Table of Contents

  1. Crime
    1. Iran detects foreign spying malware on Govt servers
    2. Ryuk Ransomware Likely Behind New Orleans Cyberattack
    3. FBI breaks up 2 illegal streaming sites — including iStreamItAll, with more subscribers than Netflix, Amazon Prime and Hulu
    4. Universität Gießen recovers from the attack
    5. Inside ‘Evil Corp,’ a $100M Cybercrime Menace
  2. Surveillance
    1. German surveillance draft law worse than expected
  3. Vulnerabilities
    1. TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover
    2. Binary Planting with the npm CLI
    3. Vulnerabilities in the RCS protocol
    4. German BSI withholds Truecrypt security report

Crime

Iran detects foreign spying malware on Govt servers

Iran has foiled a second cyber-attack in less than a week, the country's telecommunications minister says. The operation was named "Dejfa fortress", and originates from a chinese speaking APT group known for targeting middle east governments. A day earlier, the minister had dismissed reports that millions of Iranian bank accounts had been hacked.

Ryuk Ransomware Likely Behind New Orleans Cyberattack

Based on files uploaded to the VirusTotal scanning service (detected by a single engine at the time of this writing), the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors. Bleepingcomputer team has found the executable which was likely used to infect the systems (detected by 49 engines).

FBI breaks up 2 illegal streaming sites — including iStreamItAll, with more subscribers than Netflix, Amazon Prime and Hulu

Two programmers in Las Vegas recently admitted to running two of the largest illegal television and movie streaming services in the country, according to federal officials. The programmers have used existing torrent websites to spider and download roughly 118,000 TV episodes and 11,000 movies which they shared illegaly over their own services.

Universität Gießen recovers from the attack

New details emerged about the attack on the university. Using 1200 USB sticks, the staff is expected to desinfect every windows system manually. They don't provide any details of the attack, but claim that a new type of malware was discovered, and external experts were hired to come up with a desinfection procedure.

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

KrebsOnSecurity has done a nice investigation in the "evil corp" operation based in Russia, that has stolen about $100m from businesses and customers. FBI has offered a $5m bounty for information leading to the arrest of the man orchestrating the attacks. They have "hired" students, unemployed people, and those in economic hardship, to withdraw stolen money and send them to the attackers, thus unknowingly participating in a crime.

Surveillance

German surveillance draft law worse than expected

The draft german law which forces tech companies to operate with law enforcement will bypass 2FA, client certificates, and everything else, because instead of forcing the firms to provide usernames/passwords the law can ask for the session cookies, or other server-side tokens.

Vulnerabilities

TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover

TP-Link Archer firmware doesn't require a valid TokenID and JSESSIONID when using tplinkwifi.net as the referrer. The researcher managed to clear the admin password by sending a HTTP request to the cgi function used for setting a password, with this referer and no authentication.

Binary Planting with the npm CLI

A combo of 3 CVEs enables npm, pnpm, and yarn to arbitrary write files on the vulnerable system. A patch was already released.

Vulnerabilities in the RCS protocol

SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7

German BSI withholds Truecrypt security report

The German Federal Office for Information Security has created a detailed analysis of the software Truecrypt in 2010. The results ended up in the drawer, the public was not informed about the found security risks. Using web plattform "Frag Den Staat" (translated "ask the state"), researchers have gotten access to the documents, and found out several low/medium risk vulnerabilities that were still in the Veracrypt code (TrueCrypt fork). Veracrypt developers have since fixed the issues.