Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

OSINT News - October 21, by Bart Otten

Community Manager COEST Community Manager
Community Manager
0 0 116

Winnti Group was planning a devastating supply-chain attack against Asian manufacturerSecurity Affairs

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile ...

securityaffairs.co

Chinese-speaking cybercrime gang Rocke changes tactics

https://securityaffairs.co/wordpress/92553/cyber-crime/rocke-group-changes-ttps.html 

Chinese-speaking cybercrime gang Rocke changes tacticsSecurity Affairs

The group also improved its LSD dropper by adding the malicious code to exploit CVE-2016-3088 in ActiveMQ servers.. In order to ensure that only its miner is running on the infected machine, the group attempt to kill any other processes with high CPU usage.

securityaffairs.co

 

The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History

https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/ 

Inside Olympic Destroyer, the Most Deceptive Hack in History - wired.com

Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang's vast ...

www.wired.com

 

Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT

https://unit42.paloaltonetworks.com/blackremote-money-money-money-a-swedish-actor-peddles-an-expensive-new-rat/ 

Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT - unit42.paloaltonetworks.com

While researching prevalent commodity Remote Access Tools (RATs), Unit 42 researchers discovered a new, undocumented RAT in September, which had more than 30 samples observed in more than 2,000 attack sessions within the first month it was sold. In this report, we document the RAT manager/builder, client malware, and profile the Swedish actor behind this together with his promotion and sale of ...

unit42.paloaltonetworks.com

 

Attackers Hide Backdoors and Cryptominers in WAV Audio Files

https://www.bleepingcomputer.com/news/security/attackers-hide-backdoors-and-cryptominers-in-wav-audio-files/

Attackers Hide Backdoors and Cryptominers in WAV Audio Files - bleepingcomputer.com

Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets' systems as BlackBerry Cylance threat researchers discovered.

www.bleepingcomputer.com

 

Graboid the first-ever Cryptojacking worm that targets Docker Hub

https://securityaffairs.co/wordpress/92586/malware/graboid-targets-docker-hub.html 

Graboid the first-ever Cryptojacking worm that targets Docker HubSecurity Affairs

Security experts at Palo Alto Networks discovered a worm dubbed Graboid that spreads using Docker containers.. Palo Alto Networks researchers discovered a new Monero miner with wormable capabilities, dubbed Graboid, that spreads using Docker containers.. Experts discovered that to target new systems, the Graboid worm periodically queries the C&C for vulnerable hosts, in this way the malicious ...

securityaffairs.co

 

Trojanized Tor Browser targets shoppers of Darknet black marketplaces

https://securityaffairs.co/wordpress/92659/deep-web/trojanized-tor-browser.html 

Trojanized Tor Browser targets shoppers of Darknet black marketplacesSecurity Affairs

A tainted version of the Tor Browser is targeting dark web market shoppers to steal their cryptocurrency and gather information on their browsing activity. A Trojanized version of the Tor Browser is targeting shoppers of black marketplaces in the dark web, threat actors aim to steal their ...

securityaffairs.co

 

Cryptocurrency miners infected more than 50% of the European airport workstations

https://securityaffairs.co/wordpress/92616/cyber-crime/european-airport-workstations-miner.html 

Cryptocurrency miners infected more than 50% of the European airport workstationsSecurity Affairs

Security experts at Cyberbit have uncovered a crypto mining campaign that infected more than 50% of the European airport workstations. European airport systems were infected with a Monero cryptocurrency miner that was linked to the Anti-CoinMiner campaign discovered this summer by Zscaler ...

securityaffairs.co

 

Approaching the Reverse Engineering of a RFID/NFC Vending Machine

https://securityaffairs.co/wordpress/92537/hacking/vending-machine-hacking.html 

Approaching the Reverse Engineering of a RFID/NFC Vending MachineSecurity Affairs

About the author: Pasquale Fiorillo. I’m a Security Auditor of ISGroup and an independent Security Researcher. As Security Auditor, my job is to perform security activities like Penetration Test and Vulnerability Assessment on networks and web applications in order to identify security issues that may be exploited by an attacker to perform malicious actions on your assets.

securityaffairs.co

 

Imperva explains how hackers stole AWS API Key and accessed to customer data

https://securityaffairs.co/wordpress/92484/data-breach/imperva-data-breach-2.html 

Imperva explains how hackers stole AWS API Key and customer dataSecurity Affairs

Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers.. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.. Incapsula, is a CDN service designed to protect ...

securityaffairs.co

 

Newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus

https://www.spamhaus.org/news/article/789/spamhaus-botnet-threat-update-q3-2019 

International operation dismantled largest Dark Web Child abuse site

https://securityaffairs.co/wordpress/92597/cyber-crime/dark-web-child-abuse-site-seized.html 

International operation dismantled largest Dark Web Child abuse siteSecurity Affairs

The United States Department of Justice announced the arrest of hundreds of criminals as part of a global operation against a dark web child abuse community. The US Department of Justice announced the arrest of hundreds of criminals as part of a global operation conducted against the crime community 

securityaffairs.co

 

Tamper protection now generally available for Microsoft Defender ATP customers

https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-now-generally-available-for-Microsoft-Defender/ba-p/911482 

Tamper protection now generally available for Microsoft Defender ATP customers - Microsoft Tech Community - 911482

Attackers relentlessly up their game in bypassing security, either by using evasive techniques or, in the case of sophisticated threats like the fileless campaign Nodersok or the banking Trojan Trickbot, by attempting to disable Windows Defender Antivirus. Attackers go after real-time protection settings like OnAccessProtection policies, try to stop the Windows Defender Antivirus service, or ...

techcommunity.microsoft.com

 

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

https://securityaffairs.co/wordpress/92641/cyber-crime/pitney-bowes-ryuk-ransomware.html 

Pitney Bowes said that its systems were infected with Ryuk RansomwareSecurity Affairs

The global shipping and mailing services company Pitney Bowes revealed that the recent partial outage was caused by the Ryuk ransomware. The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping ...

securityaffairs.co

 

M6 Group, largest France private multimedia group, hit by ransomware attack

https://securityaffairs.co/wordpress/92575/hacking/m6-group-ransomware-attack.html 

M6 Group, largest France private multimedia group, hit by ransomware attack - securityaffairs.co

M6, one of France’s biggest TV channels, hit by ransomware. Unlike The Weather Channel earlier this year, M6 remained on the air. The M6 Group, the largest France private multimedia group, was the victim of ransomware over the weekend.

securityaffairs.co

 

Alabama Hospital chain paid ransom to resume operations after ransomware attack

https://securityaffairs.co/wordpress/92450/cyber-crime/alabama-hospital-ransomware.html 

Alabama Hospital chain paid ransom to resume operations after ransomware attackSecurity Affairs

An Alabama hospital chain announced to have restored normal operation after paying the ransom request by crooks that infected its systems with ransomware. A hospital chain in west Alabama was recently hit by a ransomware attack that paralyzed its systems. The organization opted out to pay the ransom ...

securityaffairs.co

 

Click2Mail suffered a data breach that potentially impacts 200,000 registrants

https://securityaffairs.co/wordpress/92529/data-breach/click2mail-data-breach.html 

Click2Mail suffered a data breach that potentially impacts 200,000 registrants - securityaffairs.co

The company hired a cyber-security firm to help its staff in investigating the incident.. Lee Garvey, President and CEO of Click2Mail confirmed that the company is going to notify the incident to its 200,000 Click2Mail.com registrants.

securityaffairs.co

 

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

https://securityaffairs.co/wordpress/92633/hacking/cve-2019-2215-zero-day-exploit.html 

Researcher released PoC exploit code for CVE-2019-2215 Android flawSecurity Affairs

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android. According to ...

securityaffairs.co

 

Critical and high-severity flaws addressed in Cisco Aironet APs

https://securityaffairs.co/wordpress/92610/hacking/cisco-aironet-aps-flaws.html 

Critical and high-severity flaws addressed in Cisco Aironet APsSecurity Affairs

A critical flaw in Aironet access points (APs) can be exploited by a remote attacker to gain unauthorized access to vulnerable devices. Cisco disclosed a critical vulnerability in Aironet access points (APs), tracked as CVE-2019-15260, that can be exploited by a remote, unauthenticated attacker to gain unauthorized access to vulnerable devices with elevated privileges.

securityaffairs.co

 

Talos experts found 11 flaws in Schneider Electric Modicon Controllers

https://securityaffairs.co/wordpress/92456/hacking/schneider-electric-modicon-flaws.html 

Talos experts found 11 flaws in Schneider Electric Modicon ControllersSecurity Affairs

Cisco Talos experts discovered nearly a dozen flaws affecting some of the models of Schneider Electric’s Modicon programmable logic controllers. Talos experts discovered 11 security flaws affecting some models of Schneider Electric’s Modicon programmable logic controllers. Affected models are ...

securityaffairs.co

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.