Weekly Intelligence Bulletin – Week 20

17. May 19

QuoScient’s Weekly Intelligence Bulletin for the week of 9 May – 16 May 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.

Find a summary below.

CYBER

Vulnerabilities

Industry Impacted: ANY, Information Technology

A newly discovered security flaw known as Zombieload was publicly disclosed by researchers and is reported to affect almost every Intel processor chip since 2011. As a result of this flaw, an attacker that can locally execute malicious code on an affected system could compromise sensitive data such as passwords, secret keys account tokens or private messages. At this time, only Intel manufactured chips are affected.

This month’s Microsoft security release discloses 79 vulnerabilities, 22 of which are Critical, in a variety of products including Windows OS, Internet Explorer, Edge, Office, and more. This release also covers one vulnerability currently being exploited in the wild, as well as, a “wormable” and critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services.

Adobe released security patches for 84 vulnerabilities, of which 48 are critical in severity, impacting Flash Player, Acrobat and Reader, and Media Encoder.

Researchers at Red Balloon Security disclosed both a local vulnerability (dubbed Thrangrycat) in the Cisco Trust Anchor module (TAm) and a remote code execution (RCE) vulnerability in the web-based user interface of Cisco IOS XE software affecting a variety of Cisco products to include enterprise routers, switches, and firewalls.

 

Threat Actor Activity

Industry Impacted: ANY

On 14 May, QuoINT detected a new attack that uses Tactics, Techniques, and Procedures (TTPs) we attribute with moderate confidence to APT32 (also known as OceanLotus). Based on our analysis of the malicious Word document (maldoc) and infection chain, the activity is highly similar to a recently targeted campaign, which apparently targets Association of Southeast Asian Nations (ASEAN) affairs and meeting members.

 

GEOPOLITICS

Tensions between the US and Iran worsened over the previous weeks, as the US ordered all non-emergency government staff to leave Iraq after accusing Iran and its militias of preparing attacks on US troops stationed in the Middle East.

 

OUTLOOK

18 May- Australia Parliamentary Elections

21 May- German IT Security Congress, Bonn

23 May- Meet QuoScient’s Gerhard Beeker at the Potsdam Conference on National Cybersecurity 2019

23 May- European Parliamentary Elections