Weekly Threat Report

03 July – 09 Juny 2020

powered by Silobreaker

 



Data Breaches

Dinosn – Facebook exposed user data to app developers https://t.co/CeYT0eaR1R
Dinosn – Twitter – Jul 02 2020 18:44
Facebook exposed user data to app developers https://www.hackread.com/facebook-exposed-user-data-to-app-developers/
 
NY Employment Nonprofit Client Data Potentially Exposed
DataBreaches.net – Jul 03 2020 00:55
Rick Moriarity reports: A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs. Clients potentially impacted by the breach began receiving letters…
 
Facebook discloses it exposed inactive user data to developers
SiliconANGLE – Jul 03 2020 00:34
Facebook Inc. has revealed that it exposed inactive user data to developers in yet another potential data-sharing scandal for the social media giant. The new incident involves approximately 5,000 app developers having access to user data if the users…
 
Facebook exposed user data to thousands of app developers
HackRead – Jul 02 2020 18:41
By Zara Khan Facebook ‘Privacy Matters’ reveals 5000 app developers accessed user data. This is a post from HackRead.com Read the original post: …
 
Global Dating App Users Exposed in Multiple Security Snafus
Infosecurity – Latest News – Jul 03 2020 08:30
Global Dating App Users Exposed in Multiple Security Snafus Security researchers have discovered five dating apps in the US and East Asia which are leaking millions of customer records thanks to misconfigured cloud databases. A team from …
 
InfosecurityMag – Global Dating App Users Exposed in Multiple Security Snafus https://t.co/Q1SK9CDBYo
InfosecurityMag – Twitter – Jul 03 2020 08:30
Global Dating App Users Exposed in Multiple Security Snafus https://www.infosecurity-magazine.com/news/global-dating-app-users-exposed?utm_source=twitterfeed&utm_medium=twitter
 
cybersecboardrm – LinkedIn was copying every keystroke of users until iOS 14 exposed it #Cybersecurity #security https://t.co/1ZpPfhwN9V
cybersecboardrm – Twitter – Jul 04 2020 04:18
LinkedIn was copying every keystroke of users until iOS 14 exposed it #Cybersecurity #security https://www.hackread.com/linkedin-copying-user-keystrokel-ios-14-exposed-it/
 
LinkedIn was copying every keystroke of users until iOS 14 exposed it
HackRead – Jul 03 2020 20:48
By Deeba Ahmed The Universal Clipboard privacy feature on iPhone’s latest iOS 14… This is a post from HackRead.com Read the original post: …
kfalconspb – RT @kn0wmadic: Patch your F5 shit even if it’s “not exposed.”

DTA, including RFC1918.

kfalconspb – Twitter – Jul 04 2020 06:10
RT @kn0wmadic: Patch your F5 shit even if it’s “not exposed.”

DTA, including RFC1918.

 
Securityblog – University usernames, passwords used on third-party sites exposed, no University data breach https://t.co/kOuqjjsTM6
Securityblog – Twitter – Jul 04 2020 22:31
University usernames, passwords used on third-party sites exposed, no University data breach https://flip.it/r7TD.k
 
UK: Second NHS data leak to be fully investigated
Office of Inadequate Security – Jul 04 2020 11:57
The Orcadian reports: Another data breach at NHS Orkney has led to a confidential health board file being inadvertently sent…
 
VK_Intel – 2020-07-04: #Sekhmet #Ransomware|.msi Package
%Greetings2target%
Extortionist Breach Group
“Your company netwo… https://t.co/Oxd5TVZgsj
VK_Intel – Twitter – Jul 04 2020 20:10
2020-07-04: #Sekhmet #Ransomware|.msi Package
%Greetings2target%
Extortionist Breach Group
“Your company network has been hacked and breached. We downloaded confidential and private data.”
 
gh0std4ncer – RT @xKushagra: Just tested over ~8k BIG-IP exposed TMUI for CVE-2020-5902 and found 5527 still vulnerable! Patch now! https://t.co/jYbnFXCP…
gh0std4ncer – Twitter – Jul 05 2020 17:20
RT @xKushagra: Just tested over ~8k BIG-IP exposed TMUI for CVE-2020-5902 and found 5527 still vulnerable! Patch now! https://twitter.com/xKushagra/status/1279750951113539584/photo/1
 
subTee – RT @bengoerz: @jamesjhare @buffaloverflow TMUI also runs on Self IPs by default. So a lot of orgs accidentally/lazily exposed it when setti…
subTee – Twitter – Jul 05 2020 13:05
RT @bengoerz: @jamesjhare @buffaloverflow TMUI also runs on Self IPs by default. So a lot of orgs accidentally/lazily exposed it when setting up VLANs for their public IPs.
 
ZDNet – V Shred data leak exposes PII, sensitive photos of fitness customers and trainers https://t.co/ntPVsUygeO
ZDNet – Twitter – Jul 05 2020 08:00
V Shred data leak exposes PII, sensitive photos of fitness customers and trainers…
 
ZDNet – V Shred data leak exposes PII, sensitive photos of fitness customers and trainers https://t.co/qFXUJWqT3z
ZDNet – Twitter – Jul 06 2020 05:45
V Shred data leak exposes PII, sensitive photos of fitness customers and trainers…
 
Secnewsbytes – Data Breach: Millions of Dating App Records, Messages, and User Profiles Exposed in Data Leak https://t.co/LoPJIqyK1R
Secnewsbytes – Twitter – Jul 06 2020 07:56
Data Breach: Millions of Dating App Records, Messages, and User Profiles Exposed in Data Leak https://www.wizcase.com/blog/dating-breaches-research/
 
Dinosn – LinkedIn was copying every keystroke of users until iOS 14 exposed it https://t.co/lsWChLwZBj
Dinosn – Twitter – Jul 06 2020 06:45
LinkedIn was copying every keystroke of users until iOS 14 exposed it https://www.hackread.com/linkedin-copying-user-keystrokel-ios-14-exposed-it/
 
Brazil’s Hapvida Discloses Cyber Breach, Potential Client Data Leak
Office of Inadequate Security – Jul 06 2020 20:51
Reuters reports: Brazilian health insurer Hapvida said in a securities filing on Monday it has suffered a cyber attack…
 
Securityblog – Reddit promises to stop accessing user clipboards after being exposed by iOS 14 https://t.co/e3j0ggrL1H
Securityblog – Twitter – Jul 06 2020 20:48
Reddit promises to stop accessing user clipboards after being exposed by iOS 14 https://flip.it/IiWito

 
Exposed dating service databases leak sensitive info on romance-seekers
SC Magazine US – Jul 07 2020 22:44
A series of database misconfigurations publicly exposed the personal information and private messages of more than 100 million dating website and mobile app account holders. Independent VPN review site WizCase has reported finding six separate dating…
 
MongoDB is subject to continual attacks when exposed to the internet
Help Net Security – News – Jul 08 2020 03:30
On average, an exposed Mongo database is breached within 13 hours of being connected to the internet. The fastest breach recorded was carried out 9 minutes after the database was set up, according to Intruder. MongoDB is a general purpose,…
 
Providence Health Plan notifies members after documents exposed by business associate coding error
DataBreaches.net – Jul 07 2020 21:30
June turned out to be a busy month for breach reports involving health/medical data. My worksheet has more than 50 entries and I’m still adding reports as I find them. Today, I found one from Providence Health Plan in Oregon that I thought…
 
BrianHonan – via helpnetsecurity MongoDB is subject to continual attacks when exposed to the internet https://t.co/Kio0IV2KXg
BrianHonan – Twitter – Jul 08 2020 04:37
via helpnetsecurity MongoDB is subject to continual attacks when exposed to the internet https://bit.ly/31UMZiT
 
InfoSecHotSpot – MongoDB is subject to continual attacks when exposed to the internet On average, an exposed Mongo database is breac… https://t.co/QbZ4u5NiIc
InfoSecHotSpot – Twitter – Jul 08 2020 06:28
MongoDB is subject to continual attacks when exposed to the internet On average, an exposed Mongo database is breached within 13 hours of being connected to the internet. The fastest breach recorded was carried out 9 minutes after the database was…
 
CSFI_DCOE – Attacks and Breaches Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets https://t.co/ZXtM4n6ghz
CSFI_DCOE – Twitter – Jul 09 2020 00:01
Attacks and Breaches Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets https://bit.ly/2ZRRwA4
 
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
Dark Reading – All Stories – Jul 08 2020 21:50
Data is fueling account takeover attacks in a big way, Digital Shadows says.
 
Russian Group Called “Cosmic Lynx” Exposed for Massive BEC Operation
TechNadu – Jul 08 2020 11:03
The “Cosmic Lynx” actor has launched over 200 BEC campaigns during the past 12 months. The Russian group of hackers was making more than a million USD from each targeted transaction. The same group is involved with banking trojans, click-fraud apps for…

 

Hacker Groups

Studying an ‘Invisible God’ Hacker: Could You Stop ‘Fxmsp’?
CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 02 2020 15:07
Slogan used to sell remote access credentials stolen by Fxmsp, overlaid on a map of victims’ locations (Source: Group-IB) Could your organization withstand an attack by the master hacking operation known as “Fxmsp,” which promised to help criminals…
 
Rechardsport
Reddit – Darknet – Jul 03 2020 18:02
div class=”md”> How reliable is it? Quality wise? Anyone have any stories? submitted by /u/vandelay1330 [link]…
 
Nexus Zeta – From Suspicious Alerts to Conviction
Check Point – Jul 03 2020 10:00
Two years ago, we shared the interesting story of Nexus Zeta: How a newbie hacker managed to create a monster botnet . The attacker created an impressive attack chain that comprised of several stages, from leveraging a 0-day vulnerability (…
 
Promethium Attacks Surge
CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 03 2020 07:28
“The trojanized setup will install the malware and the legitimate application, which is a good way to disguise its activities. In some cases, it will reconfigure Windows Defender before dropping the malware to prevent detection. This group mainly…
 
Lazarus Operate Again
Coin Shark – Jul 03 2020 12:33
The blockchain expert under the pseudonym Ergo informs that the well-known hacker organization Lazarus sent 2549 coins (more than $23 million) to bitcoin mixers during May. Moving coins At the beginning of this spring, the US government included the…

GroupAnon – You don’t have to be a hacker to be Anonymous, you can create art, spread awareness to important topics, protest, o… https://t.co/NIIwA9dACe
GroupAnon – Twitter – Jul 04 2020 16:10
You don’t have to be a hacker to be Anonymous, you can create art, spread awareness to important topics, protest, organize, do research and grow communities.

We are #Anonymous
We are Legion.

 
YourAnonNews – RT @GroupAnon: You don’t have to be a hacker to be Anonymous, you can create art, spread awareness to important topics, protest, organize,…
YourAnonNews – Twitter – Jul 04 2020 16:10
RT @GroupAnon: You don’t have to be a hacker to be Anonymous, you can create art, spread awareness to important topics, protest, organize, do research and grow communities.

We are #Anonymous
We are Legion.

 
CyberScoopNews – Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools https://t.co/BWshHKTRyL
CyberScoopNews – Twitter – Jul 05 2020 01:40
Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools https://hubs.ly/H0s5PrG0
 
Securityblog – Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet https://t.co/WVs0yHgfpe
Securityblog – Twitter – Jul 04 2020 17:36
Connection discovered between Chinese hacker group APT15 and defense contractor | ZDNet https://flip.it/6c7xPD
 
Researchers link APT15 hackers to Chinese military company
CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 05 2020 13:49
Researchers have linked the APT15 hacking group known for Android spyware apps to a Chinese military company, Xi’an Tian He Defense Technology Co. Ltd. In a new report by Lookout Threat Intelligence, researchers show how four Android…
 
ZDNet – Promethium APT attacks surge, new Trojanized installers uncovered https://t.co/57PcwJi9ke
ZDNet – Twitter – Jul 06 2020 04:00
Promethium APT attacks surge, new Trojanized installers uncovered…
 
vysecurity – OCEANLOTUS uses a lot of dyndns and no-ip… :O
vysecurity – Twitter – Jul 05 2020 18:31
OCEANLOTUS uses a lot of dyndns and no-ip… :O
 
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/42Usvega4G #jakpost #summertaylor
anon_indonesia – Twitter – Jul 06 2020 03:14
The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=d94a0ef0-bf36-11ea-b007-002590a5ba2d #jakpost #summertaylor
 
Lazarus Group Adds Magecart to the Mix
CyberSecurityBoard.com – RSS – Jul 07 2020 02:47
North Korea-based APT is targeting online payments made by American and European shoppers. … …
 
ZDNet – Promethium APT attacks surge, new Trojanized installers uncovered https://t.co/0QBwcEv12q
ZDNet – Twitter – Jul 06 2020 08:15
Promethium APT attacks surge, new Trojanized installers uncovered…
 
ZDNet – Promethium APT attacks surge, new Trojanized installers uncovered https://t.co/UJe81o1qoN
ZDNet – Twitter – Jul 06 2020 12:30
Promethium APT attacks surge, new Trojanized installers uncovered…
 
Hidden Cobra built global exfiltration network for Magecart skimming scheme
SC Magazine US – Jul 06 2020 21:44
Hidden Cobra threat actors are behind a series of attacks aimed at U.S. and European shoppers, using Magecart to skim credit card information from retailers. “Researchers have attributed the activity to HIDDEN COBRA because infrastructure from…
 
“Keeper” Magecart Group Infects 570 Sites
Reddit – BlueTeamSec – RSS – Jul 07 2020 14:33
submitted by /u/digicat [link] [comments]
 
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms
CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 08 2020 01:58
The US Department of Justice has indicted a hacker known as ‘Fxmsp’ for hacking into and selling access to over three hundred organizations worldwide. In an indictment unsealed today, the DOJ is charging a citizen of Kazakhstan named Andrey Turchin,…
 
Hidden Cobra Built Global Exfil Network For MageCart Scheme
SecurityPhresh – Jul 07 2020 15:46
Hidden Cobra Built Global Exfil Network For MageCart Scheme
 
North Korea’s Lazarus Threat Group Connected to Magecart Credit Card Theft
CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 07 2020 19:28
Read the original article: North Korea’s Lazarus Threat Group Connected to Magecart Credit Card Theft Researchers working for the security firm Sansec released a report documenting previously undisclosed evidence that the Advanced Persistent Threat…
 
Magecart Group Hits 570 Websites in Three Years
TSecurity.de – Jul 08 2020 15:41
… http://feedproxy.google.com/~r/Securityweek/~3/dgCHvgiX3Ac/magecart-group-hits-570-websites-three-years
 
Magecart Group 8 skimmed card info from 570+ online shops
Help Net Security – RSS – Jul 08 2020 13:08
Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8) since April 1, 2017. Magecart Group 8’s modus…
 
InfoSecHotSpot – Magecart Group 8 skimmed card info from 570+ online shops Your payment card information got stolen but you don’t kn… https://t.co/6sGjW9JXCT
InfoSecHotSpot – Twitter – Jul 08 2020 16:58
Magecart Group 8 skimmed card info from 570+ online shops Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8)…
 
Cosmic Lynx cyber crime group takes BEC to new heights
ComputerWeekly.com – RSS – Jul 08 2020 10:21

 

Malware

WastedLocker Ransomware Targets US Newspaper Company
BankInfoSecurity – Jul 02 2020 16:14
Symantec: Phishing Emails Offered Fake Software…
 
InfoSecHotSpot – How Do You Get Ransomware? You must have known enough that ransomware has emerged as the most prevalent malicious s… https://t.co/phI4ZCgjXV
InfoSecHotSpot – Twitter – Jul 02 2020 17:28
How Do You Get Ransomware? You must have known enough that ransomware has emerged as the most prevalent malicious software that kidnaps your data, locks your file, and denies access to your computer. All this… The post How Do You Get Ransomware?…
 
JRoosen – RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying t…
JRoosen – Twitter – Jul 03 2020 00:20
RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy. When run, the malicious macro…
 
InfoSecHotSpot – New EvilQuest macOS ransomware is a smokescreen for other threats A new piece of ransomware dubbed EvilQuest is bei… https://t.co/YJ7LHmTdFo
InfoSecHotSpot – Twitter – Jul 02 2020 16:28
New EvilQuest macOS ransomware is a smokescreen for other threats A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned. But the ransomware is also a smokescreen,…
 
Securityblog – RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying t…
Securityblog – Twitter – Jul 03 2020 11:45
RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy. When run, the malicious macro…
 
Cephurs – RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying t…
Cephurs – Twitter – Jul 03 2020 16:03
RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy. When run, the malicious macro…
 
TrickBot malware now checks screen resolution to evade analysis
MalwareTips.com – Jul 03 2020 05:49
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. [….] In a new sample of the TrickBot Trojan discovered by cybersecurity firm…
 
InfoSecHotSpot – How To Remove Ransomware? Are you locked out of your system because of ransomware? Or, you cannot access your impor… https://t.co/TCPPWcYeNn
InfoSecHotSpot – Twitter – Jul 03 2020 12:58
How To Remove Ransomware? Are you locked out of your system because of ransomware? Or, you cannot access your important files or data. Ransomware is a dreading nightmare that can make you lose access… The post How To Remove Ransomware? appeared…

 
How Ekans Ransomware Targets Industrial Control Systems
CUInfoSecurity – Jul 04 2020 16:57
Fraud Management & Cybercrime , Malware as-a-Service , Ransomware Researchers Identified Malware Variants With Advanced Capabilities Akshaya Asokan (asokan_akshaya) • July 4, 2020 Copy of Ekans ransom note (Source: FortiGuard Labs) Researchers with…
 
kfalconspb – @zapata_f1ght3r Well, stuxnet ‘was’ a custom rom…
kfalconspb – Twitter – Jul 04 2020 17:14
@zapata_f1ght3r Well, stuxnet ‘was’ a custom rom…
 
Old Excel Macro Tricks Resurface via the ‘Avaddon’ Ransomware
TechNadu – Jul 04 2020 10:02
Excel 4.0 macros are getting trendy again, as malicious actors realized they are stealthier than newer macros. Although nearly three decades old, XML macros are still working perfectly on the latest versions of MS Excel. The latest actors to exploit…
 
malwrhunterteam – Looking at this man’s bio, I now start to understand why Google Play is allowed to be full of malware…
“You say m… https://t.co/4lDPvvk8GI
malwrhunterteam – Twitter – Jul 04 2020 10:22
Looking at this man’s bio, I now start to understand why Google Play is allowed to be full of malware…
“You say malware developing is bad? You should have been arrested for saying this! Equality for everyone!”
 
New Mac ransomware is even more sinister than it appears
ArsTechnica – Jul 05 2020 15:30
 
FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps
CERT-EU VulnerabilitiesApplications – Jul 06 2020 00:58
Android mobile device users are being targeted in a new SMS phishing campaign that’s spreading the FakeSpy infostealer. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from the…
 
CyberScoopNews – How do you fight off a ransomware attack? https://t.co/OE69W5wD0P
CyberScoopNews – Twitter – Jul 05 2020 13:28
How do you fight off a ransomware attack? https://hubs.ly/H0s5Qmz0
 
thegrugq – @truekonrads This is a good point, the insurance.
You’re right. Ransomware, insurance pays, and the impact of the r… https://t.co/rG4xHOafzi
thegrugq – Twitter – Jul 05 2020 09:28
@truekonrads This is a good point, the insurance.
You’re right. Ransomware, insurance pays, and the impact of the ransomware is resolved and the incident is over.
Extortion, who pays? And how can you trust that payments won’t be demanded forever? Or…
 
schneierblog – ThiefQuest Ransomware for the Mac https://t.co/aYpGHDJl0A
schneierblog – Twitter – Jul 06 2020 12:15
ThiefQuest Ransomware for the Mac https://www.schneier.com/blog/archives/2020/07/thiefquest_rans.html
 
The latest ransomware: Kupidon ransomware
CERT-EU VulnerabilitiesApplications – Jul 06 2020 15:14
The latest ransomware called Kupidon has been discovered by MalwareHunterTeam. The virus targets both personal and corporate networks to steal data from users, through exposed remote desktop servers. The research team identified this ransomware after…
 
Mac ThiefQuest malware may not be ransomware after all
Malwarebytes Labs Blog – Jul 07 2020 17:20
Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The …
 
DMBisson – Security researchers discovered a malware strain called “STRRAT” that shipped with the .CRIMSON ransomware module.… https://t.co/wTmB2bSRfg
DMBisson – Twitter – Jul 07 2020 10:50
Security researchers discovered a malware strain called “STRRAT” that shipped with the .CRIMSON ransomware module. Learn what else happened recently in the world of malware…
 
JRoosen – RT @campuscodi: NEW: SentinelOne has released a free decryptor for the ThiefQuest (EvilQuest) Mac ransomware

https://t.co/QOsnzCBIXb https…

 
JRoosen – Twitter – Jul 07 2020 21:25
RT @campuscodi: NEW: SentinelOne has released a free decryptor for the ThiefQuest (EvilQuest) Mac ransomware

https://www.zdnet.com/article/free-decryptor-available-for-thiefquest-ransomware-victims/…

 
KyleHanslovan – Notable that the main differences between StrongPity2 and StrongPity3 malware is their persistence strategy, migrat… https://t.co/8dzdmV0wS5
KyleHanslovan – Twitter – Jul 08 2020 01:16
Notable that the main differences between StrongPity2 and StrongPity3 malware is their persistence strategy, migration from libcurl to winhttp, and covert store location. #IIABDFI
 
“EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One
SentinelOne – Jul 08 2020 16:01
There has, unsurprisingly, been a great deal of interest in the news that a new macOS threat with ransomware capabilities is on the loose. First brought to the community’s attention by malware researcher …
 
WastedLocker Ransomware Launched Attacks Against U.S. Organizations
Cyware – Jul 08 2020 06:54
Recently, Fox-IT researchers identified a new WastedLocker ransomware variant deployed by the Evil Corp group. Now it has been identified that the some Russian hacker’s group has changed a number of TTPs related to their recent operations. What’s new…
 
Hidden purpose of Mac ‘ransomware’ EvilQuest is data exfiltration, say researchers
SC Magazine US – Jul 09 2020 00:44
Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several analysts now concur that EvilQuest’s malicious encryption may be more of a decoy, while the program’s…
 
Sodinokibi Gang Starts a New Trend Among Ransomware Operators by Launching an Auction Site
Cyware – Jul 08 2020 06:54
The mantra of having a data backup to protect oneself from ransomware attacks has gone for a toss. Today, ransomware gangs have upped their tactics by stealing their victims’ data and in some cases auctioning it off on dark web markets with an intent…

 

Vulnerabilities

InfoSecHotSpot – Microsoft fixes two RCE flaws affecting Windows 10 machines Microsoft has released fixes for two remote code execut… https://t.co/sgRCP7kvjH
InfoSecHotSpot – Twitter – Jul 02 2020 15:58
Microsoft fixes two RCE flaws affecting Windows 10 machines Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws –…
 
NA – CVE-2020-2215 – A cross-site request forgery vulnerability in…
CERT-EU VulnerabilitiesApplications – Jul 02 2020 19:55
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
 
Vulnerability management explained
CERT-EU VulnerabilitiesApplications – Jul 02 2020 13:20
What is vulnerability management? Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network…
 
NA – CVE-2020-5909 – In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and…
CERT-EU VulnerabilitiesApplications – Jul 02 2020 16:55
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. COMPANY. Security-Database help your corporation…
 
Facebook Flaw Allowed Thousands Of Developers To Gather Personal Data
Information Security Buzz – Jul 03 2020 19:21
5,000 developers were mistakenly allowed to gather information from people’s Facebook profiles after a time limit on their rights had expired, according to BBC News. Apps on Facebook are supposed to be prevented from accessing people’s…
 
Multiple Flaws in Apache Guacamole Leave Sour Taste for Corporate Networks
TechNadu – Jul 03 2020 11:03
Check Point warns about an exploit chain leading “full network control” attack against corporate networks. The discovered flaws concern the FreeRDP 2.0.0 and the Apache Guacamole 1.1.0 that is using it. Apache was quick to respond and fix the…
 
US Cyber Command urges F5 customers to patch critical BIG-IP flaw
BleepingComputer.com – Jul 03 2020 17:42
F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). […]
 
bad_packets – If you’re deploying your CVE-2020-2021 or CVE-2020-5902 payload this weekend, feel free to test it against one of our honeypots first.
bad_packets – Twitter – Jul 03 2020 18:06
If you’re deploying your CVE-2020-2021 or CVE-2020-5902 payload this weekend, feel free to test it against one of our honeypots first.

infosecstuff – Cisco SMB routers hit with another major security flaw https://t.co/n5cnAMGEeW #information #security
infosecstuff – Twitter – Jul 04 2020 13:38
Cisco SMB routers hit with another major security flaw https://global.techradar.com/en-za/news/cisco-smb-routers-hit-with-another-major-security-flaw #information #security
 
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
THN : The Hacker News – Jul 04 2020 14:26
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5’s BIG-IP networking devices running application…
 
Those two weird Microsoft Store fixes for Windows security flaws keep getting stranger
AskWoody – RSS – Jul 04 2020 12:50
In my monthly patch roundup, I kvetched about the bizarre (unprecedented?) security patches MS decided to distribute through the Microsoft Store. The approach to distributing the cures for CVE-2020-1425 and CVE-2020-1457 make no sense. The Store may…
 
Securityblog – Cisco SMB routers hit with another major security flaw https://t.co/VONN4GFz8X
Securityblog – Twitter – Jul 04 2020 17:16
Cisco SMB routers hit with another major security flaw https://flip.it/bACGjF
 
Cisco Talos discloses technicals details of Chrome, Firefox flaws
Security Affairs – Jul 05 2020 12:33
Cisco’s Talos experts disclosed the details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers. Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the…
 
Over 1,800 F5 BIG-IP endpoints vulnerable to CVE-2020-5902
CERT-EU VulnerabilitiesApplications – Jul 06 2020 02:59
On Sunday, July 5, 2020, our honeypots detected opportunistic scanning activity originating from a multiple hosts targeting F5 BIG-IP servers vulnerable to CVE-2020-5902 . This critical vulnerability allows unauthenticated remote attackers to execute…
 
US Cyber Command urges F5 customers to patch critical BIG-IP flaw
CERT-EU VulnerabilitiesApplications – Jul 05 2020 12:57
F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). F5 customers using BIG-IP software and hardware…
 
cybersecboardrm – Cisco Talos discloses technicals details of Chrome, Firefox flaws #Cybersecurity #security https://t.co/6pWIwjpu6j
cybersecboardrm – Twitter – Jul 05 2020 16:52
Cisco Talos discloses technicals details of Chrome, Firefox flaws #Cybersecurity #security https://securityaffairs.co/wordpress/105547/security/talos-chrome-firefox-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=talos-chrome-firefox-flaws
 
NA – CVE-2020-10760 – A use-after-free flaw was found in all samba…
CERT-EU VulnerabilitiesApplications – Jul 06 2020 23:05
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. COMPANY. Security-Database help your corporation…
 
NA – CVE-2019-14900 – A flaw was found in Hibernate ORM in versions…
CERT-EU VulnerabilitiesApplications – Jul 06 2020 23:05
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query….
 
CVEnew – CVE-2020-10760 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, be… https://t.co/jgBh4pM9fZ
CVEnew – Twitter – Jul 06 2020 18:45
CVE-2020-10760 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba….
 
CVEnew – CVE-2020-14303 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and be… https://t.co/jgaDYaYxpe
CVEnew – Twitter – Jul 06 2020 18:45
CVE-2020-14303 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash….
 
CVEnew – CVE-2020-15392 A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs du… https://t.co/00QAfqAram
CVEnew – Twitter – Jul 07 2020 14:45
CVE-2020-15392 A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not,…
 
Survey of 127 routers’ vulnerabilities: Remote workers warned over security flaws
SC Magazine UK – Jul 07 2020 16:01
1 hour ago Forty-six makes of router haven’t had a security update in a year leaving employees open to attack Employees working from home could be exposed to hacking attempts following the revelation that many home routers contain hundreds of…
 
CVEnew – CVE-2020-10745 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way i… https://t.co/RB1TFXgFkS
CVEnew – Twitter – Jul 07 2020 14:45
CVE-2020-10745 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use,…
 
Securityblog – RT @threatintelctr: NEW: CVE-2020-10711
A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions b…
Securityblog – Twitter – Jul 07 2020 08:47
RT @threatintelctr: NEW: CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol’… (click for…
 
Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw
Security Affairs – Jul 08 2020 13:37
Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively…
 
securityaffairs – Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw..
https://t.co/OCt0M2xnkM
#securityaffairs #malware
securityaffairs – Twitter – Jul 08 2020 13:46
Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw..
 
securityaffairs – Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw,
https://t.co/OCt0M2xnkM
#securityaffairs #malware
securityaffairs – Twitter – Jul 08 2020 18:52
Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw,
 
securityaffairs – RT @securityaffairs: Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw..
https://t.co/OCt0M2xnkM
#securityaffair…
securityaffairs – Twitter – Jul 08 2020 14:10
RT @securityaffairs: Threat actors found a way to bypass mitigation #F5 BIG-IP CVE-2020-5902 flaw..

Ongoing Campaigns

Security Affairs newsletter Round 271
Security Affairs – Jul 05 2020 13:00
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box….

Android Malware, FakeSpy Spying on Users’ Banking Information Acting as Postal Services
E Hacking News – Jul 07 2020 04:32
A new Android malware, FakeSpy that can potentially steal an individual’s banking details, read contact lists, application, and account information along with other personal data, is seen to be spreading across the globe. Earlier, the Android malware…
 
Purple Fox Malware Targets Fresh Vulnerabilities
Bank Info Security – Jul 07 2020 19:22
Purple Fox Malware Targets More Vulnerabilities Proofpoint Says Gang Upgraded Exploit Kit Ishita Chigilli Palli (Ishita_CP) • July 7, 2020 (Photo: TweTwe via Pixabay/CC) The developers behind the Purple Fox fileless downloader malware recently upgraded…
 
Security Intelligence Blog
Trend Micro – Jul 08 2020 02:00
We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers…
 
Calendar Invitations Used to Launch Phishing Attacks
Cyware – Jul 07 2020 06:54
With every day passing, threat actors are finding more and more innovative ways to deliver phishing emails to end-users. Recently, the Cofense Phishing Defense Center (PDC) spotted crooks using calendar invitations to mount phishing attacks. What…
 
Chinese-state-sponsored hackers spying on ethnic minorities worldwide
IT Security Guru – Jul 07 2020 14:05
Chinese-state sponsored hackers have been using Android spyware tools to target ethnic minority groups particularly Uighurs, Tibetans, and Muslims, across 15 countries which include Malaysia, Turkey, Indonesia and Kazakhstan. First discovered by…

 
 
Copyright (C) 2020 Silobreaker Ltd. All rights reserved.

We will unite all
security professionals
across Switzerland
in the fight against
cybercrime and
information security
threats!

X
X
X
X