QuoScient’s Weekly Intelligence Bulletin for the week of 06 September – 13 September 2018 is now available for download in the Media Center! Find below a summary.
Vulnerabilities Adobe’s monthly Patch Tuesday released two security bulletins to address nine security issues, of which six are rated as ‘Critical’ by the vendor. The critical issues exist in Adobe’s ColdFusion web development platform and affect multiple versions. At this time, there is no indication of exploit activity in the wild related to these vulnerabilities.
Microsoft’s September Patch Tuesday release includes security patches for 61 vulnerabilities across multiple products. Of the reported vulnerabilities, 23 are remotely exploitable and 17 are rated as critical. Additionally, at the time of release, Microsoft lists four vulnerabilities as being previously publicly disclosed, one of which is also being exploited in the wild.
Reported Incidents Apple has removed three apps developed by Trend Micro from the Mac App store after a researcher provided evidence that the apps were collecting user browser history and the serial number and version of the operating system.
In the last week, it was disclosed that attackers compromised British Airways and Feedify, a real-time web push notification service, websites by injecting a malicious code that enabled the theft of customer personal and financial details.
Current Threats A security researcher discovered a campaign called Mongo Lock where threat actors are targeting remotely accessible and unprotected MongoDB databases and demanding ransom in the form of bitcoins. A total of three transactions of BTC 0.6 (EUR 3316,65) each were made to the associated bitcoin wallet, suggesting that companies are paying the ransom.
The total capitalization of the cryptocurrency market continued falling until 12 September, when it began increasing again. The total market capitalization only declined by 2 percent, however, it temporarily fell by 9 percent.
Malta Stock Exchange announced it will create a security token exchange in cooperation with the cryptoasset company Binance. Malta’s government aims to become the “Blockchain Island” by attracting cryptoasset companies with favourable legislation.
On 9 September, Syrian government forces, supported by Russia and Iran, conducted air campaigns around Idlib. The U.S. and several European states already announced consequences if chemical weapons are used in Idlib, which greatly risks the already tense situation to escalate between the involved parties.
The U.S. Department of Justice charged a North Korean national and alleged member of the APT group Lazarus with “conspiracy to conduct cyberattacks and intrusions”.
France’s Defence Minister said Russia attempted to intercept transmissions from a satellite which provides secure communication for the French and Italian militaries.
10 September – SEC-T – 0x0Beyond Conference
10 September – ToorCon 2018 San Diego
19 September – Detect ’18 – Threat Intelligence Conference