by CIRT Team
JavaScript Packages Caught Stealing Environment Variables [bleepingcomputer]
On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. According to a subsequent investigation by npm’s team, on July 19, a person named HackTask uploaded 38 JavaScript libraries on the npm repository.
by CIRT Team
FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor [proofpoint]
Proofpoint researchers have uncovered that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit. We have observed these new tools being used to target U.S.-based chain restaurants, although FIN7 has previously targeted hospitality organizations, retailers, merchant services, suppliers and others. The new macros and Bateleur backdoor use sophisticated anti-analysis and sandbox evasion...
Read More
by CIRT Team
Security Flaws Found in 2G Modems Used by BMW, Ford, Infiniti, and Nissan Cars [bleepingcomputer]
A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. TCUs are 2G modems that receive or send data from a car’s internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.
by CIRT Team
Crypt GlobeImposter Ransomware Distributed via Blank Slate Malspam [bleepingcomputer]
The “Blank Slate” malspam campaign has switched from distributing the Aleta BTCware variant to distributing a GlobeImposter variant that appends the .crypt extension. This malspam campaign is called Blank Slate due to the lack of a subject line and message body in the spam emails.
by CIRT Team
SMBLoris – the new SMB flaw [sans]
While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on a Denial of Service (DoS) attack. According to an article posted by ThreatPost, the flaw...
Read More
by CIRT Team
PoC Malware Exploits Cloud Anti-Virus for Data Exfiltration [securityweek]
Presented at BlackHat USA 2017 by Itzik Kotler and Amit Klein from SafeBreach Labs, the PoC tool relies on packing data inside an executable the main malware process creates on the compromised endpoint. Thus, if the AV product employs an Internet-connected sandbox as part of its cloud service, data is exfiltrated as soon as the AV agent uploads the newly created executable to the cloud...
Read More
by CIRT Team
Linux kernel CVE-2017-9077 Local Denial of Service Vulnerability
Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Impact: An attacker can exploit this issue to cause a local denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...
Read More
by CIRT Team
Oracle MySQL Server CVE-2017-3653 Remote Security Vulnerability
Description: Oracle MySQL Server is prone to a remote security vulnerability in MySQL Server. The vulnerability can be exploited over the ‘MySQL’ protocol. The ‘Server: DML’ sub component is affected. This vulnerability affects the following supported versions: 5.7.18 and prior 5.5.56 and prior 5.6.36 and prior Impact: Remote Security Vulnerability. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/99767/info...
Read More
by CIRT Team
Adobe Acrobat and Reader APSB17-11 Multiple Unspecified Memory Corruption Vulnerabilities
Description: Adobe Acrobat and Reader are prone to multiple unspecified memory-corruption vulnerabilities. Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods: Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user...
Read More
by CIRT Team
Internet’s Largest Bitcoin Mixer Shuts Down Realizing Bitcoin Is Not Anonymous [bleepingcomputer]
BitMixer, the world’s most popular Bitcoin mixing service has announced last weekend it was shutting down operations effective immediately.In a statement, the BitMixer owners said they were shutting down the service after realizing that Bitcoin was a “transparent non-anonymous system by design.”
