Actualité de la Cybersécurité
Revue de presse
CSIRT IICRAI
Jeudi 06 juin 2019
CYBERCRIME
Cryptojacking campaign uses Shodan to scan for Docker hosts to hack
A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs.
Romanian National Sentenced to 65 Months in Federal Prison for Multi-State ATM Card Skimming Scheme
Scheme caused over $868,000 in losses from over 530 individual accounts in three states
CYBERWARFARE
The EU’s Embassy In Russia Was Hacked But The EU Kept It A Secret
An ongoing “sophisticated cyber espionage event” was discovered in April, just weeks before the European Parliament elections — but the European External Action Service (EEAS), the EU’s foreign and security policy agency, did not disclose the incident publicly.
CRYPTO-CURRENCY
New Evidence Suggests Satoshi Nakamoto Is Paul Solotshi, The Creator of Encryption Software E4M and TrueCrypt
Paul Solotshi Calder Le Roux, a 46-year old criminal mastermind, is the creator of encryption software E4M and TrueCrypt (the cryptography encryption software Satoshi Nakamoto likely used to lock up his 1 million BTC), and author of an uncannily similar manifesto to the one in Bitcoin’s whitepaper in 1998.
HACK
Bypassing Root CA checks in Flutter based apps on Android
I recently started looking at Android apps based on the Flutter framework, I’d not come across any before and after a pub discussion about something entirely unrelated managed to find one to break.
VULNERABILITIES
Patch Android! June 2019 update fixes eight critical flaws
Despite the modest vulnerability count, the fact that 8 are marked ‘critical’ and 14 ‘high’ is good enough reason to want them as soon as possible, with 2 of the criticals (CVE-2019-2094 and CVE-2019-2095) affecting only version 9.
Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019
As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18
Expert developed a MetaSploit module for the BlueKeep flaw
The vulnerability, tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities.
Avoiding the DoS: How BlueKeep Scanners Work
On May 21, @JaGoTu and I released a proof-of-concept for CVE-2019-0708. This vulnerability has been nicknamed “BlueKeep”. Instead of causing code execution or a blue screen, our exploit was able to determine if the patch was installed.Now that there are public denial-of-service exploits, I am willing to give a quick overview of the luck that allows the scanner to avoid a blue screen and determine if the target is patched or not.
PRIVACY
Firefox bloque les traqueurs et cookies publicitaires
Les traqueurs et les cookies tiers permettant la collecte de données utilisateurs à des fins de ciblage publicitaire ne sont plus en odeur de sainteté chez Firefox. La fonction Facebook Container, permettant d’isoler la navigation du réseau social dans un onglet de Firefox, est par ailleurs renforcée.
PHISHING
Phishing attacks that bypass 2-factor authentication are now easier to execute
Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly.
REPORTS & WHITE PAPERS
Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
In recent months, there has been considerable unrest in the Iranian cyber sphere. Highly sensitive data about Iranian APT groups was leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel.