Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air

www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel 2 and 3 but any unpatched phone running one of the two SoCs is vulnerable.

Scanning for Bluekeep vulnerable RDP instances

isc.sans.edu/forums/diary/Scanning+for+Bluekeep+vulnerable+RDP+instances/25206/ If you are a security administrator and want to find the BlueKeep vulnerable systems on your network, how would you go about it? For the Bluekeep vulnerability it is relatively easy. With access to a *nix box with the high speed scanner masscan and the rdpscan tool installed along with their dependencies, it is a very easy bash script.

E3 Website Leaks Private Addresses for Thousands of Journalists

threatpost.com/e3-website-leaks-private-addresses-for-thousands-of-journalists/146965/ Personal data of 2,000 journalists was found publicly accessible on a spreadsheet on the website for popular trade show E3.

ECh0raix Ransomware Decryptor Restores QNAP Files For Free

www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/ A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been released that allows victims to recover encrypted files on their QNAP NAS devices.. eCh0raix is a ransomware that has been targeting QNAP NAS devices since June 2018 by brute forcing passwords and exploiting vulnerabilities in order to get access to the device.

Microsoft sets up isolated environment for bug hunters to test attacks against Azure

www.helpnetsecurity.com/2019/08/06/microsoft-azure-test-attacks/ Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, but has also created an isolated testing environment that will allow researchers to try to exploit them.

Code-Signed malware: What’s all the buzz about? Looking at the “Ryuk” ransomware as an example

www.gdatasoftware.com/blog/2019/08/35046-whats-all-the-buzz-about-looking-at-the-ryuk-ransomware-as-an-example Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has happened.

The Pwnie Awards 2019 nominations

pwnies.com/nominations-2019/

The Evolution of Aggah: From Roma225 to the RG Campaign

blog.yoroi.company/research/the-evolution-of-aggah-from-roma225-to-the-rg-campaign/ Few months ago we started observing a cyber operation aiming to attack private companies in various business sectors, from automotive to luxury, education, and media/marketing. . The attacks are characterized by the usage of a Remote Access Trojan named RevengeRat, suggesting a possible, still unconfirmed and under investigation, connection with the Gorgon Group, a known mercenary APT group who ran cyber-espionage operations and who were involved in criminal activities too.

The Burden of Spoof: The Ongoing Investigation of Walmartcareers[.]us

blog.domaintools.com/2019/08/the-burden-of-spoof-the-ongoing-investigation-of-walmartcareers-us/ 15 days ago, our phishing detection solution PhishEye picked up multiple domains spoofing the term Walmart. The one that caught my eye was walmartcareers[.]us. When I decided to export the results from the July 25, 2019 PhishEye report, into Iris the investigation BLEW UP.. So, in this blog post, I would like to share the current status of the investigation, as well as next steps in my research methodology. My intention is to use this blog post as a one-stop-shop (so to speak) for any developments or updates in the coming months.

StockX was hacked, exposing millions of customers data

techcrunch.com/2019/08/03/stockx-hacked-millions-records/ The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing system updates, but left users confused and scrambling for answers. StockX told users that the email was legitimate and not a phishing email as some had suspected, but did not say what caused the alleged system update or why there was no prior warning.. An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.. In a dark web listing, the seller put the data for sale for $300. One person at the time of writing already bought the data.

Americas DIY Phone Farmers

www.vice.com/en_us/article/d3naek/how-to-make-a-phone-farm Ordinary Americans are using armies of phones to generate cash to buy food, diapers, and beer through ad fraud.

Zero-Day Bug in KDE 4/5 Executes Commands by Opening a Folder

www.bleepingcomputer.com/news/security/zero-day-bug-in-kde-4-5-executes-commands-by-opening-a-folder/ An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder.

Fortinet Reports Increased YoY Threat Activity for Q2 2019

www.fortinet.com/blog/threat-research/fortinet-q2-2019-threat-landscape-report.html Fortinet has just released its Threat Landscape Report for Q2 of 2019. This quarterly series provides key insights into the threat trends and cybercriminals behaviors to help organizations prepare for and protect themselves against their constantly evolving adversaries.

Clever Amazon Phishing Scam Creates Login Prompts in PDF Docs

www.bleepingcomputer.com/news/security/clever-amazon-phishing-scam-creates-login-prompts-in-pdf-docs/ The goal of any phishing scam is to make you do something you shouldn’t do. Such is the case with a phishing campaign that utilizes PDF attachments that display login prompts that to many would look legitimate.. Such is the case with the latest phishing campaign found by detection company ReversingLabs and shared with BleepingComputer prior to publication.. What makes this scam stand out is that instead of using fake landing pages, it instead uses fake JavaScript login forms generated directly by the the PDF attachment.

LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks

blog.trendmicro.com/trendlabs-security-intelligence/lokibot-gains-new-persistence-mechanism-uses-steganography-to-hide-its-tracks/ First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. . Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. . Our analysis of a new LokiBot variant shows that it has improved its capabilities for staying undetected within a system via an updated persistence mechanism and the use of steganography to hide its code.

AT&T employees took bribes to plant malware on the company’s network

www.zdnet.com/article/at-t-employees-took-bribes-to-plant-malware-on-the-companys-network/#ftag=RSSbaffb68 DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company’s network, unlock more than 2 million devices.

New Echobot Botnet Variant Uses Over 50 Exploits to Propagate

www.bleepingcomputer.com/news/security/new-echobot-botnet-variant-uses-over-50-exploits-to-propagate/ A new variant of Echobot botnet has been spotted to include over 50 exploits leading to remote code execution (RCE) vulnerabilities in various Internet-of-Things devices.. Echobot was discovered in May and analyzed by security researchers at Palo Alto Networks, who found that it incorporated 18 exploits at the time.. The latest Echobot variant was found by security researcher Carlos Brendel AlcaƱiz, and uses 59 different RCE exploits to propagate, according to a tweet he published today.

Baldr malware unpicked with a little help from crooks bad opsec

nakedsecurity.sophos.com/2019/08/06/baldr-malware-unpicked-with-a-little-help-from-crooks-bad-opsec/ The research in question concerns Baldr, an up-and-comer in the world of illegal software that SophosLabs has been tracking closely since January.. In simple terms, Baldr is a password stealer, although in reality its more of an indiscriminate malware thief with an interest in anything it can carry away. It would steal your watch if it could.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.