InfoSec News 20190702
Top News
-
Facebook Removes Accounts Used to Infect Thousands With Malware
"A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links."
TLP1 : Green
-
Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps
"As mobile ad spending increases year by year — the projected mobile ad spend for U.S. advertisers in 2019 is estimated to exceed US$16 billion — cybercriminals will continue to try to illicitly profit via adware that have increasingly insidious tricks. As proof to this point, we recently observed an active adware campaign (detected by Trend Micro as AndroidOS_HiddenAd.HRXAA and AndroidOS_HiddenAd.GCLA) concealed in 182 free-to-download game and camera apps, majority of which were found on the Google Play Store and collectively had millions of downloads. The adware behind the campaign is capable of hiding the malicious app’s icon, showing full-screen ads that can’t be immediately closed or exited, and evading sandbox detection."
TLP1 : Green
-
July Android Security Update Fixes Four Critical RCE Flaws
"In total, Google patched 33 security vulnerabilities in the Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components, all of them addressed in the 2019-07-01 and 2019-07-05 security patch levels."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Huge jump in cyber incidents reported by finance sector
"The number of cyber incidents reported by financial services firms increased nearly 12-fold in 2018 from 2017, mainly due to third-party failures, highlighting several key areas that need improvement"
TLP1 : Green
-
Is the Virgin Islands the Latest Municipality Hit by Cyber Crime?
"When a top executive at the Water and Power Authority recently told a Senate committee about a $2.3 million dollar theft pulled off with a phony email, it could be seen as a red flag – a sign of cyber crime coming to the Virgin Islands."
TLP1 : Green
-
IT Pro Arrested After Demonstrating Bug in Kindergarten Software
"Bulgarian authorities arrested an IT professional after he publicly demonstrated a vulnerability affecting software used by kindergartens."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Cloud computing giant PCM hacked
"California-based PCM provides a mixture of solutions including cloud services and hardware, and made over $2bn in revenues in 2018. According to a report by specialist cybersecurity journalist Brian Krebs, the company discovered the breach in mid-May. Sources told him that the attackers stole administrative credentials for Office 365 accounts, and that they were mostly interested in using stolen data to conduct gift card fraud."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Vulnerability in Medtronic insulin pumps allow hacking devices
"Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks."
TLP1 : Green
-
Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability
"Linux Kernel is prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
SOC Second Defense Phase – Understanding the Threat Profiles
"In the first phase of architecturing the SOC, we have seen the basic level understanding of the attacks and necessary steps to breaking the Attack Chain. Let’s move on to the phases of SOC and advanced level of protecting the organization."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
RDP BlueKeep exploit shows why you really, really need to patch
"The ‘wormable’ BlueKeep vulnerability, announced by Microsoft with the release of patches to protect against it, could theoretically be used to run attackers’ code on every one of those machines, without a username and password."
TLP1 : Green
-
PivotSuite - A Network Pivoting Toolkit
"PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client."
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.