Infosec News 20200708
Top News
-
New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
"Expert spotted a new release of the Lampion trojan banker that was launched with fresh improvements in the way the malware loader operated."
TLP1 : Green
-
Ministério da Educação dispensa renovação de matrículas para quase todos. Portal foi alvo de ataque informático
"Plataforma não estava a aguentar fluxo de acessos e a tutela decidiu avançar com a simplificação de processos. Escolas e pais desesperam a tentar inserir dados"
TLP1 : Green
-
Diversas campanhas de phishing em curso em Portugal com o objetivo de exfiltrar detalhes dos cartões de crédito das vítimas
"Desde o dia 6 de julho que foram registadas algumas entradas no 0xSI_f33d – um feed que compila ameaças no ciber-espaço Português – relativas a campanhas de phishing ativas no mesmo servidor de Internet, e com o objetivo de exfiltrar detalhes pessoais das vítimas e também referentes a cartões de crédito."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Cerberus Banking Trojan Unleashed on Google Play
"A malicious Android app has been uncovered on the Google Play app marketplace that is distributing the banking trojan, Cerberus. The app has 10,000 downloads."
TLP1 : Green
-
Sophisticated Russian BEC Group Targets Multinationals
"Security company Agari has unearthed a massive Russian business email compromise (BEC) operation that it says has been operating under the radar for at least a year. The group, nicknamed Cosmic Lynx, targets large multinational companies, the security researchers said"
TLP1 : Green
-
Manufacturing Sector Paid Out 62% of Total Ransomware Payments in 2019
"The manufacturing industry spent more than any other sector last year on ransomware payments, paying out $6.9m, according to a new study by Kivu Consulting. This represents 62% of the total $11m+ of ransoms transferred to cyber-criminals throughout 2019, despite manufacturing only making up 18% of all paid ransom cases."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
"Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)
"A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged. "
TLP1 : Green
-
K45594111: Request is giving % as illegal meta character based on encoded value
"You observe that ASM logs an illegal or blocked violation for a percent % meta character appearing in a request that is URL-encoded."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Ransomware Characteristics and Attack Chains – What you Need to Know about Recent Campaigns
"Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Microsoft Research Develops Invisible Cloud Malware Scanner
"It's all very well having thousands of virtual machines running in the cloud, but how do you scan them for malware? Microsoft Research has developed a system called Project Freta to do just that. It has launched the project as a prototype for public use."
TLP1 : Green
-
SentinelOne released free decryptor for ThiefQuest ransomware
"Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.