Daily NCSC-FI news followup 2019-07-09
Serious Zoom security flaw could let websites hijack Mac cameras
www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed.
Exclusive: The true origins of the Seth Rich conspiracy theory. A Yahoo News investigation.
news.yahoo.com/exclusive-the-true-origins-of-the-seth-rich-conspiracy-a-yahoo-news-investigation-100000831.html In the summer of 2016, Russian intelligence agents secretly planted a fake report claiming that Democratic National Committee staffer Seth Rich was gunned down by a squad of assassins working for Hillary Clinton, giving rise to a notorious conspiracy theory that captivated conservative activists and was later promoted from inside President Trumps White House, a Yahoo News investigation has found.
Bug in Anesthesia Machines Allows Changing Gas Mix Levels
www.bleepingcomputer.com/news/security/bug-in-anesthesia-machines-allows-changing-gas-mix-levels/
ZOOM WILL FIX THE FLAW THAT LET HACKERS HIJACK WEBCAMS
www.wired.com/story/zoom-flaw-web-server-fix/ AFTER INITIALLY SAYING that it wouldn’t issue a full fix for a vulnerability disclosed on Monday, the video conferencing service Zoom has changed course. The company now tells WIRED that it will push a patch on Tuesday night to alter Zoom’s functionality and eliminate the bug. You should update Zoom as soon as the patch is live.
Microsoft Patches A Pair of Zero-Days Under Active Attack
threatpost.com/microsoft-patches-zero-days-active-attack/146349/ The software giant also addressed 15 critical flaws and advised on the recently disclosed Linux Kernel SACK Panic bug.. Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash.. also:
isc.sans.edu/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/
Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach
thehackernews.com/2019/07/marriott-data-breach-gdpr.html
Logitech wireless USB dongles vulnerable to new hijacking flaws
www.zdnet.com/article/logitech-wireless-usb-dongles-vulnerable-to-new-hijacking-flaws/ Vulnerabilities found in Logitech’s proprietary Unifying USB dongle technology.. A security researcher has publicly disclosed new vulnerabilities in the USB dongles (receivers) used by Logitech wireless keyboards, mice, and presentation clickers.. report:
github.com/mame82/misc/blob/master/logitech_vuln_summary.md
Microsoft Releases July 2019 Office Updates With Security Fixes
Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads
US Coast Guard warns about malware designed to disrupt ships’ computer systems
www.zdnet.com/article/us-coast-guard-warns-about-malware-designed-to-disrupt-ships-computer-systems/#ftag=RSSbaffb68 US Coast Guard also shares a list of cybersecurity best practices for commercial vessels.
Security Updates Released for Adobe Bridge, Dreamweaver, and AEM
Trickbot Trojan Gets IcedID Proxy Module to Steal Banking Info
Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial findings and coverage and are redoubling their efforts with new infrastructure. While many actors will slow down once they are discovered, this group appears to be unusually brazen, and will be unlikely to be deterred going forward.
Fake eFax emails are now spreading Dridex Trojan, RMS RAT
www.zdnet.com/article/fake-efax-emails-are-now-spreading-dridex-trojan-rms-rat/ Phishing attachments are dropping a dangerous combination of Trojan and remote access tool.
Anubis Android banking malware returns with extensive financial app hit list
www.zdnet.com/article/anubis-android-banking-malware-returns-with-a-bang/#ftag=RSSbaffb68 Thousands of new samples are targeting 188 banking and finance-related apps.
A deeper dive into the”Silentbruter” malware – Internal folder structures revealed
www.gdatasoftware.com/blog/2019/07/31728-a-deeper-dive-into-thesilentbruter-malware-internal-folder-structures-revealed A malware called “SilentBruter”, which is designed to guess login credentials for online accounts, has caught the attention of one of our analysts. In this blogpost we take a closer look at the Silentbruter-Malware and its rather interesting internal structures.
