OSINT News - June 7, by Bart Otten

Community Manager Community Manager
Community Manager
0 0 110
0 Likes

New LNK attack tied to Higaisa APT discovered

https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/ 

New LNK attack tied to Higaisa APT discovered - Malwarebytes Labs | Malwarebytes Labs

This post was authored by Hossein Jazi and Jérôme Segura. On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa.

blog.malwarebytes.com

 

---

REvil Ransomware Gang Starts Auctioning Victim Data

https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/ 

REvil Ransomware Gang Starts Auctioning Victim Data — Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed ...

krebsonsecurity.com

 

--

North Atlantic Council is warning of malicious cyber activities during COVID-19 pandemic

https://securityaffairs.co/wordpress/104295/cyber-warfare-2/north-atlantic-council-covid-19.html 

North Atlantic Council is warning of malicious cyber activities during COVID-19 pandemic - Security Affairs

A statement published by the North Atlantic Council condemns malicious cyber activities that are targeting critical entities involved in the response against the COVID-19 pandemic. Threat actors are targeting healthcare services, hospitals, and ...

securityaffairs.co

 

---

Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman

https://securityaffairs.co/wordpress/104149/cyber-crime/sodinokibi-published-elexon-files.html 

Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman--Security Affairs

In May Elexon, a middleman in the UK power grid network, was the victim of a cyber attack, its systems have been infected with the Sodinokibi ransomware. The incident impacted only affected the internal IT network, including the company’s email server, and employee laptops

securityaffairs.co

 

---

KingNull leaks DB of Daniel’s Hosting dark web hosting provider

https://securityaffairs.co/wordpress/104109/deep-web/daniels-hosting-data-leak.html 

KingNull leaks DB of Daniel's Hosting dark web hosting provider--Security Affairs

Earlier this year a hacker breached Daniel’s Hosting, the largest free web hosting provider for dark web hidden services and now leaked its DB. The hacker has stolen the data in March when […]

securityaffairs.co

 

---

Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers

https://lab52.io/blog/mustang-panda-recent-activity-dll-sideloading-trojans-with-temporal-c2-servers/ 

---

Apple Pays $100,000 for Bug in ‘Sign In With Apple’ System

https://apple.news/A7Ho0sSnpQNKOjdBMy8FSXA 

Apple Pays $100,000 for Bug in ‘Sign In With Apple’ System — Gizmodo

Apple has paid developer Bhavuk Jain a $100,000 bounty for finding a serious bug in its “Sign in with Apple” login system that could have allowed malicious actors to take over a user’s account on specific websites and apps.

apple.news

 

---

Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution

https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html 

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution

Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines.

blog.talosintelligence.com

 

---

Multi-platform Tycoon Ransomware employed in targeted attacks

https://securityaffairs.co/wordpress/104330/malware/tycoon-ransomware.html 

Multi-platform Tycoon Ransomware employed in targeted attacks - Security Affairs

Experts from BlackBerry Threat Intelligence and KPMG recently discovered a new strain of multi-platform ransomware dubbed Tycoon ransomware. The Tycoon ransomware was used in highly targeted attacks, its operators recently targeted small to medium-sized ...

securityaffairs.co

 

---

New 'Tycoon' Ransomware Strain Targets Windows, Linux

https://www.darkreading.com/vulnerabilities---threats/new-tycoon-ransomware-strain-targets-windows-linux/d/d-id/1338006 

New 'Tycoon' Ransomware Strain Targets Windows, Linux

A newly discovered form of Java-based ransomware has been spotted in active and seemingly targeted attacks on education and software companies, researchers from BlackBerry and KPMG report.

www.darkreading.com

 

---

Kupidon is the latest ransomware targeting your data

https://www.bleepingcomputer.com/news/security/kupidon-is-the-latest-ransomware-targeting-your-data/ 

Kupidon is the latest ransomware targeting your data

Kupidon is the latest ransomware targeting your data. Microsoft Teams to queue offline messages until back online. Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

www.bleepingcomputer.com

 

---

Malware Campaign Hides in Resumes and Medical Leave Forms

https://www.darkreading.com/vulnerabilities---threats/malware-campaign-hides-in-resumes-and-medical-leave-forms/d/d-id/1338002 

Malware Campaign Hides in Resumes and Medical Leave ...

The campaigns have been part of the overall increase in coronavirus-related malware activity. Criminals are using resumes to hide malicious payloads in a business climate that has seen hundreds of ...

www.darkreading.com

 

---

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/ 

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

www.bleepingcomputer.com

 

---

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights

https://www.securityweek.com/critical-vulnerability-could-have-allowed-hackers-disrupt-traffic-lights 

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights | SecurityWeek.Com

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights. SWARCO is an Austria-based company that specializes in traffic management, traffic safety, road marking and other solutions typically found in smart ...

www.securityweek.com

 

---

British Armed Forces announce launch of Cyber Regiment in major modernisation

https://www.gov.uk/government/news/armed-forces-announce-launch-of-first-cyber-regiment-in-major-modernisation 

Armed Forces announce launch of Cyber Regiment in major modernisation - GOV.UK

The Ministry of Defence has launched 13th Signal Regiment, a dedicated Cyber Regiment, which will protect vital defence networks at home and on operations overseas. The unit was formally stood up ...

www.gov.uk

 

---

India asks internet service providers to block WeTransfer

https://www.reuters.com/article/us-india-ban-wetransfer/india-asks-internet-service-providers-to-block-wetransfer-idUSKBN2381JC 

India asks internet service providers to block WeTransfer - Reuters

India has ordered its internet service providers (ISPs) to block file-sharing website WeTransfer at a time when hundreds of millions of people are working from home because of a nationwide ...

www.reuters.com

 

---

The Unattributable "Lead Hunter" Data Breach

https://www.troyhunt.com/the-unattributable-lead-hunter-data-breach/ 

Troy Hunt: The Unattributable "Lead Hunter" Data Breach

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute.Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my own data, the community quickly attributed to Covve.My hope is that this blog post helps myself and the 69 million ...

www.troyhunt.com

 

---

CPA Canada discloses data breach affecting 329,000 individuals

https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/ 

CPA Canada discloses data breach affecting 329,000 individuals

Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over ...

www.bleepingcomputer.com

 

---

San Francisco retirement program SFERS suffers data breach

https://www.bleepingcomputer.com/news/security/san-francisco-retirement-program-sfers-suffers-data-breach/ 

San Francisco retirement program SFERS suffers data breach

The San Francisco Employees' Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment.

www.bleepingcomputer.com

 

---

Business services giant Conduent hit by Maze Ransomware

https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/ 

Business services giant Conduent hit by Maze Ransomware

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. Conduent is a ...

www.bleepingcomputer.com

 

---

Student loan company that stole millions from consumers leaks sensitive phone calls, SSNs, tax records

https://securityaffairs.co/wordpress/104344/data-breach/studen-loan-company-data-leak.html 

Student loan company that stole millions from consumers leaks sensitive phone calls, SSNs, tax records--Security Affairs

Researchers at Cybernews.com recently discovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 55,000 call recordings between loan support workers and American consumers with outstanding student loans ...

securityaffairs.co

 

---

Man admits to “spoof” email fraud scheme and more

https://www.justice.gov/usao-sdtx/pr/man-admits-spoof-email-fraud-scheme-and-more 

Man admits to “spoof” email fraud scheme and more | USAO-SDTX | Department of Justice

HOUSTON – A 64-year-old man has admitted to conspiring to commit money laundering for his role in a complex email fraud scheme, announced U.S. Attorney Ryan K. Patrick.

www.justice.gov

 

---

IT manager sentenced for hacking into and sabotaging his former employer’s computer network

https://www.justice.gov/usao-ndga/pr/it-manager-sentenced-hacking-and-sabotaging-his-former-employer-s-computer-network

IT manager sentenced for hacking into and sabotaging his former employer’s computer network | USAO-NDGA | Department of Justice

Charles E. Taylor has been sentenced to federal prison for hacking his former Atlanta-based employer and sabotaging their internal communications network, causing more than $800,000 in damage.

www.justice.gov

 

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.