Show vulnerabilities with patch / with exploit
13 July 2020

Weekly security roundup: July 13, 2020


Weekly security roundup: July 13, 2020

Palo Alto Networks has released a security update which addresses severe vulnerability in PAN-OS devices. The new issue, tracked as CVE-2020-2034, is an OS Command Injection vulnerability impacting the PAN-OS GlobalProtect which could be exploited by an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges.

CVE-2020-2034 affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1

Zoom has confirmed an RCE-vulnerability in its Zoom client for Windows. The flaw is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. The attack requires user interaction. The vulnerability has been fixed in the Zoom client for Windows version 5.1.3 (28656.0709).

The US authorities have charged a 37-year-old Kazakhstani citizen Andrey Turchin (aka fxmsp) with crimes related to a financially motivated cyber criminal ring that conducted attacks against corporate entities, educational institutions, and governments across the globe.

The accused allegedly worked together with other members of cybercriminal group to plant backdoors on compromised networks to establish persistent access, which they then sold to other malicious actors. According to DoJ, since October 2017, Turchin and his accomplices targeted hundreds of organizations across six continents, including more than 30 in the United States.

Security researchers shed light on activity of a hacker group called “Keeper” that has been engaging in Magecart-style attacks aimed at stealing credit card data of online shoppers. Over the last three years the group targeted more than 570 e-commerce websites generating estimated $7 million from selling stolen credit cards.

Like many other Magecart groups, Keeper attempts to masquerade their malicious domains as legitimate services, as well as popular website plugins and payment gateways. The malicious actors primarily targeted websites running the Magento CMS (85%) with the largest percentage of victims located in the United States (28%) closely followed by the United Kingdom and the Netherlands.

Microsoft has disabled key domains that were part of infrastructure used by cyber criminals to orchestrate a massive phishing campaign that sought to defraud users in 62 countries around the world by exploiting the panic around the COVID-19 pandemic. The cyber criminals deployed a sophisticated phishing scheme designed to compromise users of Office 365. The crooks attempted to gain access to customer email, contact lists, sensitive documents and other valuable information.

German law enforcement have confiscated web server belonging to a hacktivist collective called Distributed Denial of Secrets (DDoSecrets) that hosted BlueLeaks, a website that distributed internal documents stolen from US police departments.

According to Emma Best, the founder of DDoSecrets, the police seized the organization’s “primary public download server.” Best said the seizure appears to be related to the release of the BlueLeaks files.

For more than a year a group of scammers has been conducting email-based campaigns against Fortune 500 and Global 2000 companies attempting to steal hundreds of thousands of dollars fr om their victims. The group, dubbed “Cosmic Lynx,” has been active since July 2019 and has targeted individuals in 46 countries across the globe, often victimizing senior-level executives from large multinational corporations. The researchers said they observed more than 200 BEC (business email compromise) campaigns conducted by this group since July last year.

Security researchers detailed activities of the Evilnum APT, a group behind the eponymous malware, which has been targeting fintech companies since at least 2018. Over the years, the group’s toolset and infrastructure have evolved and now include custom malware as well as tools bought from a malware-as-a-service (MaaS) provider called Golden Chickens, which also counts FIN6 and Cobalt Group among its customers.

According to the team, Evilnum targets financial technology companies that offer trading and investment platforms. While most of the victims are located in EU countries and the UK, ESET observed attacks against companies in Australia and Canada.


Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020