Table of Contents
- Maze Ransomware Releases Files Stolen from City of Pensacola
- FBI Issues Alert For LockerGoga and MegaCortex Ransomware
- Emotet Reigns in Sandbox's Top Malware Threats of 2019
- Malware Broker Behind US Hacks is Now Teaching Computer Skills in China
- Spotify sends journalists mysterious USB drives
- Uptick Seen in ISO Email Attachments Delivering Malware
Google Chrome Impacted By New Magellan 2.0 Vulnerabilities
A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser. The vulnerabilities, five, in total, are named "Magellan 2.0", and were disclosed by the Tencent Blade security team. All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default. SQLite and Google have already been informed and fixed the issues.
Comparing Offensive Security Tooling and Gun Control
Daniel Miessler has written an essay in response to Andrew Thompson's blog post claiming that offensive security tools do more harm than good when put in public. Daniel compares the debate to the gun control, and it's complicated. Yes, those tools can do harm and can do good too. But it depends on many factors.
Critical Citrix Flaw May Expose Thousands of Firms to Attacks
A newly discovered vulnerability impacting the Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway) could potentially expose the networks of over 80,000 firms to hacking attacks. The discovered vulnerability was assigned identifier CVE-2019-19781. The vendor has not officially assigned a CVSS severity level to this vulnerability yet, but Positive Technologies experts believe it has the highest level, a 10². This vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5. A fix was not released yet, but Citrix has published an article how to mitigate the vulnerability.
A Twitter app bug was used to match 17 million phone numbers to user accounts
A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app.
The investigation into ToTok
American officials familiar with a classified intelligence had determined that ToTok, was actually a spying tool. Patrick Wardle has done an analysis of the app, and found out that it was working as advertised, with no backdoors, no malware, just a "normal" chatting app controlled by the United Arab Emirates. They have used a fake company as a decoy, and by using usual features messaging apps use (uploading contact list, sharing location, etc…), banning all the other messaging apps in the country, and writing fake reviews they could manipulate the citizens into installing it, and handling personal data to its own government for easy surveillance.
Entercom Confirms Weekend IT Disruption
Entercom has confirmed it suffered a disruption to its IT systems over the weekend and says the issues were largely resolved by Monday morning. What has been reported as a cyber-attack came just three months after a major breach in September that cost the company millions of dollars in costs, lost revenues and new security systems.
Dutch university hit by cyber attack on its Windows systems
Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution. Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. It is unclear how much time UM needs to find a solution, but it will definitely take a while for the systems to be fully operational again.
China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks
New Mozi P2P Botnet Takes Over Netgear, D-Link, Huawei Routers
Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code.
Maze Ransomware Releases Files Stolen from City of Pensacola
The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.
FBI Issues Alert For LockerGoga and MegaCortex Ransomware
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware. Both LockerGoga and MegaCortex are ransomware infections that target the enterprise by compromising the network and then attempting to encrypt all its devices.
Emotet Reigns in Sandbox's Top Malware Threats of 2019
Any.Run, a public service that allows interaction with malware running in a sandbox for analysis purposes, compiled a list with the top 10 most prevalent threats uploaded to the platform. At the head of the list is Emotet.
Malware Broker Behind US Hacks is Now Teaching Computer Skills in China
A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on internet security.
Spotify sends journalists mysterious USB drives
Spotify sent journalists USB drives promoting a new Spotify podcast. It's not uncommon for reporters to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be difficult to get into as many hands as possible. But anyone with basic security training under their hat will know to never plug in a USB drive without taking some precautions first.
Uptick Seen in ISO Email Attachments Delivering Malware
Security researchers analyzing malicious spam campaigns noticed an increase in delivering malware in disk image file formats, .ISO being the most prevalent. Among the most popular threats delivered this way are remote access tools (NanoCore, Remcos) and LokiBot information stealer.
Russia 'Successfully Tests' Its Unplugged Internet
The Russian government says it has successfully tested a country-wide alternative to the global internet. Details of what the test involved were vague but, according to the Ministry of Communications, ordinary users did not notice any changes. The results will now be presented to President Putin. The BBC reports: The initiative involves restricting the points at which Russia's version of the net connects to its global counterpart, giving the government more control over what its citizens can access.
Phishing Scams Target Canadian Bank Customers
Researchers at security vendor Check Point Software Technologies warn that an attack group that is using Ukraine-based infrastructure has created hundreds of lookalike domains to target customers of more than a dozen Canadian banks.