Languages

Actualité de la Cybersécurité

Revue de presse

CSIRT IICRAI

Jeudi 06 juin 2019

CYBERCRIME

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs.

Securityaffairs.co

Blog.trendmicro.com

Romanian National Sentenced to 65 Months in Federal Prison for Multi-State ATM Card Skimming Scheme

Scheme caused over $868,000 in losses from over 530 individual accounts in three states

Justice.gov

CYBERWARFARE

The EU’s Embassy In Russia Was Hacked But The EU Kept It A Secret

An ongoing “sophisticated cyber espionage event” was discovered in April, just weeks before the European Parliament elections — but the European External Action Service (EEAS), the EU’s foreign and security policy agency, did not disclose the incident publicly.

Buzzfeednews.com

CRYPTO-CURRENCY

New Evidence Suggests Satoshi Nakamoto Is Paul Solotshi, The Creator of Encryption Software E4M and TrueCrypt

Paul Solotshi Calder Le Roux, a 46-year old criminal mastermind, is the creator of encryption software E4M and TrueCrypt (the cryptography encryption software Satoshi Nakamoto likely used to lock up his 1 million BTC), and author of an uncannily similar manifesto to the one in Bitcoin’s whitepaper in 1998.

Investinblockchain.com

HACK

Bypassing Root CA checks in Flutter based apps on Android

I recently started looking at Android apps based on the Flutter framework, I’d not come across any before and after a pub discussion about something entirely unrelated managed to find one to break.

Orangewirelabs.wordpress.com

VULNERABILITIES

Patch Android! June 2019 update fixes eight critical flaws

Despite the modest vulnerability count, the fact that 8 are marked ‘critical’ and 14 ‘high’ is good enough reason to want them as soon as possible, with 2 of the criticals (CVE-2019-2094 and CVE-2019-2095) affecting only version 9.

Nakedsecurity.sophos.com

Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019

As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18

Unit42.paloaltonetworks.com

Expert developed a MetaSploit module for the BlueKeep flaw

The vulnerability, tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities.

Securityaffairs.co

Avoiding the DoS: How BlueKeep Scanners Work

On May 21, @JaGoTu and I released a proof-of-concept for CVE-2019-0708. This vulnerability has been nicknamed “BlueKeep”. Instead of causing code execution or a blue screen, our exploit was able to determine if the patch was installed.Now that there are public denial-of-service exploits, I am willing to give a quick overview of the luck that allows the scanner to avoid a blue screen and determine if the target is patched or not.

Zerosum0x0.blogspot.com

PRIVACY

Firefox bloque les traqueurs et cookies publicitaires

Les traqueurs et les cookies tiers permettant la collecte de données utilisateurs à des fins de ciblage publicitaire ne sont plus en odeur de sainteté chez Firefox. La fonction Facebook Container, permettant d’isoler la navigation du réseau social dans un onglet de Firefox, est par ailleurs renforcée.

Lemondeinformatique.fr

PHISHING

Phishing attacks that bypass 2-factor authentication are now easier to execute

Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly.

Csoonline.com

REPORTS & WHITE PAPERS

Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal

In recent months, there has been considerable unrest in the Iranian cyber sphere. Highly sensitive data about Iranian APT groups was leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel.

Clearskysec.com

Rapport_pdf