OSINT News - March 23, by Bart Otten

Micro Focus Expert
Micro Focus Expert
0 0 76
0 Likes

Vicious Panda: The COVID Campaign

https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/ 

Vicious Panda: The COVID Campaign - Check Point Research

Vicious Panda: The COVID Campaign March 12, 2020 Introduction. Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.. A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous ...

research.checkpoint.com

 

---

Probing Pawn Storm Cyberespionage Campaign Through Scanning, Credential Phishing and More

https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/probing-pawn-storm-cyberespionage-campaign-through-scanning-credential-phishing-and-more 

Probing Pawn Storm: Cyberespionage Campaign Through Scanning, Credential Phishing and More - Security News - Trend Micro USA

Download Probing Pawn Storm: Cyberespionage Campaign Through Scanning, Credential Phishing and More. By Feike Hacquebord (Trend Micro Research). Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies ...

www.trendmicro.com

 

---

New Mirai Variant Targets Zyxel Network-Attached Storage Devices

https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/ 

New Mirai Variant Targets Zyxel Network-Attached Storage Devices

Executive Summary. As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi.. Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control ...

unit42.paloaltonetworks.com

 

---

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

https://securityaffairs.co/wordpress/100019/malware/trickbot-variant-rdp.html 

Experts found a new TrickBot module built for RDP bruteforcing operationsSecurity Affairs

A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously […]

securityaffairs.co

 

---

WHO Chief Impersonated in Phishing to Deliver HawkEye Malware

https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/ 

WHO Chief Impersonated in Phishing to Deliver HawkEye Malware

WHO Chief Impersonated in Phishing to Deliver HawkEye Malware. Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums. Exclusive: Get 37% Off a 1-Year License to Glasswire Basic

www.bleepingcomputer.com

 

---

CERT France – Pysa ransomware is targeting local governments

https://securityaffairs.co/wordpress/99996/malware/cert-france-pysa-ransomware.html 

CERT France - Pysa ransomware is targeting local governmentsSecurity Affairs

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. Operators behind this campaign are spreading a new version of the Mespinoza ransomware (aka […]

securityaffairs.co

 

---

 

Ursnif campaign targets Italy with a new infection Chain

https://securityaffairs.co/wordpress/99823/malware/ursnif-campaign-targets-italy.html 

Ursnif campaign targets Italy with a new infection Chain - Security AffairsSecurity Affairs

Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source […]

securityaffairs.co

 

---

A cyberattack hits the US Department of Health and Human Services

https://securityaffairs.co/wordpress/99744/hacking/us-health-and-human-services.html 

A cyberattack hits the US Department of Health and Human Services - Security AffairsSecurity Affairs

While the Coronavirus is spreading in the U.S., a mysterious cyberattack hit the Department of Health and Human Services on Saturday.. According to Bloomberg, that cited three people familiar with the matter, a cyberattack hit the U.S. Department of Health and Human Services on Saturday night. People cited by Bloomberg confirmed that the cyber attack aimed at slowing the agency’s systems down.

securityaffairs.co

 

---

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/ 

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic. Hackers Hide Malware C2 Communication By Faking News Site Traffic. Google Prioritizes Security Updates After Halting Chrome Releases

www.bleepingcomputer.com

 

---

Windows Event ID 4649 “A replay attack was detected “ — Oh really? Are we under ATTACK? Should we do Incident Response?

https://medium.com/@ivecodoe/windows-event-id-4649-a-replay-attack-was-detected-ab02968d91ee 

---

Infectious disease experts provide evidence for a coronavirus mobile app for instant contact tracing | University of Oxford

A team of medical research and bioethics experts at Oxford University are supporting several European governments to explore the feasibility of a coronavirus mobile app for instant contact tracing. If rapidly and widely deployed, the infectious disease experts believe such an app could significantly help to contain the spread of coronavirus.

www.ox.ac.uk

Magecart Group 8 Adds a New Victim, Blends into NutriBullet.com

Executive Guardian. Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year.

www.riskiq.com

Researchers expose vulnerabilities of password managers - News and events, The University of York

Researchers expose vulnerabilities of password managers . Posted on 16 March 2020. Some commercial password managers may be vulnerable to cyber-attack by fake apps, new research suggests.

www.york.ac.uk

Pwn2Own 2020 - Participants hacked Adobe Reader, Oracle VirtualBox, and WindowsSecurity Affairs

Pwn2Own 2020 Day 2 -Participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits. Day 2 […]

securityaffairs.co

Thousands of Coronavirus-related malicious domains are being created every daySecurity Affairs

The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. Crooks and nation-state actors continue to exploit the interest of potential victims in the Coronavirus outbreak. In recent weeks, we observed that threat actors are creating thousands of coronavirus-themed websites on a daily basis. […]

securityaffairs.co

Trend Micro addresses two issues exploited by hackers in the wildSecurity Affairs

Trend Micro has addressed several serious vulnerabilities in its products, including two flaws that have been exploited in the wild. Trend Micro has released security updates to address several serious flaws in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of vulnerabilities that have been exploited by threat actors in the […]

securityaffairs.co\

Most ransomware attacks take place outside the working hoursSecurity Affairs

Most of the ransomware attacks targeting the enterprises occur outside working hours, during the nighttime or during the weekend. Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours. FireEye compiled the report using data from […]

securityaffairs.co

The parabola of a prolific cyber-criminal known as DtonSecurity Affairs

Check Point researchers detailed the activity of a prolific cyber-criminal known as ‘Dton’ that earned at least $100,000 US from his operations. Over the past few months, experts at Check Point have monitored the activity of a prolific cyber-criminal known as ‘Dton’. The man is active at least since 2013 and already earned at least […]

securityaffairs.co

Attackers use CoronaVirus Ransomware to cover Kpot stealer infectionsSecurity Affairs

Coronavirus-themed attacks continue to increase, experts observed new Coronavirus ransomware that acts as a cover for Kpot Infostealer. Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. In this campaign ...

securityaffairs.co

MonitorMinor, the outstanding stalkerware can track Gmail, WhatsApp ...Security Affairs

Security experts spotted a new stalkerware, dubbed MonitorMinor, that can track Gmail, WhatsApp, Instagram, and Facebook user activity. Security experts from Kaspersky Lab spotted a new stalkerware, dubbed MonitorMinor (Monitor.AndroidOS.MonitorMinor.c), that can track Gmail, WhatsApp, Instagram, and Facebook user activity. Stalkerware is commercial monitoring software or spyware that is used ...

securityaffairs.co

Experts warn of a new strain of ransomware, the PXJ RansomwareSecurity Affairs

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families. While PXJ performs typical ransomware functions, it does […]

securityaffairs.co

A UK-based Security Company Seemed To Have Inadvertently Exposed Its 'Leaks Database' with 5B+ Records - Security Discovery

On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company (at least, SSL certificate and reverse DNS records pointed out to Keepnet Labs ). ). The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported ...

securitydiscovery.com

Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online

vpnMentor’s research team, led by Noam Rotem, recently uncovered a breached database leaking a massive amount of sensitive financial documents online.. Whatever the intended purpose of this database was, over 500,000 highly sensitive and private legal and financial documents were exposed, compromising numerous parties to the risk of fraud and theft.

www.vpnmentor.com

TrueFire Guitar tutoring website was hacked ... .... ....Security Affairs

The online guitar tutoring website TrueFire was compromised by hackers in a classic Magecart style attack that exposed customers’ payment card data. The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data. TrueFire has over 1 million users, its customer could […]

securityaffairs.co

Aerial Direct, the O2's largest UK partner suffered a data breachSecurity Affairs

Hackers have stolen O2 customers’ data from a database run by Aerial Direct, one of the largest UK partners of the telecommunications services provider.. Hackers have stolen the data of O2 customers from a database operated by Aerial Direct, which is O2’s largest direct business partner in the UK and has more than 130,000 customers.

securityaffairs.co

Open Exchange Rates discloses a security breachSecurity Affairs

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. Open Exchange […]

securityaffairs.co

Rogers Data Breach Exposed Customer Info in Unsecured Database

Canadian ISP Rogers Communications has begun to notify customers of a data breach that exposed their personal information due to an unsecured database. In a data breach notification posted to ...

www.bleepingcomputer.com

Operators behind Nefilim Ransomware threaten to release stolen dataSecurity Affairs

Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware.

securityaffairs.co

California man sentenced for hacking an Atlanta-based company | USAO-NDGA | Department of Justice

ATLANTA - Christian William Kight, a/k/a Drillo, has been sentenced for extortion, computer fraud, and wire fraud for hacking into an Atlanta-based computer analytics company and attempting to extort money from the company in exchange for the return of their intellectual property.

www.justice.gov

Dozens charged in Atlanta-based money laundering operation that funneled $30 million in proceeds from computer fraud schemes, romance scams, and retirement account fraud | USAO-NDGA | Department of Justice

Federal agents have arrested twenty-four individuals for their involvement in a large-scale fraud and money laundering operation that targeted citizens, corporations, and financial institutions throughout the United States. Business email compromise schemes, romance fraud scams, and retirement account scams, among other frauds, duped numerous victims into losing more than $30 million.

www.justice.gov

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.