Está aqui

Infosec News 20210624

Publicado: Qui, 24/06/2021 - 09:49

Top News

John McAfee, cybersecurity pioneer, found dead in Spanish prison

"John McAfee, one of the tech pioneers who made the early Internet a safer place to browse, has died. McAfee was found dead in a jail cell in Barcelona, Spain, where he was awaiting extradition to the United States on tax evasion charges. Spanish officials said the cause of death was suicide. He was 75"

TLP¹ : Green

Microsoft Store is crashing worldwide on Windows 10 PCs

"Windows 10 users are currently experiencing issues with the Microsoft Store, with the app unable to download and install apps and crashing after repeated attempts"

TLP¹ : Green

A COVID-19-Themed Campaign Delivering Agent Tesla

"An unsophisticated campaign has been discovered to be spreading Agent Tesla RAT. It is a phishing campaign that used COVID-19 vaccination schedules as a lure. It focuses on the communications that organizations have with their employees"

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

sLoad Malware Moving to European Targets

"sLoad (aka Starslord loader) is active again and this time it is targeting users in the U.K. and Italy. It has been active since 2018 and had several updates lately. The malware creator is regularly changing the first stage script, while the main module largely remains the same"

TLP¹ : Green

The European Commission proposes a joint security unit to counter “serious cyber incidents”

"The European Commission has announced plans to build a Joint Cyber Unit to help fight large scale cyber-attacks conducted against EU member states"

TLP¹ : Green

Official Python repository used to distribute cryptomining malware

"Security research firm Sonatype, which focuses on software supply chain management security, has identified six different Python packages containing malware on the official Python software repository PyPI. The malicious packages all contained instructions in their setup.py setup files that would download and install cryptomining malware onto systems that install the packages"

TLP¹ : Green

Phishing Campaign Bypasses SEG to Target Office365 Users

"Several attackers have been continuously observed using innovative techniques with phishing attacks to bypass normal standard security applications. Recently, a new campaign has been observed leveraging a combination of several tricks to bypass the Secure Email Gateways (SEG) protection"

TLP¹ : Green

Follow Up: Tulsa Says Ransomware Attackers Shared Personal Information

"Those responsible for a ransomware attack on the city of Tulsa last month are sharing personal information of some residents online, city officials said Wednesday. More than 18,000 city files, mostly police reports and internal police department files, have been posted on the dark web, said Michael Dellinger, Tulsa’s chief information officer."

TLP¹ : Green

Breaches: Data Breaches and Hacks

Iowa eye clinic: 500,000 patient files may have been stolen

"MARSHALLTOWN, Iowa (AP) — The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year"

TLP¹ : Green

Breach of Workforce West Virginia job seeker database reported

"CHARLESTON, W.Va. (WSAZ) - An unauthorized individual accessed the Mid Atlantic Career Consortium Employment Services database, or “MACC” website, Workforce West Virginia announced Tuesday"

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

Trojan.Win32.SecondThought.ak permission

"A vulnerability classified as critical has been found in Trojan.Win32.SecondThought.ak (version unknown). Affected is some unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-275. This is going to have an impact on confidentiality, integrity, and availability"

TLP¹ : Green

Backdoor.Win32.ReverseTrojan.200 Service Port 12000 backdoor

"A vulnerability was found in Backdoor.Win32.ReverseTrojan.200 (Remote Access Software) (the affected version unknown). It has been classified as critical. This affects some unknown processing of the component Service Port 12000. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-912. This is going to have an impact on confidentiality, integrity, and availability"

TLP¹ : Green

VMware Patches Critical Vulnerability in Carbon Black App Control

"VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines."

TLP¹ : Green

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

"A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight."

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

Splunk treats US customers to new security cloud • DEVCLASS

"Data analytics and security vendor Splunk has extended its portfolio by introducing security operations platform Splunk Security Cloud into the mix"

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

CamOver - A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password

"CamOver is a camera exploitation tool that allows to disclosure network camera admin password"

TLP¹ : Green

Relatório da McAfee sobre Ameaças: junho de 2021

"A McAfee divulgou hoje seu Relatório de Ameaças da McAfee: junho de 2021, examinando a atividade cibercriminosa relacionada a malware e a evolução das ameaças cibernéticas no primeiro trimestre de 2021"

TLP¹ : Green

Games, Gaming and Gamers Are a Rapidly Growing Target for Hackers

"Attacks against the video gaming industry and its gamers skyrocketed during the pandemic lockdown year of 2020, with more than 240 million web app attacks (a growth of 340% over the previous year). While the pandemic conditions likely contributed to this growth, researchers believe that attacks will continue, and continue to grow, even after the pandemic is over."

TLP¹ : Green

Average time to fix critical cybersecurity vulnerabilities is 205 days: report

"A new report from WhiteHat Security has found that the average time taken to fix critical cybersecurity vulnerabilities has increased from 197 days in April 2021 to 205 days in May 2021. In its AppSec Stats Flash report, WhiteHat Security researchers found that organizations in the utility sector had the highest exposure window with their application vulnerabilities, spotlighting a problem that made national news last week when it was revealed more than 50,000 water treatment plants across the US had lackluster cybersecurity."

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

Red:Not for disclosure, restricted to participants only.
Amber: Limited disclosure, restricted to participants organizations.
Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp

Análise / Investigações

Campanha Social Engineering

Analise ao Emotet

Campanha Smishing CTT

Campanha de Phishing BBVA

Campanha de phishing/ malware Millennium BCP

Newsletters

Para subscrever ou anular a subscrição da nossa newsletter InfoSec, seleccione a opção e preencha os campos abaixo.