Table of Contents

  1. Vulnerabilities
    1. Google Chrome Impacted By New Magellan 2.0 Vulnerabilities
    2. Comparing Offensive Security Tooling and Gun Control
    3. Critical Citrix Flaw May Expose Thousands of Firms to Attacks
  2. Privacy
    1. A Twitter app bug was used to match 17 million phone numbers to user accounts
  3. Surveillance
    1. The investigation into ToTok
  4. Crime
    1. Entercom Confirms Weekend IT Disruption
    2. Dutch university hit by cyber attack on its Windows systems
    3. China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks
    4. New Mozi P2P Botnet Takes Over Netgear, D-Link, Huawei Routers
  5. Malware
    1. Maze Ransomware Releases Files Stolen from City of Pensacola
    2. FBI Issues Alert For LockerGoga and MegaCortex Ransomware
    3. Emotet Reigns in Sandbox's Top Malware Threats of 2019
    4. Malware Broker Behind US Hacks is Now Teaching Computer Skills in China
    5. Spotify sends journalists mysterious USB drives
    6. Uptick Seen in ISO Email Attachments Delivering Malware
  6. Politics
    1. Russia 'Successfully Tests' Its Unplugged Internet
  7. Phishing
    1. Phishing Scams Target Canadian Bank Customers

Vulnerabilities

Google Chrome Impacted By New Magellan 2.0 Vulnerabilities

A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser. The vulnerabilities, five, in total, are named "Magellan 2.0", and were disclosed by the Tencent Blade security team. All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default. SQLite and Google have already been informed and fixed the issues.

Comparing Offensive Security Tooling and Gun Control

Daniel Miessler has written an essay in response to Andrew Thompson's blog post claiming that offensive security tools do more harm than good when put in public. Daniel compares the debate to the gun control, and it's complicated. Yes, those tools can do harm and can do good too. But it depends on many factors.

Critical Citrix Flaw May Expose Thousands of Firms to Attacks

A newly discovered vulnerability impacting the Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway) could potentially expose the networks of over 80,000 firms to hacking attacks. The discovered vulnerability was assigned identifier CVE-2019-19781. The vendor has not officially assigned a CVSS severity level to this vulnerability yet, but Positive Technologies experts believe it has the highest level, a 10². This vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5. A fix was not released yet, but Citrix has published an article how to mitigate the vulnerability.

Privacy

A Twitter app bug was used to match 17 million phone numbers to user accounts

A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app.

Surveillance

The investigation into ToTok

American officials familiar with a classified intelligence had determined that ToTok, was actually a spying tool. Patrick Wardle has done an analysis of the app, and found out that it was working as advertised, with no backdoors, no malware, just a "normal" chatting app controlled by the United Arab Emirates. They have used a fake company as a decoy, and by using usual features messaging apps use (uploading contact list, sharing location, etc…), banning all the other messaging apps in the country, and writing fake reviews they could manipulate the citizens into installing it, and handling personal data to its own government for easy surveillance.

Crime

Entercom Confirms Weekend IT Disruption

Entercom has confirmed it suffered a disruption to its IT systems over the weekend and says the issues were largely resolved by Monday morning. What has been reported as a cyber-attack came just three months after a major breach in September that cost the company millions of dollars in costs, lost revenues and new security systems.

Dutch university hit by cyber attack on its Windows systems

Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution. Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. It is unclear how much time UM needs to find a solution, but it will definitely take a while for the systems to be fully operational again.

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks

Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA.

New Mozi P2P Botnet Takes Over Netgear, D-Link, Huawei Routers

Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code.

Malware

Maze Ransomware Releases Files Stolen from City of Pensacola

The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.

FBI Issues Alert For LockerGoga and MegaCortex Ransomware

The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware. Both LockerGoga and MegaCortex are ransomware infections that target the enterprise by compromising the network and then attempting to encrypt all its devices.

Emotet Reigns in Sandbox's Top Malware Threats of 2019

Any.Run, a public service that allows interaction with malware running in a sandbox for analysis purposes, compiled a list with the top 10 most prevalent threats uploaded to the platform. At the head of the list is Emotet.

Malware Broker Behind US Hacks is Now Teaching Computer Skills in China

A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on internet security.

Spotify sends journalists mysterious USB drives

Spotify sent journalists USB drives promoting a new Spotify podcast. It's not uncommon for reporters to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be difficult to get into as many hands as possible. But anyone with basic security training under their hat will know to never plug in a USB drive without taking some precautions first.

Uptick Seen in ISO Email Attachments Delivering Malware

Security researchers analyzing malicious spam campaigns noticed an increase in delivering malware in disk image file formats, .ISO being the most prevalent. Among the most popular threats delivered this way are remote access tools (NanoCore, Remcos) and LokiBot information stealer.

Politics

Russia 'Successfully Tests' Its Unplugged Internet

The Russian government says it has successfully tested a country-wide alternative to the global internet. Details of what the test involved were vague but, according to the Ministry of Communications, ordinary users did not notice any changes. The results will now be presented to President Putin. The BBC reports: The initiative involves restricting the points at which Russia's version of the net connects to its global counterpart, giving the government more control over what its citizens can access.

Phishing

Phishing Scams Target Canadian Bank Customers

Researchers at security vendor Check Point Software Technologies warn that an attack group that is using Ukraine-based infrastructure has created hundreds of lookalike domains to target customers of more than a dozen Canadian banks.