OSINT News - October 9

Micro Focus Expert
Micro Focus Expert
0 0 252

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck | WIRED

On Wednesday, researchers from Akamai's DDoS mitigation service Prolexic detailed a 35 gigabit per second attack against one of its clients at the end of August. Compared to the most powerful DDoS ...


WannaCry – the worm that just won’t die – Naked Security

WannaCry won’t die. Well, guess what? Not everyone has patched even now, more than two years later, and WannaCry is not only still alive (and ignoring the kill switch that was designed to stop ...


Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website - TrendLabs Security Intelligence Blog - blog.trendmicro.com

by Luis Magisa. Unlike in the pre-internet era, when trading in the stock or commodities market involved a phone call to a broker — a move which often meant additional fees for would-be traders — the rise of trading apps placed the ability to trade in the hands of ordinary users.


Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads - TrendLabs Security Intelligence Blog

Table 1. List of functions the Command script performs once executed. Aside from the abovementioned functions, the Command script also has a WMI_Killer function, which terminates running processes, and deletes scheduled tasks and services that are associated with cryptocurrency-mining malware families such as:. Mykings


Universities warned to brace for cyberattacks | WeLiveSecurity

The UK's cybersecurity agency NCSC issues a stark warning to universities across the country, urging them to be on their guards against cyberattacks.


Banking Trojan Database Exposed - Millions of Users At Risk - Security Discovery

On July 5th I discovered two (!) open and publicly accessible MongoDB instances which appeared to be part of the GootKit network – one of the most advanced banking Trojans discovered in the wild in the summer of 2014.


Emotet is back: botnet springs back to life with new spam campaign - Malwarebytes Labs | Malwarebytes Labs

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity.


Destructive Ordinypt Malware Hitting Germany in New Spam Campaign - bleepingcomputer.com

Destructive Ordinypt Malware Hitting Germany in New Spam Campaign. The Week in Ransomware - September 13th 2019 - Exploit Kits. 


U.S. taxpayers hit by a phishing campaign delivering the Amadey botSecurity Affairs

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.


Commodity Malware Reborn: Agent Tesla “Total Oil” themed CampaignSecurity Affairs

Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service, many cyber criminals are choosing it as their preferred recognition tool. Introduction. Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”.It is a fully customizable password info-stealer and many cyber ...


Magecart attackers target mobile users of hotel chain booking websitesSecurity Affairs

Trend Micro researchers reported that a Magecart group has hacked the websites of two hotel chains to inject scripts targeting Android and iOS users. Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains. In ...


At least 1,300 Harbor cloud registry installs open to attack

A critical security flaw in Harbor cloud native registry for container images could be exploited to obtain admin privileges on a vulnerable hosting system. Palo Alto Networks’ Unit 42 researcher Aviv Sasson discovered a critical vulnerability in Harbor cloud native registry for container images. The flaw, tracked as CVE-2019-16097, could be ...


Smominru Botnet continues to rapidly spread worldwideSecurity Affairs

Researchers at Guardicore Labs reported that the Smominru botnet is rapidly spreading and now is already infecting over 90,000 machines each month around worldwide.. In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities.


New TortoiseShell Group Hacks 11 IT Providers to Reach Their Customers - bleepingcomputer.com

A newly discovered threat group that security researchers call TortoiseShell is compromising IT providers in what seems to be supply-chain attacks intended to reach the network of specific customers.


TFlower Ransomware - The Latest Attack Targeting Businesses - bleepingcomputer.com

The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services.


Skidmap Linux miner leverages kernel-mode rootkits to evade detectionSecurity Affairs

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection.. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection.. This malware outstands similar miners because of the way it loads malicious kernel modules to evade the ...


Purchases of digitals certificates through executive impersonationSecurity Affairs

Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market.. Researchers at ReversingLabs have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market.The experts discovered that digital certificates are then ...


MobiHok RAT, a new Android malware based on old SpyNote RATSecurity Affairs

A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT.. At the beginning of July 2019, the experts spotted a threat actor dubbed mobeebom that was offering for sale an Android ...


Astaroth Trojan leverages Facebook and YouTube to avoid detectionSecurity Affairs

Cofense experts uncovered a new variant of the Astaroth Trojan that uses Facebook and YouTube in the infection process. Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process.. The attach chain appears to be very complex and starts with phishing messages that come with an .htm file ...


Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

First sightings of the not-so-elusive Panda We first observed this actor in July of 2018 exploiting a WebLogic vulnerability (CVE-2017-10271) to drop a miner that was associated with a campaign called "MassMiner" through the wallet, infrastructure, and post-exploit PowerShell commands used.Panda used massscan to look for a variety of different vulnerable servers and then exploited several ...


Robocalls now flooding US phones with 200m calls per day – Naked Security

This is unlikely to surprise anybody who owns a phone: according to a new report, nearly 30% of all US calls placed in the first half of this year were garbage, as in, nuisance, scam or fraud calls.


Microsoft Phishing Page Sends Stolen Logins Using JavaScript

A new landing page for a Microsoft account phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the attacker.


Phishing Attack Targets The Guardian's Whistleblowing Site

How to Enable Ransomware Protection in Windows 10. Phishing Attack Targets The Guardian's Whistleblowing Site. Windows 10 1903 is Now Having Problems with Network Adapters


Fake SSO Used In Multi-Email Provider Phishing

Luke is a Malware Researcher at Sucuri. He enjoys boosting his desktop computer's performance and credits gaming with building his initial interest into anything computer related.


CWE - 2019 CWE Top 25 Most Dangerous Software Errors

Introduction. The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software.


Microsoft Acquires Semmle, GitHub Now a CVE Numbering Authority - bleepingcomputer.com

Microsoft subsidiary GitHub announced today that it has become a CVE Numbering Authority and that it completed its acquisition of Semmle code-analysis platform.


Most Cyber Attacks Focus on Just Three TCP Ports

Small to mid-sized businesses can keep safe from most cyberattacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in ...


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.