Cyber Bites

The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at least September 2019; it offers remote-access capabilities and has a few spyware aspects, including the ability to exfiltrate data from the victimized devices and networks. Source: Threatpost

DoppelPaymer ransomware developers release files stolen from contractors to SpaceX, Tesla, Boeing, Lockheed-Martin and US Navy. Security researchers have warned of a new ransomware campaign that targets companies handling sensitive data – and then publishes their internal files online if they do not pay. DoppelPaymer emerged in mid-2019, but in recent weeks has published data belonging to contractors for the US Navy, Lockheed-Martin and SpaceX. The variant emerged from the BitPaymer ransomware in June of...

The first installation of a new report into Canberra's cyber readiness has been tabled, with The Commonwealth Cyber Security Posture in 2019 prepared by the Australian Signals Directorate (ASD). During the last year, the Australian Cyber Security Centre (ACSC) responded to 427 cyber incidents against Commonwealth entities, 65% of which were self-reported, and the rest were picked up through ACSC investigations, reports from third parties, and analysis of a variety of classified and open-source material,...

Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory. Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines. Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL,...

A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by the Cofense Phishing Defense Center (PDC). Surprisingly, Cisco's own Secure Email Gateway failed to catch this new campaign which was launched at a time when millions of people are working from home using a variety of online platforms and software. Cybercriminals are well aware of this and have begun to exploit trusted brands like...

Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums. The data, of which ZDNet has obtained samples from three different sources, contains Quidd usernames, email addresses, and hashed account passwords. Source: ZD Net

Researchers have discovered a new phishing campaign, which endeavours to trick unwitting Americans into downloading malware-laden coronavirus materials, using the White House as a hook. Identified by cybersecurity researchers from Inky, the scam operates just as you might expect. An individual receives an email from the supposed White House, claiming to share “Coronavirus Guidelines for America”. Source: IT Pro Portal

A zero-day cross-site scripting vulnerability has been discovered in BuySpeed, an automated procure-to-pay tool from Periscope Holdings, a provider of procurement software solutions for public-sector entities and their suppliers. The flaw, found in BuySpeed version 14.5, “could allow a local, authenticated attacker to store arbitrary JavaScript within the application,” warns a vulnerability advisory from the CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute. “This JavaScript is subsequently displayed by the application without sanitization,...

 A database owned by the email delivery and marketing firm Maropost was reportedly found open and unsecured exposing about 95 million customer records. Researchers at CyberNews initially found the database in early February noting it contained 19.2 million unique email addresses and marketing logs containing the relevant metadata for these emails, such as the exact date and time the emails were sent, who sent them and to whom. The data resided on a Google Cloud...

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients. RigUp, founded in 2014, is a labor marketplace and services provider built for the US energy sector, with clients across the country. According to the report, since 2014, RigUp has grown to provide additional services covering many aspects of energy company operations...