Table of Contents
1. Technology news and Security updates:...... 2
1.1 Lenovo patches two high-severity flaws in PC support tool...... 2
1.2 PunkeyPOS Impacts Millions via Infected Restaurants...... 2
1.3 Severe Vulnerabilities Found in Meinberg NTP Servers...... 3
1.4 Chrome vulnerability lets attackers steal movies from streaming services 3
1.5 MIRCOP Ransomware Poses as Robbed Anonymous Member...... 4
1.6 Huawei Working on Its Own Android Version to Protect Itself: Report...... 4
1.7 Google Releases Free Digital Display Software Package...... 5
1.8 Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome....5
2. Cyber Crime and Intelligence in the news:...... 7
2.1. South Yorkshire (UK) Police Websites Hacked...... 7
2.2. Brazilian Telecom Giant “Oi” Websites Hacked...... 7
2.3. Flaw Allowed Hackers to Deliver Malicious Images via PayPal...... 7
2.4. Moroccan Hacker Defaces 37 Escort Sites for Religious Reasons...... 8
2.5. Company bosses must 'take the fall' for cyber failures...... 8
2.6. Hacker Selling 1.1 Million Lookbook.nu Emails And Plain Text Passwords 9
3. Technical Security Alerts:...... 10
3.1 Vulnerabilities, Malware and exploits...... 10
1. Technology news and Security updates:
1.1 Lenovo patches two high-severity flaws in PC support tool Lenovo has fixed two high-severity vulnerabilities in the Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs. The flaws could allow attackers to take over computers and terminate antivirus processes.
Lenovo Solution Center (LSC) allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.
The two new vulnerabilities, tracked as CVE-2016-5249 and CVE-2016-5248 in the Common Vulnerabilities and Exposures database, were found by security researchers from Trustwave. They affect LSC versions 3.3.002 and earlier.
The CVE-2016-5249 vulnerability allows an attacker who already has control of a limited account on a PC to execute malicious code via the privileged LocalSystem account. Source: http://www.computerworld.com/article/3088547/security/lenovo-patches-two-high- severity-flaws-in-pc-support-tool.html#tk.rss_security
1.2 PunkeyPOS Impacts Millions via Infected Restaurants During a recent investigation of Point of Sale terminals (PoS) in restaurants across the United States, PandaLabs researchers stumbled upon PunkeyPOS, a piece of malware designed to access credit card data.
Spotted more than a year ago as the successor of NewPOSthings family of malware, the threat was supposedly used by multiple actors, or might have been designed in the form of a service for targeted campaigns. The main purpose of the malware was to find card holder data (CHD), but it has other features as well.
Last year, the malware was observed dropping a keylogger to intercept keystrokes, encrypt them using AES encryption as soon as 200 characters have been collected, and then send them to the command and control (C&C) server. Since last year, PunkeyPOS has infected numerous locations around the United States, and might have stolen millions of credit card numbers. Source: http://www.securityweek.com/punkeypos-impacts-millions-infected-restaurants
1.3 Severe Vulnerabilities Found in Meinberg NTP Servers Germany-based time and frequency synchronization solutions provider Meinberg has released firmware updates for several of its NTP time servers to address three high severity vulnerabilities.
According to ICS-CERT, researcher Ryan Wincey discovered that the interface of Meinberg NTP time servers is plagued by two stack-based buffer overflows (CVE-2016- 3962 and CVE-2016-3988) and a weak access control issue (CVE-2016-3989).
Remote attackers, even ones with low skill, can exploit the vulnerabilities to escalate their privileges to root, ICS-CERT warned. There is no evidence of exploits specifically designed to target these flaws.
The security holes affect Meinberg IMS-LANTIME M3000, M1000 and M500; LANTIME M100, M200, M300, M400, M600 and M900; SyncFire 1100; and LCES – products that are used worldwide in the defense, energy, telecommunications, transportation, financial services and other sectors. Source: http://www.securityweek.com/severe-vulnerabilities-found-meinberg-ntp-servers
1.4 Chrome vulnerability lets attackers steal movies from streaming services A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben- Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.
The vulnerability in the encryption technology, Widevine EME/CDM, opens an easy way for attackers to hijack protected content delivered via different popular streaming services, making the unprotected content available for illegal distribution. David Livshits, a security researcher at the CSRC under the direction of Dr. Asaf Shabtai, has developed an attack proof-of-concept that is able to save a decrypted version of any streamed content protected by Google Widevine DRM and played via Google Chrome on a computer’s disk drive. Source: https://www.helpnetsecurity.com/2016/06/27/chrome-steal-movies-streaming-services/
1.5 MIRCOP Ransomware Poses as Robbed Anonymous Member A new strain of ransomware named MIRCOP poses as a robbed member of the Anonymous hacker group, asking users to give money back or have their files locked forever.
MIRCOP is one of the non-standard ransomware families that deviate from the regular modus operandi that most ransomware variants follow these days.
MIRCOP uses threatening language in the ransom note, hoping to scare users into making a quick buck. The crooks behind this ransomware are leveraging Anonymous' reputation and using a man with a Guy Fawkes mask on for the ransom note's background.
As you can see, the crooks don't mince words and take a threatening tone. The ransom note also doesn't feature any payment instructions, but only a Bitcoin wallet address.
The group expects victims to figure out how to buy Bitcoin and make the payment on their own. Source: http://news.softpedia.com/news/mircop-ransomware-poses-as-robbed-anonymous- member-505677.shtml
1.6 Huawei Working on Its Own Android Version to Protect Itself: Report Huawei apparently is building its own version of the Android mobile operating system so it can gain some independence in the marketplace to ensure a steady stream of OS innovations and development for its products. The existence of the Huawei Android OS project, described as a "contingency measure," was confirmed by Abigail Brody, a former mobile UI design lead at Apple who now works for Huawei.
The project is still very early in development at Huawei, but it is still a notable development in the world of Android, where its alleged "fragmentation" into many different variations is often discussed.
Huawei already has its own customized user interface that it places atop Android, similar to what many other manufacturers do. Work is also continuing on improvements for that UI, which Huawei calls its EMUI. Among the coming improvements for that software are updates for cosmetic issues and user pain points, which will come in the fall. Source: http://www.eweek.com/mobile/huawei-working-on-its-own-android-version-to-protect- itself-report.html
1.7 Google Releases Free Digital Display Software Package Google, like Facebook, Yahoo and any number of other successful IT product and service suppliers, often develops software of various kinds and gives its back to the public free of charge so people can use it to develop other products.
This is similar to companies who develop software and donate it back to the open source community, so that independent developers can use it to come up with their own new applications.
Google's latest giveaway is AnyPixel.js, released June 23. This is a new open-source software and hardware library that makes it possible to use the Web to create big, unusual, interactive displays. Anyone can take and hack the code and the schematics to create their own display at any scale or level of expertise, Google said. Source: http://www.eweek.com/cloud/google-releases-free-digital-display-software-package.html
1.8 Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome Facebook is undoubtedly the most used social media around the world and that’s what makes it an attractive target for cyber criminals as every now and then users complain about their account being compromised due to phishing or malware scam. Currently, a malware scam is infecting Facebook users in which they receive a notification in the app and/or in their email about a friend tagging in a comment, upon clicking the link, a malware is downloaded on their device. Though just downloading it won’t infect your device but users who are not aware of how scammers target people may click the downloaded file and infect their devices.
This malware is mostly targeting Chrome users. It is yet unclear if Firefox or other browsers are affected by the scam or not. One possibility is that users receiving such notifications have had one of their friends hacked and crooks are using their browser to target other contacts.
Here is an exclusive screenshot shared by one of our friends showing a JavaScript encoded script file which was downloaded once on their device.
The malware scam is currently under discussion on the Stack Exchange where the victim has been stating their experience after being tricked into downloading the infected files. According to one of the analysts on the discussion the researcher said that: Source: https://www.hackread.com/facebook-comment-tagging-malware-google-chrome/ 2. Cyber Crime and Intelligence in the news:
2.1. South Yorkshire (UK) Police Websites Hacked Hackers took over two South Yorkshire police websites and replaced home pages with one of their own — Reason behind the attack remains unknown!
A group of Albanian hackers have hacked and defaced two official websites of South Yorkshire Police earlier today. The Hackers left a deface page along with a text and video message bragging about their successful hack but the reason for targeting both sites was not mentioned anywhere.
“ Hacked by Nofawkx-al | Kkuq e zi! behind every success there is a story | Illyrians arrived! Red and black I dress, eagle on my chest, keep my head up for the flag I die, it’s good to be Albanian.” Source: https://www.hackread.com/south-yorkshire-uk-police-websites-hacked/
2.2. Brazilian Telecom Giant “Oi” Websites Hacked A defacer from Algeria hacked Brazilian telecom Oi websites in support of Palestine — yes, we are also trying to figure out the connection
Hackers will hack, no matter why or when once they find a way in they get in and take over whatever they can. Same happened with “Oi” a Brazilian telecom giant well known to users all over South America.
An Algerian hacker going by the online handle of “Red hell Sofyan” hacked and defaced the official website of Oi telecom along with several of its subdomains. The defacement took place on 20th June but went unreported in which the hacker left a message along with a page of his own showing support for Palestine. Source: https://www.hackread.com/brazilian-telecom-giant-oi-websites-hacked/
2.3. Flaw Allowed Hackers to Deliver Malicious Images via PayPal PayPal has addressed a vulnerability that could have been exploited by hackers to insert malicious images into payment pages. Security researcher Aditya K Sood discovered that the URL of payment pages set up by PayPal users included a parameter called “image_url.” The value of this parameter could have been replaced with a URL pointing to an image hosted on a remote server.
This could have allowed an attacker to use a third-party vendor’s PayPal payment page to deliver malicious images. Sood demonstrated the existence of the flaw by displaying an arbitrary image on a vendor’s payment page, but he believes an attacker could have delivered a piece of malware or an exploit hidden in an image. Sources: http://www.securityweek.com/flaw-allowed-hackers-deliver-malicious-images-paypal
2.4. Moroccan Hacker Defaces 37 Escort Sites for Religious Reasons ElSurveillance, a religiously motivated Moroccan hacker, has defaced 37 websites as part of his #EscortsOffline campaign that he started last summer. We previously wrote about ElSurveillance's campaign in January, when the hacker explained that he began defacing escort websites because of his religious beliefs.
ElSurveillance, a devout Muslim, explained that no man or woman should be selling their body for money. "[O]ur bodies are gifted from Allah (God) to us to look after and not to destroy," the hacker said.
In January, the hacker defaced 79 escort websites. His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. Source: http://news.softpedia.com/news/moroccan-hacker-defaces-37-escort-sites-for-religious- reasons-505675.shtml
2.5. Company bosses must 'take the fall' for cyber failures Cape Town – South African chief executives should be held accountable for cyber breaches, a national survey of IT executives has found. The survey conducted by VMware found that 35% of IT decision makers believe that C- level executives or corporate boards should be held accountable for cyber security lapses.
At least 16% of survey respondents agreed that top level executives pay enough attention to cyber security issues.
“ The issue around accountability is symptomatic of the underlying challenges facing business as they seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats,” said Matthew Kibby, regional director of VMware in Sub-Saharan Africa. Source: http://www.fin24.com/Tech/Cyber-Security/company-bosses-must-take-the-fall-for-cyber- failures-20160624
2.6. Hacker Selling 1.1 Million Lookbook.nu Emails And Plain Text Passwords Dark Net is a strange place where anyone can buy anything from government credentials, drugs or weapons to loads of databases belonging to top online platforms. Recently, we have seen an increase in such offers where hackers have been offering highly confidential data from top social media giants including MySpace, LinkedIn, Twitter, Beautiful People and VK.com.
Now, the latest one open for business is Lookbook.nu, a fashion, youth culture, and community website, created by Yuri Lee in San Francisco. Yes, the same hacker going by the handle of Peace of Mind has been offering login credentials of 1.1 million LookBook users since May 2016.
The offered data includes emails and their clear-text passwords for BTC 0.1519 which is about 102.23 US Dollars. The data has been already sold six times while one of the buyers going by the handle of ”6969” has given their feedback as ”1.1 million users with plain text passwords and their emails, very good for spammers since its Fashion related as well as scams and password reuse!” Source: https://www.hackread.com/hacker-selling-million-lookbook-accounts/ 3. Technical Security Alerts: Technical security alerts are the current security issues, vulnerabilities, Malware and exploits provided proactively to provide timely information about their impact, propagation and remediation. This information is sourced to provide to technical teams to protect their infrastructure environments.
3.1 Vulnerabilities, Malware and exploits The table below lists all the recent Vulnerabilities, Malware and exploits identified by ICT Security Monitoring Services team for today.
Technologies and Name Description Propagation Software’s affected Remedy Severity
Adobe Flash Player Memory A vulnerability in Adobe The vulnerability is due to The following Adobe Flash Moderate Adobe has released Corruption Vulnerability Flash Player could allow an improper memory operations by Player versions are Damage software updates unauthenticated, remote the affected software. An vulnerable: Source: attacker to execute arbitrary attacker could exploit this - Flash Player Desktop http://tools.cisco.com/security/ce code. vulnerability by persuading a Runtime versions 21.0.0.242 nter/viewAlert.x?alertId=46835 user to open a web page that and prior for Windows, contains crafted Flash content. Macintosh, Linux, and ChromeOS - Flash Player Extended Support Release versions 18.0.0.352 and prior for Windows and Macintosh - Flash Player versions 11.2.202.621 and prior for Linux Apache Struts Dynamic A remote code execution A remote user can supply a This module exploits a Disable Dynamic High Risk Method Invocation Remote vulnerability exits in Apache specially crafted expression remote command execution Method Invocation Code Execution Vulnerability Struts such that upon containing a 'method:' prefix to vulnerability in Apache Struts when possible or (CVE-2016-3081) successful exploitation a a target server that has enabled version between 2.3.20 and upgrade to Apache malicious expression can be Dynamic Method Invocation to 2.3.28 (except 2.3.20.2 and Struts versions Source: used to execute arbitrary execute arbitrary code on the 2.3.24.2). 2.3.20.3, 2.3.24.3 or http://www.securitytracker.com/i code on server side when target system. 2.3.28.1. d/1035665 Dynamic Method Invocation is enabled. https://struts.apache.org/docs/s2 -032.html
End: