News – June 2019


  • RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory

    June 12, 2019

    A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side ...

  • Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

    June 12, 2019

    Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware. Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight ...

  • New FormBook Dropper Harbors Obfuscation, Persistence

    June 12, 2019

    Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities. Researchers are warning that a future data-theft attack may be brewing after discovering a new sample of the FormBook malware, with a never-before-seen dropper — i.e. a malicious file that is used in the initial infection stage and installs malware on the system. FormBook, ...

  • FBI Issues Warning on ‘Secure’ Websites Used For Phishing

    June 10, 2019

    The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser’s address bar to check if the current page is served by a website secured using a ...

  • MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

    June 10, 2019

    We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as its connection to four Android malware ...

  • Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

    June 9, 2019

    Linux users, beware! If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed ...

  • Ancient ICEFOG APT malware spotted again in new wave of attacks

    June 7, 2019

    Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical ...

  • DHS Works to Fix Cybersecurity Issues

    June 7, 2019

    The Department of Homeland Security made progress addressing the problems with its patch management and security efforts. The DHS inspector general issued its semi-annual report describing how the agency worked on its internal cybersecurity deficiencies. DHS closed one previous OIG recommendation and resolved two others to better secure information, according to the watchdog report submitted Wednesday to Congress. The ...

  • Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

    June 7, 2019

    An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed ...

  • New RCE vulnerability impacts nearly half of the internet’s email servers

    June 7, 2019

    A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers ...

  • UK ‘Particularly Vulnerable’ To Cyber Attack, MPs Warn

    June 6, 2019

    Public Accounts Committee report warns that the UK is extremely vulnerable due to its advanced digital economy The Public Accounts Committee (PAC) has warned in a new report that the United Kingdom is now more than ever, “particularly vulnerable to the risk of cyber attacks.” It said that because the UK is one of the world’s leading digital economies ...

  • A botnet is brute-forcing over 1.5 million RDP servers all over the world

    June 6, 2019

    Security researchers have discovered a new botnet that has been attacking Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. Discovered by Renato Marinho of Morphus Labs, the researcher says the botnet has been seen attacking 1,596,571 RDP endpoints, a number that will most likely rise in the coming days. Named GoldBrute, the ...

  • BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover

    June 5, 2019

    A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds. A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine. Reverse engineer Zǝɹosum0x0 tweeted about his ...

  • A New Approach for Combating Insider Threats

    June 4, 2019

    As insider attacks continue to plague the enterprise the security community is doubling down on finding new solutions to mitigate against the age-old problem. An insider threat can encompass anything from a gullible employee falling for a spearphishing email, to unaware new hires sharing data inappropriately – all the way to a rogue employeestealing company data. What connects all these insider threats ...

  • Massive Quest Diagnostics data breach impacts 12 million patients

    June 4, 2019

    A massive data breach has struck Quest Diagnostics and the information of up to 11.9 million patients has potentially been compromised. On Monday, the US clinical laboratory said that American Medical Collection Agency (AMCA), a billing collections provider that works with Quest, informed the company that an unauthorized user had managed to obtain access to AMCA systems. Through the ...

  • MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

    June 3, 2019

    A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug ...

  • Zebrocy’s Multilanguage Malware Salad

    June 3, 2019

    Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and similarities with BlackEnergy The past five years of Zebrocy infrastructure, malware set, ...