Le blog des experts sécurité Wavestone

CERT-W: Cybersecurity watch of events from October 28th

You will find below our weekly report on cybersecurity news. Use this brief compilation to support your coffee break small talk!

Cybercrime watch

Phishing attacks targeting UN, UNICEF and the red cross

Several international organizations among them UN, UNICEF, the red cross organization or the World Food Programme are the targets of a phishing campaign. The campaign targets mobile devices and saves all the keystrokes in order to save the users' credentials.

Anti-doping organizations targets of Fancy bear attacks

Several anti-doping organizations (at least 16) were targeted by the threat group Fancy bear (also known as APT28). The attacks were ongoing for more than a month.
Fancy Bear uses several attack methods among them spear phishing and the use of open-source or custom malware.
In 2016, the threat group targeted the world anti-doping agency and successfully published some data.

Vulnerability watch

A new malware gathers data from more than 100,000 devices

A new malware, named Raccoon, that was seen for the first time in April 2019 has already spread on more than 100,000 devices.
Raccoon gathers personal data from the compromised devices (credit card, emails, cookies, passwords, etc.).
The malware is considered as a service (Malware as a Service or MaaS) and costs 200$ per month for its use. Raccoon is now among the top 10 most famous malwares in the world.

A new vulnerability discovered in the Content Delivery Networks (CDN)

Researchers discovered a vulnerability in CDN letting them conduct denial of service attacks (CPDoS).
The attack involves sending some specifically crafted packets to the server that broadcasts the service through the CDN until it sends an error message. Then, the error will be relayed and distributed throughout the network.
Therefore, the server won't be accessed since it will be considered as offline.

Samsung starts deploying patches for the Samsung S10 and Note 10 fingerprint sensor

A vulnerability in the Samsung S10 and Note 10 fingerprint sensor was discovered allowing a user to bypass it as long as the sensor is covered with a protective film. A week later, Samsung released a security patch.

Weekly top

The top leak - More than 7M Adobe Creative Cloud users' accounts exposed

The Adobe Creative Cloud users' database (Elastic search database) was exposed without any authentication.
Around 7.5M users' data was exposed giving material for conducting targeted phishing campaigns.
It seems that the data exposed didn't contain banking information.

The top exploit - CVE-2019-5536, CVE-2019-5537 & CVE-2019-5538

Several vulnerabilities were discovered on VMware products:
*CVE-2019-5536: a denial of service vulnerability on the shader functionality,
*CVE-2019-5537 & CVE-2019-5538: a man in middle attack between the VCenter and the backup storage can expose the data in transit during backup or restore operations.

The top attack - The city of Grand Cognac hit by a ransomware

The information system of Grand Cognac was hit by a ransomware. Several employees were asked to take days off while recovering their workstations.
Some data was recovered, however several files that required years of work were definitively lost.

Software version watch

Current version
Adobe Flash Player
Adobe Acrobat Reader DC
Mozilla Firefox
Google Chrome


Aucun commentaire:

Enregistrer un commentaire