Cyber Bites

A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and phishing threats. Source: BleepingComputer

Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft’s Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017. Published on GitHub by the Metasploit Project – a pen-testing framework developed in a collaboration between security company Rapid7 and open-source researchers – the exploit module currently targets...

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices. Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio streams to the device, listen to all station messages as...

Wikipedia was hit late last week with a sustained DDoS attack knocking it offline in many parts of the world. Wikipedia’s parent organization Wikimedia posted a statement on Sept. 7 saying it was under attack and working to return to normal operations, but posted on Twitter on Sept. 6 that it was suffering intermittent outages. The affected nations were UK, France, Germany and Italy. Parts of the United States were also impacted. Source: SC Magazine

Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers. All four of these campaigns were discovered by exploit kit expert nao_sec and are being distributed through malvertising that redirect visitors to the exploit kits landing pages. These landing pages are typically hosted on hacked sites. Once a user visits the site, the kit's scripts will attempt to exploit vulnerabilities in the visitor's...

The software integration firm CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The company said in a statement it was informed of the breach on 31 August, but affected customers who accessed the CircleCI platform starting June 30, 2019. The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings. Additionally, organisation name, repository...

A public exploit module for the BlueKeep Windows vulnerability has been added today to the open-source Metasploit penetration testing framework, developed by Rapid7 in collaboration with the open-source community. BlueKeep is a wormable remote code execution (RCE) security flaw discovered in the Windows Remote Desktop Protocol (RDP) service which enables unauthenticated attackers to run arbitrary code remotely, to launch denial of service attacks, and, in some cases, to take full control of unpatched systems. Source: Bleeping Computer

A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. It appears that the operators of this file-encrypting malware are trying various distribution channels as it was recently observed as a payload from the RIG exploit kit (EK). Source: Bleeping Computer

The job website says it cannot notify users since the exposure occurred on a third-party organization's servers. An unprotected Web server has been offering information on Monster.com users for some time — and neither Monster nor the third party it says purchased the data has notified the victims. According to reports, private information on job seekers using the site from 2014 through 2017 exposed includes phone numbers, home addresses, email addresses, and prior work experience. No...

Android smartphone users have been hit by a new malware - Joker. Aleksejs Kuprins, a security researcher at cybersecurity threat intelligence specialists CSIS Security Group, said 'Joker' spyware -- which derives its name from one of the command-and-control servers found by CSIS researchers -- has been detected in 24 apps that have collectively been installed over 472,000 times. Source: ZeeBiz