpeg

 

Facebook Helped the FBI Hack a Child Predator - VICE

The crimes Buster Hernandez committed were heinous. The FBI's indictment is a nauseating read. He messaged underage girls on Facebook and said something like “Hi, I have to ask you something.

www.vice.com

 

---

The A1 Telekom Austria Hack they came in through the web shells

https://blog.haschek.at/2020/the-a1-telekom-hack.html 

COEST_3-1592224136698.jpeg

 

The A1 Telekom Austria Hack - blog.haschek.at

On the 3rd of February 2020 I received an encrypted email on 3 of my email addresses from a person calling themself "Libertas" with the subject "Information for the public".. I am writing to you today because you seem to be a IT security related guy from Austria with a brain.

blog.haschek.at

 

---

Higaisa threat actors targets organizations using Zeplin platform

https://securityaffairs.co/wordpress/104469/apt/higaisa-hacking-group.html 

COEST_4-1592224136702.png

 

Higaisa threat actors targets organizations using Zeplin platform--Security Affairs

A Korean threat actor, tracked as Higaisa, has been using malicious LNK files in recent attacks aimed at organizations that use the Zeplin collaboration platform. securityaffairs.co

 

---

Increased use of mobile banking apps could lead to exploitation

https://www.ic3.gov/media/2020/200610.aspx 

Internet Crime Complaint Center (IC3) | Increased Use of Mobile Banking Apps Could Lead to Exploitation

Increased Use of Mobile Banking Apps Could Lead to Exploitation As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.

www.ic3.gov

 

---

Uncovering a Massive Hack-For-Hire Operation

https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/ 

COEST_5-1592224136715.png

 

Dark Basin: Uncovering a Massive Hack-For-Hire Operation - The Citizen Lab

Key Findings. Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.

citizenlab.ca

 

---

Honda and Enel impacted by cyber attack suspected to be ransomware

https://blog.malwarebytes.com/threat-analysis/2020/06/honda-and-enel-impacted-by-cyber-attack-suspected-to-be-ransomware/ 

COEST_6-1592224136897.jpeg

 

Honda and Enel impacted by cyber attack suspected to be ransomware - Malwarebytes Labs

Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of energy distribution in the City of Buenos Aires. Based on samples posted online, these incidents ...

blog.malwarebytes.com

 

---

Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service

https://krebsonsecurity.com/2020/06/owners-of-ddos-for-hire-service-vdos-get-6-months-community-service/ 

Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service — Krebs on Security

The co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet ...

krebsonsecurity.com

 

---

Lion Australia shuts down production on XXXX Gold, West End and other brands after cyber attack

https://7news.com.au/technology/lion-australia-shuts-down-production-on-xxxx-gold-west-end-and-other-brands-after-cyber-attack-c-1089337 

COEST_7-1592224136923.jpeg

 

Lion Australia shuts down production on XXXX Gold, West End and other brands after cyber attack | 7NEWS.com.au

One of Australia’s largest breweries has been forced to temporarily shut down production after a cyber attack on its website. Lion Australia, which produces Hahn, Tooheys, XXXX Gold and West End among other beverages, was subject to a “cyber incident” on Tuesday.

7news.com.au

 

---

Microsoft discovers cryptomining campaign targeting Kubeflow tool for Kubernetes clusters

https://securityaffairs.co/wordpress/104618/cyber-crime/cryptomining-campaign-targets-kubernetes-kubeflow.html 

---

Fake Black Lives Matter voting campaign spreads Trickbot malware

https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/ 

COEST_8-1592224136998.jpeg

 

Fake Black Lives Matter voting campaign spreads Trickbot malware

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. Started as a banking Trojan, the TrickBot has evolved to ...

www.bleepingcomputer.com

 

---

Thanos ransomware auto-spreads to Windows devices, evades security

https://www.bleepingcomputer.com/news/security/thanos-ransomware-auto-spreads-to-windows-devices-evades-security/ 

COEST_9-1592224137038.jpeg

 

Thanos ransomware auto-spreads to Windows devices, evades security

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.

www.bleepingcomputer.com

 

---

Kingminer patches vulnerable servers to lock out competitors

https://www.bleepingcomputer.com/news/security/kingminer-patches-vulnerable-servers-to-lock-out-competitors/ 

Kingminer patches vulnerable servers to lock out competitors

Kingminer patches vulnerable servers to lock out competitors. Self-destructing skimmer steals credit cards of Greenworks customers. Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin

www.bleepingcomputer.com

 

---

SMBleed could allow a remote attacker to leak kernel memory

https://securityaffairs.co/wordpress/104584/hacking/microsoft-vulnerability-smbleed.html 

SMBleed could allow a remote attacker to leak kernel memory--Security Affairs

Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an attacker to leak kernel memory remotely, without…

securityaffairs.co

 

---

Microsoft June 2020 Patch Tuesday fix 129 flaws, 11 rated as critical

https://securityaffairs.co/wordpress/104536/security/microsoft-june-2020-patch-tuesday.html 

Microsoft June 2020 Patch Tuesday fix 129 flaws, 11 rated as critical--Security Affairs

Microsoft June 2020 Patch Tuesday address 129 vulnerabilities affecting Microsoft Windows, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Office and Microsoft Office Services and Web Apps, Windows ...

securityaffairs.co

 

---

Two Critical Remote Code Execution flaws fixed in IBM WebSphere

https://securityaffairs.co/wordpress/104504/security/ibm-websphere-rces.html 

Two Critical Remote Code Execution flaws fixed in IBM WebSphere--Security Affairs

In April, a security researcher who goes online with the moniker ‘tint0’ discovered three serious deserialization issues affecting the IBM WebSphere Application Server. Two of the vulnerabilities (CVE-2020-4450 and CVE-2020-4448) are remote code ...

securityaffairs.co

 

---

The CallStranger UPnP vulnerability affects billions of devices

https://securityaffairs.co/wordpress/104483/hacking/callstranger-upnp-vulnerability.html 

The CallStranger UPnP vulnerability affects billions of devices--Security Affairs

Security experts disclosed a new UPnP vulnerability, named Call Stranger, that affects billions of devices and could be exploited for various malicious activities. that affects billions of devices, it could be exploited […]

securityaffairs.co

 

---

A flaw in India Digilocker could’ve been exploited to bypass authentication

https://securityaffairs.co/wordpress/104459/breaking-news/digilocker-critical-falw.html 

A flaw in India Digilocker could've been exploited to bypass authentication--Security Affairs

The Indian Government fixed a flaw in the secure document wallet service Digilocker that could have potentially allowed anyone’s access without password. securityaffairs.co

 

---

 

Stealthworker botnet targets Windows and Linux servers

https://securityaffairs.co/wordpress/104427/malware/stealthworker-botnet.html 

Stealthworker botnet targets Windows and Linux servers--Security Affairs

Akamai researchers uncovered a malware campaign spreading a Golang-based malicious code tracked as Stealthworker. The malware targets Windows and Linux servers running popular web services and platforms including (i.e. cPanel / WHM, WordPress, Drupal ...

securityaffairs.co

 

---

Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection

https://techcommunity.microsoft.com/t5/azure-sentinel/web-shell-threat-hunting-with-azure-sentinel-and-microsoft/ba-p/1448065 

Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection - Microsoft Tech Community - 1448065

Example web shell attack showing where MDATP alerts will trigger. We will focus our investigation on two areas:. W eb shell installation: A web shell file is placed on the server and the code it contains or the behaviours it exhibits result in an MDATP alert. In this scenario the alert will contain details of the potential shell (e.g. c:\mywebapp\webshell.aspx).

techcommunity.microsoft.com

 

---

Windows Group Policy flaw lets attackers gain admin privileges

https://www.bleepingcomputer.com/news/security/windows-group-policy-flaw-lets-attackers-gain-admin-privileges/ 

Windows Group Policy flaw lets attackers gain admin privileges

Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability ...

www.bleepingcomputer.com

 

---

Nintendo admitted that hackers have breached 300,000 accounts

https://securityaffairs.co/wordpress/104556/hacking/300000-nintendo-accounts-hacked.html 

Nintendo admitted that hackers have breached 300,000 accounts--Security Affairs

The Japanese video game giant Nintendo has admitted that threat actors have breached 300,000 accounts since early April. The hackers have gained access to personal information, including birthday and email address, but financial data were […]

securityaffairs.co

 

---

Live event solutions leader TAIT discloses data breach

https://www.bleepingcomputer.com/news/security/live-event-solutions-leader-tait-discloses-data-breach/ 

Live event solutions leader TAIT discloses data breach

TAIT, one of the world's leading live event solutions providers, disclosed a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts ...

www.bleepingcomputer.com

 

---

Fortune 500 insurance firm Genworth discloses data breach

https://www.bleepingcomputer.com/news/security/fortune-500-insurance-firm-genworth-discloses-data-breach/ 

Fortune 500 insurance firm Genworth discloses data breach

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials.

www.bleepingcomputer.com

 

---

Self-destructing skimmer steals credit cards of Greenworks customers

https://www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/ 

Self-destructing skimmer steals credit cards of Greenworks customers

Self-destructing skimmer steals credit cards of Greenworks customers. Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin. Windows Group Policy flaw lets attackers gain admin privileges

www.bleepingcomputer.com

 

---

City of Knoxville shuts down IT network after ransomware attack

https://securityaffairs.co/wordpress/104642/cyber-crime/knoxville-city-ransomware.html 

City of Knoxville shuts down IT network after ransomware attack--Security Affairs

The city of Knoxville, Tennessee, has shut down its computer network following a ransomware attack. The attack took place in the night between June 10 and June 11, the malware encrypted multiple systems in the […]

securityaffairs.co

 

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.