Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

OSINT News - November 11, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 94

Analysis of the sample that hit the Kudankulam Nuclear Power PlantSecurity Affairs

Expert Marco Ramilli and his team analyzed the sample that infected systems at the Kudankulam Nuclear Power Plant, it is a targeted attack. During the past few days a cyber attack hit Kudankulam Nuclear Power Plant: the largest nuclear power plant located in the Indian state of Tamil Nadu.The news was announced on Monday, October 28 by the Indian strategic infrastructure.


Titanium: the Platinum group strikes again | Securelist

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives).


The lazarus’ gaze to the world: what is behind the first stone ?


The new CVE-2019-0708 RDP exploit attacks, explained - Microsoft Security

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing ...


Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers

We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product. We immediately started investigating the situation and found that this was the result of a malicious insider threat. The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.


Hackers can steal the contents of Horde webmail inboxes with one click – TechCrunch

A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. Horde is ...


Two unpatched RCE flaws in rConfig software expose servers to hackSecurity Affairs

The popular rConfig network configuration management utility is affected by two critical remote code execution flaws that have yet to be patched. rConfig is a completely open-source, network configuration management utility used to validate and manage network devices, including switches, routers ...


Microsoft: Defender ATP is coming to Linux in 2020 | ZDNet

Microsoft is planning to bring its Defender antivirus to Linux systems next year and will be giving a demo of how security specialists can use Microsoft Defender at the Ignite Conference this week.


CobaltStrike - beacon.dll : Your No Ordinary MZ Header



Italian police shut down darkweb Berlusconi market and arrested adminsSecurity Affairs

Italian law enforcement shut down the ‘Berlusconi market’ black market and arrested three suspected of being its administrators. Italian financial police “Guardia di Finanza” shut down the ‘Berlusconi market’ black market hosted on the Tor network and arrested three administrators.. The site was managed by two individuals that go online with nicknames of “ VladimirPutin ” with ...


Capesand is a new Exploit Kit that appeared in the threat landscapeSecurity Affairs

A recently discovered exploit kit dubbed Capesand is being involved in live attacks despite the fact that it’s still under development. Experts pointed out that the code of the Capesand exploit kit is quite simple compared with other exploit kits. Capesand attempts to exploit recent ...


Specially Crafted ZIP archives allow bypassing secure email gatewaysSecurity Affairs

Experts observed a new phishing campaign that used a specially crafted ZIP archive that was designed to bypass secure email gateways to distribute malware. Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially ...


Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware

Clever WebEx Spam Use Cisco Redirect to Deliver RAT Malware. Bugcrowd Paid Over $500K in Bug Bounties in One Week. Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now


A flaw in the Libarchive library impacts major Linux distrosSecurity Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code.. The libarchive library is a multi-format archive and compression library that implements a single interface for ...


QSnatch malware already infected thousands of QNAP NAS devicesSecurity Affairs

Security experts warn of a new piece of malware dubbed QSnatch that already infected thousands of QNAP NAS devices worldwide. A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. The name comes after the target vendor and the ...


Ocala City in Florida lost $742,000 following BEC attackSecurity Affairs

Business email compromise scam (BEC) continues to target organizations worldwide, crooks stole $742,000 from Ocala City in Florida. The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control.. Attackers’ emails posed as an employee of a construction ...


DNA-testing startup Veritas Genetics disclosed a security breachSecurity Affairs

DNA-testing startup Veritas Genetics disclosed a security breach that exposed customer information, but genetic information, health records are not affected. Veritas Genetics is a whole genome sequencing company that provides actionable insights for a healthier life and family, it offers whole ...


Facebook discloses a new leak that exposes group members' dataSecurity Affairs

Facebook disclosed a new security incident, the social network giant admitted that app developers may have accessed its group users’ data. Facebook disclosed another security incident, the company revealed that roughly 100 app developers may have improperly accessed users’ data in certain Facebook groups.


Brooklyn Hospital lost patient records after a ransomware infectionSecurity Affairs

Another organization in the healthcare industry was a victim of a Ransomware attack, this time the victim is Brooklyn Hospital. A ransomware attack has infected several computer systems at the Brooklyn Hospital Center in New York, the organization permanently lost patient data. The patient records ...


Ransomware attack impacted government services in territory of NunavutSecurity Affairs

A ransomware attack disrupted IT operations in the territory of Nunavut (Canada), all government services requiring access to electronic data were impacted. A ransomware attack disrupted IT operations in the remote Canadian territory of Nunavut, all government services requiring access to electronic ...


QuikSilver and Billabong Affected by Ransomware Attack

Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all ...


Everis and Spain's radio network Cadena SER hit by ransomwareSecurity Affairs

According to the website bitcoin. es, crooks asked Everis to pay a €750,000 ($835,923) ransom to recover their files.. An anticipated, Cadena SER, the largest radio station network in Spain, was also infected with an unknown piece of ransomware.


Anonymous and LulzSecITA hacked professional orders and telephone operator Lyca MobileSecurity Affairs

The #FifthOfNovember has arrived, the Italian branch of Anonymous and LulzSecITA hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile.. The Million Mask March, also known as “Operation Vendetta” is a worldwide, annual protest associated with the hacktivist group Anonymous occurring annually on Guy Fawkes Day, the 5th of November.


Threat Hunter Playbook ⚔ + Mordor Datasets 📜 + BinderHub 🌎 = Open Infrastructure 🏗 for Open Hunts

It has been almost three years since I started documenting detections publicly, and I always wondered “How could I share detections in a more practical and interactive way so that anyone in the…


Pwn2Own Tokyo 2019 hacking contest - Day 2Security Affairs

Pwn2Own Tokyo 2019 -Day2: Experts earned a total of $120,000 for finding exploits against Samsung Galaxy S10 and Xiaomi Mi9 phones and TP-Link AC1750 routers. On the second day of the Pwn2Own Tokyo 2019 hacking contest, white hat hackers received a total of $120,000 for finding exploits against ...


Ring Video Doorbell Pro Under the Scope – Bitdefender Labs

This article – part of a series developed in partnership with PCMag – aims to shed some light about the security of world’s best-sellers in the IoT space. PCMag contacted the research team at Bitdefender and asked us to have a look at several popular devices, including the Ring Video Doorbell Pro. More info about this project is available here. ...


'Light commands' attack: hacking Alexa, Siri, and other voice assistants via Laser BeamSecurity Affairs

Experts demonstrated that is possible to hack smart voice assistants like Siri and Alexa using a lasers beam to send them inaudible commands.. Researchers with the University of Michigan and the University of Electro-Communications (Tokyo) have devised a new technique, dubbed “light commands,” to remotely hack Alexa and Siri smart speakers using a laser light beam, the attackers can send ...


Flaws in Able2Extract allow hacking targeted machine with malicious imageSecurity Affairs

Researchers found serious flaws in Investintech’s Able2Extract Professional tool that could be exploited to execute arbitrary code using specially crafted image files.. The Able2Extract Professional has over 250,000 licensed users across 135 countries, it allows them to view, convert and edit PDF files.


Amazon Kindle, Embedded Devices Open to Code-Execution

Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component.



The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.