Weekly Intelligence Bulletin – Week 16

18. April 19


QuoScient’s Weekly Intelligence Bulletin for the week of 11 April – 17 April 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.

Find a summary below.


Vulnerabilities Industry Impacted: ANY, Information Technology
A security researcher posted details and a Proof-of-Concept (PoC) for a zero-day vulnerability residing in Microsoft Internet Explorer 11. Successful exploitation of the vulnerability can lead to attackers exfiltrating local files and conducting remote reconnaissance.
According to the Carnegie Mellon Software Engineering Institute (SEI), multiple enterprise Virtual Private Network (VPN) applications store the authentication/session cookies insecurely, allowing attackers to bypass authentication and take control of an affected system.
Oracle released its April 2019 critical patch update addressing patches for 297 vulnerabilities across Database, Fusion Middleware, and Oracle Enterprise Manager products. Of the 297 vulnerabilities, 198 are remotely exploitable without authentication.

Threat Actor Activity
On 17 April, QuoINT observed a new spear phishing campaign delivering the CobInt malware, resulting in a Warning being distributed to clients. Attackers are using legitimate Gmail accounts to send the emails, which contain varied subject lines written in English. The emails contain a Google Doc URL that, when clicked, triggers the download of an encrypted ZIP file, which ultimately drops the CobInt malware. The CobInt executable has a moderate AV detection rate when it was first submitted.