QuoScient’s Weekly Intelligence Bulletin for the week of 20 September – 27 September 2018 is now available for download in the Media Center!
Find below a summary.
Cyber
Vulnerabilities On 24 September, Cisco released an updated security advisory as they continue to investigate their products using the affected Linux Kernel Version to determine and mitigate susceptibility to a Denial-of-Service (DoS) vulnerability known as FragmentSmack. Based on Microsoft’s latest Patch Tuesday release, Linux based products are not exclusively affected by FragmentStack. Microsoft states that various Windows systems are affected, including servers.
Researchers identified a new variation of earlier exploit code targeting a previously patched remote code execution vulnerability existing in the Internet Explorer(IE) VBScript Engine. The
variant code is being used at least in one campaign ongoing since at least July 2018, distributing the final payload of Quasar- a Remote Administration Tool (RAT).
A security researcher publicly disclosed an unpatched zero-day vulnerability existing in the Microsoft JET (Joint Engine Technology) Database Engine, affecting at least the Windows 7 operating system. In accordance with the Zero Day Initiative (ZDI) 120 day deadline, this vulnerability was disclosed publicly without a patch.
Threat Actor Activity On, 25 September, QuoINT detected a new Cobalt spear-phishing attack imitating Oracle.
Reported Incidents A security researcher discovered sensitive internal documents and technical details for websites of the United Nations (U.N.) accessible online due to misconfigurations in the U.N’s. project management service Trello, issue ticketing tool Jira and office suite Google Docs. Separately, another researcher found both a path disclosure and information disclosure vulnerability in The United Nations WordPress site that exposed CV’s of thousands of job applicants since 2016.
The website for the German energy company RWE reportedly suffered a Distributed Denial of Service (DDoS) attack earlier this week that caused the site to be ”sometimes difficult or some-
times not reachable in some places”. The attack is reportedly due to the company’s involvement in the deforestation efforts in west Cologne in order to continue mining lignite.
Cryptocurrency
The German cryptoasset exchange Bitwala announced it completed their latest funding round to launch a fully regulated bank account based on the blockchain.
The French National Assembly will reportedly discuss an amendment to the French legislation to regulate all service providers in the cryptoasset industry.
The total crypto asset market capitalization decreased by 1.6 percent in the previous week to EUR 184 billion.
Geopolitics
Deutsche Telekom announced a cooperation with the German Armed Forces (Bundeswehr) on cyber defense.
The conflict between the U.S. and Iran was one of the dominating issues during the annual U.N. General Assembly session.
The U.S. administration released its National Cyber Strategy in which it outlines priority actions to protect U.S. citizens.
Outlook
30 September- Macedonia Holds Referendum on Name Change