Table of Contents
- Exploit development
Hospital Management System 4.0 SQL Injection
EFF Year in Review
New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019.
Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018. The malware was named ‘Lampion’ as this is the name used as part of its internal name. Regarding a broad analysis, it looks like the Trojan-Banker.Win32.ChePro family, but with improvements that make hard its detection and analysis.
Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords
Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto, discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys.
Sextortion Email Scammers Try New Tactics to Bypass Spam Filters
Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. To bypass SPAM filters, attackers have started to utilize new tactics such as sending sextortion emails in foreign languages and splitting bitcoin addresses into two parts.
Irish National Cyber Security Strategy warns of attacks on Irish data centres
The Irish government has published its National Cyber Security Strategy, it is an update of the country’s first Strategy which was published in 2015. The report warns the national economy and the confidence in the State would be undermined by a major cyber attack on one of the numerous data centers that multinational tech giants have built around the country.
Expert finds Starbucks API Key exposed online
The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. The issue was discovered by the security expert Vinoth Kumar, he found the key in a public GitHub repository. This issue could allow attackers to execute commands on systems, add/remove users which has access to internal systems, and potentially AWS account takeover.
dlinject.py – Inject a .so into a running Linux process, without ptrace
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things.