OSINT News - June 22, by Bart Otten

Micro Focus Expert
Micro Focus Expert
0 0 57
0 Likes

Nation-state actors target Australia, Government warns

https://securityaffairs.co/wordpress/104956/cyber-warfare-2/nation-state-actors-target-australia.html 

Nation-state actors target Australia, Government warns--Security Affairs

Australia ‘s prime minister Scott Morrison said that a “state-based actor” is targeting government, public services, and businesses. Warning Australians of “specific risks” and an increased frequency of attacks, The Australian government is working on ...

securityaffairs.co

 

---

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks

https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks 

Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks | Cyber.gov.au

Advisory 2020-008: The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.

www.cyber.gov.au

 

---

Wyden Questions Intelligence Community Cybersecurity Following Damning CIA Report on Stolen Hacking Tools

https://www.wyden.senate.gov/news/press-releases/wyden-questions-intelligence-community-cybersecurity-following-damning-cia-report-on-stolen-hacking-tools 

Wyden Questions Intelligence Community Cybersecurity Following Damning CIA Report on Stolen Hacking Tools | U.S. Senator Ron Wyden of Oregon

Washington, D.C. – Sen. Ron Wyden, D-Ore., today asked Director of National Intelligence John Ratcliffe to explain what steps he is taking to improve the cybersecurity of some of the nation’s most sensitive secrets, held by federal intelligence agencies, after Wyden obtained a damning CIA report ...

www.wyden.senate.gov

 

---

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

https://securityaffairs.co/wordpress/104942/apt/invisimole-campaign.html 

InvisiMole group targets military sector and diplomatic missions--Security Affairs

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. […]

securityaffairs.co

 

---

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

https://securityaffairs.co/wordpress/104885/apt/operation-interreception.html 

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East--Security Affairs

Security experts from ESET uncovered a new sophisticated cyber-espionage campaign, dubbed “Operation In(ter)recepti on,” aimed at aerospace and military organizations in Europe and the Middle East.

securityaffairs.co

 

---

South African bank to replace 12m cards after employees stole master key

https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/ 

South African bank to replace 12m cards after employees stole master key | ZDNet

South African bank to replace 12m cards after employees stole master key. Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.

www.zdnet.com

 

---

Italian company exposed on Clearnet earned up to $ 500,000 helping cybercriminals to deliver malware using cloud drives.

https://research.checkpoint.com/2020/guloader-cloudeye/

GuLoader? No, CloudEyE. - Check Point Research

Figure 4 – DarkEyE advertisement on a hacker forum. We also found some earlier ads for DarkEyE on the same website, these posted by the user “sonykuccio.” The ads describe DarkEyE as a crypter that can be used with different malware such as stealers, keyloggers, and RATs (remote access Trojans), and makes them fully undetectable for antiviruses (FUD).

research.checkpoint.com

 

---

An ongoing Qbot campaign targeted customers of tens of US banks

https://securityaffairs.co/wordpress/104916/hacking/qbot-campaign-us-banks.html 

An ongoing Qbot campaign targeted customers of tens of US banks--Security Affairs

Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot, aka Qakbot, is a data stealer worm with backdoor capabilities that […]

securityaffairs.co

 

---

AWS mitigated largest DDoS attack ever of 2.3 Tbps

https://securityaffairs.co/wordpress/104908/hacking/aws-worlds-largest-ddos.html

AWS mitigated largest DDoS attack ever of 2.3 Tbps--Security Affairs

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. […]

securityaffairs.co

 

---

Earth Empusa targets minority group with Android ActionSpy spyware

https://securityaffairs.co/wordpress/104758/malware/earth-empusa-actionspy-spyware.html 

Earth Empusa targets minority group with Android ActionSpy spyware--Security Affairs

Researchers warn that the Earth Empusa (aka POISON CARP/Evil Eye) threat group is targeting the Uyghurs, a Turkic minority ethnic group originating from and culturally affiliated with the general region of Central and East […]

securityaffairs.co

 

---

Hackers use fake Windows error logs to hide malicious payload

https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/ 

Hackers use fake Windows error logs to hide malicious payload

A closer inspection reveals the trick used by the actor to extract the relevant chunk of data (the numerical characters) and build the encoded payload.

www.bleepingcomputer.com

 

---

Bug in ‘USB for Remote Desktop’ lets hackers add fake devices

https://www.bleepingcomputer.com/news/security/bug-in-usb-for-remote-desktop-lets-hackers-add-fake-devices/ 

Bug in ‘USB for Remote Desktop’ lets hackers add fake devices

An unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices.

www.bleepingcomputer.com

 

---

O365 Phishing Campaign Leveraged Legit Domains

https://www.darkreading.com/attacks-breaches/o365-phishing-campaign-leveraged-legit-domains/d/d-id/1338124 

O365 Phishing Campaign Leveraged Legit Domains

A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and ...

www.darkreading.com

 

---

Lamphone Real-Time Passive Sound Recovery from Light Bulb Vibrations

https://www.nassiben.com/lamphone 

Lamphone

Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). These methods pose a great threat to privacy, however they are limited in one of the

www.nassiben.com

 

---

SOHO Device Exploitation

https://blog.grimm-co.com/2020/06/soho-device-exploitation.html 

SOHO Device Exploitation - blog.grimm-co.com

The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this website.

blog.grimm-co.com

 

---

19 Zero-Day Vulnerabilities Amplified by the Supply Chain

https://www.jsof-tech.com/ripple20/ 

---

New Cisco Webex Meetings flaw allows attackers to impersonate users

https://securityaffairs.co/wordpress/104972/hacking/cisco-webex-meetings-flaw.html 

New Cisco Webex Meetings flaw allows attackers to impersonate users--Security Affairs

A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347, could be exploited by local authenticated attackers to gain access to sensitive information. securityaffairs.co

 

---

BigDebIT flaws in Oracle EBS allow hackers to alter financial records

https://securityaffairs.co/wordpress/104840/hacking/bigdebit-flaws-oracle-ebs.html 

BigDebIT flaws in Oracle EBS allow hackers to alter financial records--Security Affairs

Oracle addressed two security flaws in its E-Business Suite (EBS) business management solution that could allow attackers to carry out a broad range of malicious activities, including to tamper with an organization’s financial records. […]

securityaffairs.co

 

---

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

https://securityaffairs.co/wordpress/104799/hacking/gtp-flaws-5g-users.html

Flaws in mobile Internet protocol GTP allow hackers to target 5G users--Security Affairs

Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNOs). Threat actors could exploit these ...

securityaffairs.co

 

---

Black Kingdom ransomware operators exploit Pulse VPN flaws

https://securityaffairs.co/wordpress/104789/cyber-crime/black-kingdom-ransomware-pulse-vpn.html 

Black Kingdom ransomware operators exploit Pulse VPN flaws--Security Affairs

Researchers from security firm REDTEAM reported that operators behind the Black Kingdom ransomware are targeting enterprises exploiting the CVE-2019-11510 flaw in Pulse Secure VPN software to gain access to the network. Black Kingdom ransomware was first spotted in

securityaffairs.co

 

---

Maze Ransomware gang breached the US chipmaker MaxLinear

https://securityaffairs.co/wordpress/104898/cyber-crime/maze-ransomware-hit-maxlinear.html 

Maze Ransomware gang breached the US chipmaker MaxLinear--Security Affairs

U.S. system-on-chip maker MaxLinear is the last victim of the Maze ransomware operators, the company revealed that the systems were infected last month, but the threat actors first compromised the company on April 15. MaxLinear is […]

securityaffairs.co

 

---

Cognizant admitted data breach in April Ransomware Attack

https://securityaffairs.co/wordpress/104951/data-breach/cognizant-data-breach.html 

Cognizant admitted data breach in April Ransomware Attack--Security Affairs

In April the information technologies services giant Cognizant Technology was hit by Maze Ransomware operators. Cognizant is an American multinational corporation that provides IT services, it is one of the largest IT managed services company in the […]

securityaffairs.co

 

---

Ransomware attack disrupts operations at Australian beverage company Lion

https://securityaffairs.co/wordpress/104749/cyber-crime/ransomware-attack-hit-lion.html 

Ransomware attack disrupts operations at Australian beverage firm Lion--Security Affairs

Systems at Australian beverages company Lion were infected with a ransomware, the security breach caused the disruption of manufacturing processes and customer service. Lion is a beverage and food company that operates in Australia and New Zealand, […]

securityaffairs.co

 

---

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia

https://securityaffairs.co/wordpress/104854/breaking-news/ariix-30k-italian-sales-agents-data-leak.html 

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia--Security Affairs

Researchers at cybernews.com recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of passports, credit cards, and health insurance cards. The database also ...

securityaffairs.co

 

---

Accessories giant Claire’s is the victim of a Magecart attack, credit card data exposed

https://securityaffairs.co/wordpress/104776/hacking/claires-magecart-attack.html 

Accessories giant Claire's is the victim of a Magecart attack--Security Affairs

Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained access to customer’s credit cards. Claire’s […]

securityaffairs.co

 

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.