Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

OSINT News - November 25, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 112

The lazarus’ gaze to the world: what is behind the second stone ?

https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-second-stone/ 

 

Exploit kits: fall 2019 review - Malwarebytes Labs

With even more exploit kits in town, the drive-by download landscape shows continued activity in fall 2019.

blog.malwarebytes.com

 

Ransomware Revival: Troldesh becomes a leader by the number of attacksSecurity Affairs

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019, detected and analyzed by Group ...

securityaffairs.co

 

DePriMon downloader uses a never seen installation technique - Security AffairsSecurity Affairs

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild.. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware.. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011.

securityaffairs.co

 

Customer Guidance for the Dopplepaymer Ransomware - Microsoft Security Response Center

There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which the Dopplepaymer malware spreads. Our security research teams have investigated and have found no evidence to support these claims. In our investigations we have found that the malware relies on remote human operators using existing Domain Admin credentials to spread ...

msrc-blog.microsoft.com

 

Mispadu: Advertisement for a discounted Unhappy Meal | WeLiveSecurity

ESET researchers dissect Mispadu, a Latin American banking trojan that utilizes McDonald’s malvertising and extends its attack surface to web browsers.

www.welivesecurity.com

 

Blaze's Security Blog: Monero download site and binaries compromised

Note: this doesn’t mean the official Windows binary was also compromised - it simply means there’s also a compromised Windows binary out there.Only the Monero team can confirm if other binaries (besides the Linux one mentioned in this blog) have been compromised. Detection. If you have a firewall or proxy, whether hardware or software, verify if you had any network traffic or connections to;

bartblaze.blogspot.com

 

How Attackers Could Hijack Your Android Camera to Spy on You

In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing a massive role in this, as users are able to quickly take out their phones and capture any moment in real-time with the simple click of a button.

www.checkmarx.com

 

Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Custom dropper hide and seek

The deobfuscated version of the AutoIT script in Figures 3 and 4 shows that it comes with some anti-VM checks in the beginning. These checks are very typical for AgentTesla campaigns for years, you can often find them in one or the other form in the first stage droppers.

blog.talosintelligence.com

 

Payment solutions giant Edenred announces malware infectionSecurity Affairs

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently ...

securityaffairs.co

 

Roboto, a new P2P botnet targets Linux Webmin serversSecurity Affairs

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs.. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs.. T he experts first spotted the Roboto botnet in August when they detected a suspicious ELF file.

securityaffairs.co

 

CTHoW v2.0 - Cyber Threat Hunting on Windows ...

Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques ...

securityaffairs.co

 

Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws

Two critical security vulnerabilities discovered in Oracle's E-Business Suite (EBS) could allow potential attackers to take full control over a company's entire enterprise resource planning (ERP ...

www.bleepingcomputer.com

 

Alleged Magecart hackers planted a software skimmer into Macy's WebsiteSecurity Affairs

Macy’s has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information. Macy’s has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information.. The malicious software was discovered on October 15, attackers injected it into the ...

securityaffairs.co

 

Crooks use carding bots to check stolen card data ahead of holiday seasonSecurity Affairs

With the advent of this year’s holiday shopping season are cybercriminals are using carding bots to test stolen payment card data before using them. Cybercriminals need to test the validity of the stolen card data before carrying out fraudulent transactions or selling them during the holiday ...

securityaffairs.co

 

Google addressed an XSS flaw in Gmail defining it awesomeSecurity Affairs

Michał Bentkowski, Chief Security Researcher from security frim Securitum, found an XSS vulnerability in Gmail and responsibly disclosed it this week after Google has addressed it. The flaw, described by Google IT staff as an awesome XSS issue, resides in the AMP4Email feature rolled out in ...

securityaffairs.co

 

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes

In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes ...

www.bleepingcomputer.com

 

New RIPlace Bypass Evades Windows 10, AV Ransomware Protection

A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.

www.bleepingcomputer.com

 

Ransomware Gangs Adopt APT Tactics in Targeted Attacks

Ransomware operators are moving away from mass volume attacks and partnering with specialists who use APT techniques to provide stealthy infiltration and network-wide encryption capabilities.

www.bleepingcomputer.com

 

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.. A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history.

www.dataviper.io

 

T-Mobile discloses data breach affecting prepaid wireless customersSecurity Affairs

Bad news for T-Mobile prepaid customer, the US-based telecom giant T-Mobile today disclosed a new data breach incident. The US branch of the telecommunications giant T-Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The ...

securityaffairs.co

 

Gekko Group exposes hotels and travelers data in massive data leakSecurity Affairs

Security experts from vpnMentor discovered that Gekko Group, an AccorHotels subsidiary, exposes hotels and travelers in a massive data leak. Gekko Group is a leading European B2B hotel booking platform that also owns smaller hospitality brands, including Teldar Travel & Infinite Hotel.

securityaffairs.co

 

Hackers leak 2TB of Data From Cayman National BankSecurity Affairs

New data leak threatens the world of finance after the Panama Papers, hackers published 2TB of the Cayman National bank’s confidential data. The Cayman Islands are a fiscal paradise that attracts money of questionable origin from all over the world, for this reason, the content of a new data leak ...

securityaffairs.co

 

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal.

www.bleepingcomputer.com

 

French Rouen hospital hit by a ransomware attackSecurity Affairs

The University Hospital Center (CHU) of Rouen was hit by the malware last week, the ransomware had a severe impact on the operations during the weekend. The AFP news agency reported that a ransomware attack on a hospital in Rouen last week caused “very long delays in care.” Medical staff at the ...

securityaffairs.co

 

Ransomware infected systems at state government of LouisianaSecurity Affairs

Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development.

securityaffairs.co

 

Russian Hacker Who Used NeverQuest Malware To Steal Money From Victims’ Bank Accounts Sentenced In Manhattan Federal Court To Four Years In Prison | USAO-SDNY | Department of Justice

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, announced that STANISLAV VITALIYEVICH LISOV, a/k/a “Black,” a/k/a “Blackf” (“LISOV”), was sentenced to 48 months in prison today for conspiring to deploy and use a type of malicious software known as NeverQuest to infect the computers of unwitting victims, steal their login information for online ...

www.justice.gov

 

Akron man sentenced to six years in prison for launching denial of service attacks that shut down web sites for the city of Akron and the Akron Police Department | USAO-NDOH | Department of Justice

An Akron man was sentenced to six years in prison for launching denial of service attacks that shut down web sites for the city of Akron and the Akron Police Department.

www.justice.gov

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.