QuoScient’s Weekly Intelligence Bulletin for the week of 9 May – 16 May 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.
Find a summary below.
CYBER
Vulnerabilities
Industry Impacted: ANY, Information Technology
A newly discovered security flaw known as Zombieload was publicly disclosed by researchers and is reported to affect almost every Intel processor chip since 2011. As a result of this flaw, an attacker that can locally execute malicious code on an affected system could compromise sensitive data such as passwords, secret keys account tokens or private messages. At this time, only Intel manufactured chips are affected.
This month’s Microsoft security release discloses 79 vulnerabilities, 22 of which are Critical, in a variety of products including Windows OS, Internet Explorer, Edge, Office, and more. This release also covers one vulnerability currently being exploited in the wild, as well as, a “wormable” and critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services.
Adobe released security patches for 84 vulnerabilities, of which 48 are critical in severity, impacting Flash Player, Acrobat and Reader, and Media Encoder.
Researchers at Red Balloon Security disclosed both a local vulnerability (dubbed Thrangrycat) in the Cisco Trust Anchor module (TAm) and a remote code execution (RCE) vulnerability in the web-based user interface of Cisco IOS XE software affecting a variety of Cisco products to include enterprise routers, switches, and firewalls.
Threat Actor Activity
Industry Impacted: ANY
On 14 May, QuoINT detected a new attack that uses Tactics, Techniques, and Procedures (TTPs) we attribute with moderate confidence to APT32 (also known as OceanLotus). Based on our analysis of the malicious Word document (maldoc) and infection chain, the activity is highly similar to a recently targeted campaign, which apparently targets Association of Southeast Asian Nations (ASEAN) affairs and meeting members.
GEOPOLITICS
Tensions between the US and Iran worsened over the previous weeks, as the US ordered all non-emergency government staff to leave Iraq after accusing Iran and its militias of preparing attacks on US troops stationed in the Middle East.
OUTLOOK
18 May- Australia Parliamentary Elections
21 May- German IT Security Congress, Bonn
23 May- Meet QuoScient’s Gerhard Beeker at the Potsdam Conference on National Cybersecurity 2019
23 May- European Parliamentary Elections