OSINT News - June 29, by Bart Otten

Community Manager Community Manager
Community Manager
0 0 83
0 Likes

The Golden Tax Department and the Emergence of GoldenSpy Malware

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/ 

COEST_0-1593435922035.jpeg

 

The Golden Tax Department and the Emergence of GoldenSpy Malware | Trustwave

chevron_left Back Technology. Secure Email Gateway Full protection against email threats and sensitive data from exiting; Secure Web Gateway Flexible solution to guard in real time against internet-borne threats ; Intrusion Detection & Prevention A high-speed solution that monitors your network & helps fortify the perimeter ; Next Generation Firewall Comprehensive network security with a low ...

www.trustwave.com

 

---

MAZE Ransomware operators claims to breach LG electronics, a renowned South Korean multinational electronics company – data leak!!

https://cybleinc.com/2020/06/25/maze-ransomware-operators-claims-to-breach-lg-electronics-a-renowned-south-korean-multinational-electronics-company-data-leak/ 

COEST_1-1593435922109.png

 

Maze Ransomware Operators Claims to breach LG Electronics, a renowned South Korean multinational electronics company – Data Leak!! – Cyble, Inc

Update as of 06/25/2020: As part of our regular darkweb monitoring, our researchers came across the data leak of LG Electronics been published by the Maze ransomware operators. Just after the WorldNet Telecommunications, the LG electronics fall as a victim of the Maze ransomware operators. Currently, LG Electronics is part of the fourth-largest family-owned business…

cybleinc.com

 

---

Exploiting Bitdefender Antivirus: RCE from any website

https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ 

COEST_2-1593435922146.png

 

Exploiting Bitdefender Antivirus: RCE from any website | Almost Secure

A vulnerability in Bitdefender Antivirus allowed any website to run arbitrary code with user's privileges. This was caused by issues very similar to ones found in other antivirus products before.

palant.info

 

---

Hacking Starbucks and Accessing Nearly 100 Million Customer Records

https://samcurry.net/hacking-starbucks/ 

COEST_3-1593435922163.jpeg

 

Hacking Starbucks and Accessing Nearly 100 Million Customer Records - Sam Curry

In the above example, the “app.starbucks.com” host wouldn’t have access to the logic or data that was being accessed with the particular endpoint, but would serve as a proxy or middleman to the hypothetical second host, “internal.starbucks.com”.

samcurry.net

 

---

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

https://www.vice.com/en_us/article/dyz3jy/privacy-focused-os-tails-wants-to-know-how-facebook-and-the-fbi-hacked-it 

COEST_4-1593435922181.jpeg

 

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it - VICE

The developers of Tails and a video player targeted by Facebook and the FBI in an operation to catch a child predator are still in the dark about how the feds hacked the software.

www.vice.com

 

---

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/ 

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments — Krebs on Security

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed "BlueLeaks" and made searchable via a new ...

krebsonsecurity.com

 

---

Oracle’s BlueKai tracks you across the web. That data spilled online

https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/ 

COEST_5-1593435922504.png

 

Oracle’s BlueKai tracks you across the web. That data spilled online – TechCrunch

The data went back for months, according to Sen, who discovered the database. Some logs dated back to August 2019, he said. “Fine-grained records of people’s web-browsing habits can reveal ...

techcrunch.com

 

---

Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools

https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/ 

COEST_6-1593435922518.jpeg

 

Moroccan Journalist Targeted With Network Injection Attacks Using NSO Groups Tools | Amnesty International

In October 2019 Amnesty International published a first report on the use of spyware produced by Israeli company NSO Group against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui. Through our continued investigation, Amnesty International’s Security Lab identified similar evidence of the targeting of Omar Radi, a prominent activist and journalist from Morocco from ...

www.amnesty.org

 

---

Turn on MFA Before Crooks Do It For You

https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/ 

Turn on MFA Before Crooks Do It For You — Krebs on Security

Tags: Dennis Dayman, microsoft, multi-factor authentication, twofactorauth.org, xbox This entry was posted on Friday, June 19th, 2020 at 3:19 pm and is filed under Latest Warnings, Security Tools.

krebsonsecurity.com

 

---

New Lucifer DDoS botnet targets Windows systems with multiple exploits

https://securityaffairs.co/wordpress/105232/malware/lucifer-ddos-botnet-windows.html 

COEST_7-1593435922522.jpeg

 

New Lucifer DDoS botnet targets Windows systems with multiple exploits--Security Affairs

A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it […]

securityaffairs.co

 

---

Akamai mitigated the largest ever PPS DDoS attack

https://securityaffairs.co/wordpress/105223/hacking/akamai-record-ddos-attack.html 

COEST_8-1593435922527.jpeg

 

Akamai mitigated the largest ever PPS DDoS attack--Security Affairs

Akamai revealed that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS). “On June 21, 2020, Akamai mitigated the largest packet per second (PPS) distributed […]

securityaffairs.co

 

---

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

https://securityaffairs.co/wordpress/105168/cyber-crime/cryptocore-stole-200m-crypto-exchanges.html 

COEST_9-1593435922533.png

 

CryptoCore hacker group stole over $200M from cryptocurrency exchanges--Security Affairs

Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges. The CryptoCore group, […]

securityaffairs.co

 

---

Von der Leyen said Chinese cyberattacks on EU hospitals cannot be tolerated

https://securityaffairs.co/wordpress/105152/hacking/von-der-leyen-china.html 

Von der Leyen said Chinese cyberattacks on EU hospitals cannot be tolerated--Security Affairs

European Commission President Ursula von der Leyen publicly linked to China a series of cyber attacks against EU hospitals and health care institutions during the COVID-19 pandemic. von der Leyen added that this conduct cannot be ...

securityaffairs.co

 

---

REvil ransomware gang scans healthcare victim’s network for PoS systems

https://securityaffairs.co/wordpress/105141/malware/revil-ransomware-pos.html 

REvil ransomware gang scans healthcare victim's network for PoS systems--Security Affairs

Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Researchers from Symantec’s Threat Intelligence team reported that the REvil ransomware operators have been observed while scanning ...

securityaffairs.co

 

---

New XORDDoS, Kaiji DDoS botnet variants target Docker servers

https://securityaffairs.co/wordpress/105134/breaking-news/xorddos-kaiji-ddos-botnet-docker.html 

New XORDDoS, Kaiji DDoS botnet variants target Docker servers--Security Affairs

Trend Micro researchers reported that operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was […]

securityaffairs.co

 

---

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

https://securityaffairs.co/wordpress/105129/cyber-crime/fxmsp-threat-actor.html 

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln--Security Affairs

Group-IB, a Singapore-based cybersecurity company, has issued a comprehensive report on Fxmsp – a heavyweight of the Russian-speaking cyber underground who made a name for himself selling access to corporate networks ...

securityaffairs.co

 

---

A daily average of 80,000 printers exposed online via IPP

https://securityaffairs.co/wordpress/105120/hacking/80000-printers-exposed-online-ipp.html 

A daily average of 80,000 printers exposed online via IPP--Security Affairs

It’s not a mystery, a printer left exposed online without proper security could open the doors to hackers, now researchers from Shadowserver Foundation have discovered tens of thousands of printers that are […]

securityaffairs.co

 

---

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

https://securityaffairs.co/wordpress/105108/data-breach/clop-ransomware-indiabulls-group.html 

CLOP Ransomware operators hacked IndiaBulls Group--Security Affairs

CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group, its primary businesses are housing finance, consumer finance, and wealth management. Indiabulls Group has around 19,000 employees, the company has been earning an average revenue of ...

securityaffairs.co

 

---

Crooks leverage Google Analytics in web skimming attacks

https://securityaffairs.co/wordpress/105086/cyber-crime/google-analytics-e-skimming.html 

Crooks leverage Google Analytics in web skimming attacks - Security Affairs

Recently, researchers at Kaspersky identified several web skimming attacks that abused Google Analytics service to exfiltrate data stolen with an e-skimmer software. Threat actors exploit the trust in Analytics to bypass Content Security Policy (CSP) using the Analytics ...

securityaffairs.co

 

---

AMD is going to patch UEFI SMM callout privilege escalation flaw

https://securityaffairs.co/wordpress/105081/security/amd-uefi-smm-flaw.html 

AMD is going to patch UEFI SMM callout privilege escalation flaw--Security Affairs

AMD recently announced that it was preparing patches for an SMM Callout Privilege Escalation vulnerability, tracked as CVE-2020-12890, that affects the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability […]

securityaffairs.co

 

----

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

https://securityaffairs.co/wordpress/105049/malware/icedid-banking-trojan-steganography.html 

A new variant of the IcedID banking Trojan spreads using COVID-19 lures--Security Affairs

A new version of the IcedID banking trojan was employed in COVID-19 themed attacks, the new variant uses steganography to infect victims and implements anti-detection capabilities. Researchers at Juniper Threat Labs have spotted […]

securityaffairs.co

 

---

New Shlayer Mac malware spreads via poisoned search engine results

https://securityaffairs.co/wordpress/105028/malware/shlayer-mac-malware-search-engines.html 

New Shlayer Mac malware spreads via poisoned search engine results--Security Affairs

Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk […]

securityaffairs.co

 

---

New Ransom X Ransomware used in Texas TxDOT cyberattack

https://www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/ 

New Ransom X Ransomware used in Texas TxDOT cyberattack

A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. May 2020 was not a good month for Texas as both the ...

www.bleepingcomputer.com

 

---

Hackers hide credit card stealing script in favicon metadata

https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/ 

Hackers hide credit card stealing scripts in favicon EXIF data

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a ...

www.bleepingcomputer.com

 

---

New WastedLocker Ransomware distributed via fake program updates

https://www.bleepingcomputer.com/news/security/new-wastedlocker-ransomware-distributed-via-fake-program-updates/ 

New WastedLocker Ransomware distributed via fake program updates

New WastedLocker Ransomware distributed via fake program updates. Fxmsp hackers made $1.5M selling access to corporate networks. Microsoft Defender ATP can now protect Linux, Android devices

www.bleepingcomputer.com

 

---

Ryuk ransomware deployed two weeks after Trickbot infection

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-deployed-two-weeks-after-trickbot-infection/ 

Ryuk ransomware deployed two weeks after Trickbot infection

Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before ...

www.bleepingcomputer.com

 

---

Frost & Sullivan databases available for sale on a hacker forum

https://securityaffairs.co/wordpress/105159/data-breach/frost-sullivan-data-breach.html 

Frost & Sullivan databases available for sale on a hacker forum--Security Affairs

U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum.. Frost & Sullivan is a business consulting firm involved in market research and analysis ...

securityaffairs.co

 

---

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

https://securityaffairs.co/wordpress/105043/deep-web/indonesian-covid-19-patients-leak.html 

230k+ Indonesian COVID-19 patients' records for sale in the Darkweb--Security Affairs

As part of a regular Deepweb and Darkweb monitoring activity, researchers at threat intelligence firm Cyble identified a credible threat actor who was selling the database of COVID-19 patients of Indonesia. The threat actor is offering around […]

securityaffairs.co

 

---

New Zealand freezes assets of Russian cyber criminal Alexander Vinnik

https://securityaffairs.co/wordpress/105099/breaking-news/new-zealand-police-russian-cyber-criminal.html 

New Zealand freezes assets of Russian cyber criminal Alexander Vinnik--Security Affairs

New Zealand police announced that they had frozen NZ$140 million (US$90 million) in assets linked to the Russian nation Alexander Vinnik.. Alexander Vinnik is currently in France to face a charge of money laundering for organised crime using crypto-currency.

securityaffairs.co

 

---

Police arrested 32 people while investigating underground economy forum

https://securityaffairs.co/wordpress/105243/cyber-crime/polize-investigates-underground-economy-forum.html 

Police arrested 32 people while investigating underground economy forum--Security Affairs

According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “crimenetwork.co” illegal underground economy forum. The operation involved […]

securityaffairs.co

 

---

Washington Man Sentenced for Role in Developing “Mirai” Successor Botnets

https://www.justice.gov/usao-ak/pr/washington-man-sentenced-role-developing-mirai-successor-botnets 

Washington Man Sentenced for Role in Developing “Mirai” Successor Botnets | USAO-AK | Department of Justice

Anchorage, Alaska – U.S. Attorney Bryan Schroder announced that a Washington man has been sentenced to federal prison for his role in a long-running scheme in which he and his criminal associates developed distributed denial-of-service (DDoS) botnets.

www.justice.gov

 

---

WikiLeaks Founder Charged in Superseding Indictment

https://www.justice.gov/opa/pr/wikileaks-founder-charged-superseding-indictment 

WikiLeaks Founder Charged in Superseding Indictment | OPA | Department of Justice

A federal grand jury returned a second superseding indictment today charging Julian P. Assange, the founder of WikiLeaks, with offenses that relate to Assange’s alleged role in one of the largest compromises of classified information in the history of the United States.

www.justice.gov

 

---

Nigerian Businessman Pleads Guilty to $11 Million Fraud Scheme

https://www.justice.gov/usao-edva/pr/nigerian-businessman-pleads-guilty-11-million-fraud-scheme 

Nigerian Businessman Pleads Guilty to $11 Million Fraud Scheme | USAO-EDVA | Department of Justice

A Nigerian entrepreneur who operated a group of companies known as the Invictus Group pleaded guilty today to a computer based intrusion fraud scheme that caused $11 million in losses to his victims.

www.justice.gov

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.