One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3639043 |
| Date de publication | 2021-11-10 16:00:00 (vue: 2021-11-10 16:05:26) |
| Titre | Anomali Cyber Watch: GitLab Vulnerability Exploited In The Wild, Mekotio Banking Trojan Returns, Microsoft Exchange Vulnerabilities Exploited Again and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Babuk, Braktooth, Linux, Gamaredon, Magecart and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
(published: November 5, 2021)
A proof-of-concept (PoC) tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. On Thursday, CISA urged manufacturers, vendors and developers to patch or employ workarounds. On Monday, the University of Singapore researchers updated their table of affected devices, after the chipset vendors Airoha, Mediatek and Samsung reported that some of their devices are vulnerable.
Analyst Comment: Users are urged to patch or employ workarounds as soon as possible.
Tags: Bluetooth, BrakTooth, Exploit, Vulnerability
CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
(published: November 4, 2021)
Researchers at SentinelOne have identified a vulnerability in the TIPC Module, part of the Linux Kernel. The Transparent Inter-Process Communication (TIPC) module is a protocol that is used for cluster-wide operation and is packaged as part of most major Linux distributions. The vulnerability, designated as “CVE-2021-43267”, is a heap overflow vulnerability that could be exploited to execute code within the kernel.
Analyst Comment: TIPC users should ensure their Linux kernel version is not between 5.10-rc1 and 5.15.
Tags: Linux, TIPC, Vulnerabiltity
Ukraine Links Members Of Gamaredon Hacker Group To Russian FSB
(published: November 4, 2021)
The Ukrainian Secret Service claims to have identified five members of the threat group, Gamaredon. The group, who Ukraine are claiming to be operated by the Russian Federal Security Service (FSB), are believed to be behind over 5,000 attacks against Ukraine. These attacks usually consist of malicious documents and using a template injection vulnerability, the group has targeted government, public and private entities.
Analyst Comment: Users should be careful that a file is sent via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. Users should be careful when viewing documents that ask for macros to be enabled.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204
Tags: Gamaredon, Malicious Documents, Russia, Ukraine, Template Injection
|
| Notes | |
| Envoyé | Oui |
| Condensat | “cve “trojan 000 2021 22205 22205” 43267” 43267: abused according accounts activity actor actors addition affected after again against agencies airoha all allow allowing allows also always america american among analysis analyst ancient anomali anti any api appears appropriate april arbitrary archive are ask att&ck att&ck: attached attachment attachments attack attacks attempt attributed authenticated authenticity avoid avoided babuk backed bank banker banking batch been before behind being believe believed best between bite: blocked bluetooth both braktooth brazil breach bugs business but c++ cambridge campaign can card cards careful case changed changing characters charts check checked chinachopper chipset cisa cisco claiming claims cluster code command commands comment: communication compilers comprehensive compromised concept considering consist consistently contacted contain contains continue control copies costs could countries credit criminals cve cvssv3 cyber data decryptor defend deliver demonstrated designated detailing detected developers devices different difficult directionality directly disclosed discovered discovery discuss discussed distribute distributed distributions documents doing download educate elements: email emails embedding employ employees enabled encoding encrypted encryption endpoint enforcement ensure entities etc evade evades evasion evolution exchange execute execution exiftool exploit exploitation exploited facing federal figure file fileless files financial finland first five flaws following freeze from fsb full gamaredon gather germany git gitlab glimpse government group hacker has have heap hide hids honduras identified identity impact impacted implement important improved include including individual infection infections information inject injection instances intelligence intended inter internet interpreter ioc iocs issue iteration java javascript keep kernel kingdom kit known language languages latest latin law layers least level libraries link links linux logs machine machines macros made magazine magecart major make malicious malware malware: malwarebytes manipulates manufacturers many mediatek mediums mekotio members memory method methods microsoft mitre module monday monitor more most multiple must name named network new news not november numbers numerous obfuscation occurring off once one opened opening operated operation other others over overflow packaged packing part party patch payload payment payment; personnel phishing poc point possible potential potentially powershell prevent previously primarily prior private process products profitable proof properly protection protocol provide proxyshell public published: python ransom ransomware rc1 rce recent recently recipient reformatted reject related released remote reorder reported reports research researchers returns revealed rule: runs russia russian rust samsung scan score scrape script scripting scrutiny secret security seems sender senders sent sentinelone server servers service should similar singapore site skimmer skimmers solutions some soon source source” spearphishing specifications spreading stealth stealthier stolen stories such summarize summary system t1055 t1059 t1082 t1204 t1486 t1497 t1566 table tags: talos targeted targeting template test text thailand them themida then these third threat threats thursday thus time tipc tool topics: tortilla track transactions transparent trending trick trojan trusted ttps two ukraine ukrainian unauthenticated undetected united university unknown unprecedented unusual update updated urged use used user users uses using usually utmost variant various vector vendors verify version very victim’s victims viewed viewing virtual virtualization/sandbox virus vulnerabilities vulnerability vulnerabiltity vulnerable watch watch: way ways webgl websites when where which who wide wild will wiped within work workarounds your zip |
| Tags | Ransomware Data Breach Malware Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.