Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

OSINT News - November 18, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 680

The Australian Parliament was hacked earlier this yearSecurity Affairs

The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials.. According to the Australian Broadcasting Corp (ABC), earlier this year hackers penetrated the computer network of Australian Parliament and stole data from the computers of several elected officials.

securityaffairs.co

 

New TA2101 threat actor poses as gov agencies to distribute malwareSecurity Affairs

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. A new threat actor, tracked as TA2101, is using email to impersonate government agencies in the United States, Germany, and Italy to multiple ...

securityaffairs.co

 

TA505 Cybercrime targets system integrator companiesSecurity Affairs

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama ...

securityaffairs.co

 

Experts warn of spike in TCP DDoS reflection attacks targeting major firmsSecurity Affairs

Researchers from Radware reported that massive TCP SYN-ACK DDoS reflection attacks hit Amazon, SoftLayer and telecom infrastructure in the last month. Researchers from Radware are warning of a wave of TCP SYN-ACK DDoS reflection attacks that in the last 30 days hit Amazon, SoftLayer and telecom ...

securityaffairs.co

 

The Platinum APT group adds the Titanium backdoor to its arsenalSecurity Affairs

Kaspersky researchers have found a new advanced backdoor used by the Platinum advanced persistent threat (APT) group in attacks in the wild. Security experts at Kaspersky Lab have spotted a new backdoor, tracked as Titanium, that was used by the Platinum APT group in attacks in the wild, the malicious code implements sophisticated evasion techniques.

securityaffairs.co

 

Australian Govt agency ACSC warns of Emotet and BlueKeep attacksSecurity Affairs

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) warns businesses and netizens of Emotet and BlueKeep attacks in the wild. The ACSC is warning organizations and people of a wave of cyberattacks exploiting the Windows BlueKeep vulnerability to deliver crypto-currency ...

securityaffairs.co

 

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Hunting For LoLBins

We analyzed telemetry provided from Cisco AMP for Endpoints to measure how often LoLBins are abused. The telemetry, sent over a secure channel, contains names of invoked processes and cryptographic checksums of their file images which helps us with tracking file trajectories and building parent-child process relationships that can be used for hunting.

blog.talosintelligence.com

 

Keylogging users via Slack themes - Matt's Blog

This theme is capable of determining when the user types the letter A into an <input type="text"> on slack. When the user does this the CSS will load the background image https://attacker-site/A which can then be logged server side to indicate the user typed the letter A. This was as much of a PoC I needed to demo to slack that it was indeed possible to exfiltrate data provided the user ...

fletchto99.dev

 

Revenge is a Dish Best Served... Obfuscated? - Binary Defense

James QuinnJames Quinn is a SOC Analyst for Binary Defense. When he is not working at Binary Defense, he works as a freelance malware analyst and produces IOCs for the Cryptolaemus Emotet Group.

www.binarydefense.com

 

A Look into the Lazarus Group's Operations in October 2019

https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/analysis.md 

 

Siemens PLC Feature Can Be Exploited for Evil - and ...

A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it. An undocumented access feature in some ...

www.darkreading.com

 

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers. DDoS-for-Hire Services Owner Sentenced to 13 Months in Prison. Google Fixes White Screen Problem in Chrome, Admins Furious

www.bleepingcomputer.com

 

New Threat Actor Impersonates Govt Agencies to Deliver Malware

A new threat actor is using email to impersonate government agencies in the United States, Germany, and Italy to deliver ransomware, backdoors, and banking Trojans through malicious attachments.

www.bleepingcomputer.com

 

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS

Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers.

www.bleepingcomputer.com

 

Microsoft Patch Tuesday updates fix CVE-2019-1429 flawSecurity Affairs

Microsoft’s Patch Tuesday updates for November 2019 address over 70 flaws, including an Internet Explorer issue (CVE-2019-1429) that has been exploited in attacks in the wild. Microsoft’s Patch Tuesday updates for November 2019 address 74 flaws, including an Internet Explorer vulnerability ...

securityaffairs.co

 

[PDF] New JavaScript Skimmer ‘Pipka’ Targeting eCommerce Merchants Identified

https://usa.visa.com/dam/VCOM/global/support-legal/documents/pfd-identifies-new-javascript-skimmer.pdf 

 

Buran ransomware-as-a-service continues to improveSecurity Affairs

The recently discovered ransomware-as-a-service (RaaS) Buran attempts to gain popularity by offering discounted licenses. In May, researchers from McAfee’s Advanced Threat Research Team discovered a new piece of ransomware named ‘Buran.’ Buran is offered as a RaaS model, but unlike other ...

securityaffairs.co

 

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected to various kinds ...

blog.sucuri.net

 

Ransomware attack at Mexico's Pemex halts work, threatens to cripple computers - Reuters

A ransomware attack hit computer servers and halted administrative work on Monday at Mexican state oil firm Pemex, according to employees and internal emails, in hackers' latest bid to wring ...

www.reuters.com

 

Major ASP.NET hosting provider SmarterASP hit by ransomware attackSecurity Affairs

Another day, another victim of a ransomware attack, this time major ASP.NET hosting provider SmarterASP announced it was infected by ransomware. SmarterASP.NET is one of the most popular ASP.NET hosting providers, the company has more than 440,000 customers. SmarterASP announced it was hit yesterday ...

securityaffairs.co

 

ZoneAlarm forum site hack exposed data of thousands of usersSecurity Affairs

This is really an embarrassing incident, ZoneAlarm forum site has suffered a data breach exposing data of its discussion forum users. ZonaAlarm, the popular security software firm owned by Check Point Technologies, has suffered a data breach.According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion forum users.

securityaffairs.co

 

Facebook is secretly using iPhone’s camera as users scroll their feedSecurity Affairs

New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook? The iPhone users Joshua Maddux speculates that Facebook might be actively using your camera without your ...

securityaffairs.co

 

CVE-2019-1378: Exploiting an access control privilege escalation vulnerability in windows 10 update assistant (WUA)

https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua 

 

Experts found privilege escalation issue in Symantec Endpoint ProtectionSecurity Affairs

Symantec addressed a local privilege escalation flaw that affects all Symantec Endpoint Protection client versions prior to 14.2 RU2. Symantec addressed a local privilege escalation flaw, tracked as CVE-2019-12758, that affects all Symantec Endpoint Protection client versions prior to 14.2 RU2. The vulnerability could be exploited by attackers to escalate privileges on target devices and carry ...

securityaffairs.co

 

CVE-2019-3648 flaw in all McAfee AV allows DLL HijackingSecurity Affairs

McAfee a vulnerability in its antivirus software that could allow an attacker to escalate privileges and execute code with SYSTEM privileges. Security experts at SafeBreach have discovered a vulnerability in McAfee antivirus software tracked as CVE-2019-3648 that could allow an attacker with Administrator privileges to escalate privileges and execute code with SYSTEM privileges.

securityaffairs.co

 

Flaws in Qualcomm chips allows stealing private from devicesSecurity Affairs

Security vulnerabilities in Qualcomm allow attackers to steal private data from hundreds of million millions of devices, especially Android smartphones. Security experts from Check Point have discovered security flaws in Qualcomm that could be exploited attackers to steal private data from the so ...

securityaffairs.co

 

A flaw in PMx Driver can give hackers full access to a deviceSecurity Affairs

Eclypsium experts found a vulnerability affecting the popular PMx Driver Intel driver that can give malicious actors deep access to a device. In August, Eclypsium researchers found multiple serious vulnerabilities in more than 40 device drivers from tens of vendors, including AMI, ASRock, ASUS ...

securityaffairs.co

 

New TSX Speculative Attack allows stealing sensitive dataSecurity Affairs

ZombieLoad 2, aka TSX Asynchronous Abort, is a new flaw that affects the latest Intel CPUs that could be exploited to launch TSX Speculative attack. ZombieLoad 2, aka TSX Asynchronous Abort, is a new vulnerability tracked as CVE-2019-11135 that affects the latest Intel CPUs that could be exploited ...

securityaffairs.co

 

Two Massachusetts Men Arrested and Charged with Nationwide Scheme to Steal Social Media Accounts and Cryptocurrency | OPA | Department of Justice

Two Massachusetts men were arrested today and charged in U.S. District Court in Boston with conducting an extensive scheme to take over victims’ social media accounts and steal their cryptocurrency using techniques such as “SIM swapping,” computer hacking and other methods.

www.justice.gov

 

AG Ferguson: Office Depot will pay $900,000 over deceptive virus screening | Washington State

An estimated 14,000 Washingtonians paid for repair services they may not have needed OLYMPIA — Attorney General Bob Ferguson announced today that national office supply retailer Office Depot will pay $900,000 to resolve the attorney general’s investigation into its deceptive computer repair sales practices.

www.atg.wa.gov

 

Utah Company Settles FTC Allegations it Failed to Safeguard Consumer Data | Federal Trade Commission

A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security safeguards, which allowed a hacker to access the personal information of a million consumers.

www.ftc.gov

 

Aleksei Burkov extradited for running online criminal marketplaceSecurity Affairs

Aleksei Burkov is a Russian accused of being involved in more than $20 million in credit-card frauds, has been extradited to the US to face criminal charges. Aleksei Burkov (29) is a Russian man accused of running an online criminal marketplace, called Cardplanet, that helped crooks to organize more ...

securityaffairs.co

 

DDoS-for-Hire Services operator sentenced to 13 months in prisonSecurity Affairs

Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P. Usatyuk, a man that was operating several DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised ...

securityaffairs.co

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.