Latest News Articles

-- TLP:WHITE ---
(https://first.org/tlp/)

########################################################
#### CSIRT-IE End of Day Report ####
########################################################

Date   : Friday 28-06-2019 10:00 ; Friday 05-07-2019 10:00

=====================================
= News =
=====================================
− Industry Reactions to Nation-State Hacking of Global Telcos
On June 25, 2019, Cybereason reported that hackers, most likely China's
state affiliated APT10 group, had comprehensively hacked numerous
telecommunications companies around the world.


https://www.securityweek.com/industry-reactions-nation-state-hacking-global-telcos/  
   
   
− Amazon data breach leaks sensitive info of Netflix, TD Bank and...
The researchers from the Data Breach team of UpGuard argue that the
oldest of the data found by them was uploaded in Sept’14. However, they
are not clear if the leaked data was publicly accessible since the said
time. Australian Cybersecurity startup UpGuard has cleared the air that
its team has....


https://www.cybersecurity-insiders.com/amazon-data-breach-leaks-
sensitive-info-of-netflix-td-bank-and-ford/
   
   
− Cyber white paper shows impact of GDPR in year one
ONE year ago GDPR had come into force, and in-boxes were full to the
brim with emails asking about "consent". Mandatory reporting
obligations for certain personal data security breaches, signalled the
start of fundamental change in privacy regulation but what has been the
impact? Pinsent Masons'....


http://www.irishnews.com/business/2019/07/02/news/cyber-white-paper-
shows-impact-of-gdpr-in-year-one-1650626/
   
   
− No data loss in FAI Cyber Attack
News is out that a team of forensic experts from KPMG was called into
service to investigate the matter related to a malware presence on a
payroll server. Authorities have confirmed that neither the employee
data nor the data loaded onto the FAInet system were affected by the
cyber incident unlike....


https://www.cybersecurity-insiders.com/no-data-loss-in-fai-cyber-attack/


=====================================
= Vulnerabilites =
=====================================

− Microsoft Outlook for Android Spoofing (CVE-2019-1105)
A spoofing vulnerability exists in Microsoft Outlook for Android. An
authenticated attacker could exploit the vulnerability by sending a
specially crafted email to a victim. Successful exploitation of this
vulnerability may allow running scripts in the context of the current
user.


http://www.checkpoint.com/defense/advisories/public/2019/
cpai-2019-0782.html
   
   
− July Android Security Update Fixes Four Critical RCE Flaws
Three critical remote code execution (RCE) in the Media framework and
another one in the Android system were fixed by Google in the Android
Open Source Project (AOSP) as part of the July 2019 security patch.


https://www.bleepingcomputer.com/news/security/july-android-security-
update-fixes-four-critical-rce-flaws/
   
   
− Cyber Command warns of new attacks and malware potentially linked to
Iran - Axios
United States Cyber Command issued a warning Tuesday about hackers
using a security flaw in Microsoft's Outlook email program, while also
uploading new malware to an archive used by cybersecurity researchers
that one expert believes is connected to an infamous Iranian attack.


https://www.axios.com/cyber-command-iran-malware-atacks-b411217d-b984-
4199-86c8-8fdec119463f.html


− USCYBERCOM Warned that Hackers Exploiting Microsoft Outlook Security
Vulnerability to Deliver Malware
USCYBERCOM published an alert that hackers were exploiting the
CVE-2017-11774 Microsoft Outlook Security Vulnerability to deliver
malware using an HTTPS domain. Microsoft already patched the
vulnerability in 2017 and the USCYBERCOM alert refers to the ongoing
campaign that exploiting CVE-2017-11774 .


https://gbhackers.com/uscybercom-warned-hackers-malware/


− Certificates Issued to Huawei Subsidiary Found in Cisco Switches
Researchers noticed that the firmware for some Cisco switches contains
X.509 certificates and associated private keys issued to a US-based
subsidiary of Huawei. An investigation by the networking giant revealed
that it was an oversight related to the use of an open-source
third-party component.


https://www.securityweek.com/certificates-issued-huawei-subsidiary-found
-cisco-switches

=====================================
= Community News =
=====================================
− Younger generations pose biggest cybersecurity threat to businesses
It has been revealed that one in 10 millennials would knowingly use a
work device that was under cyber-attack, as younger generations are
named the biggest security threat to businesses. This revelation comes
from a survey commissioned by specialist IT solutions distributor,
DataSolutions, involving 500 Irish office workers.


https://www.techcentral.ie/younger-generations-pose-biggest-
cybersecurity-threat-to-businesses


− Researchers Analyze Vietnamese Hackers' Suite of RATs
BlackBerry Cylance security researchers have analyzed a suite of remote
access Trojans (RATs) that the Vietnam-linked threat actor OceanLotus
has been using in attacks for the past three years. read more


https://www.securityweek.com/researchers-analyze-vietnamese-hackers-
suite-rats


− Trump Move to Ease Huawei Sanctions Sparks Anger, Confusion
The US trade war truce with China which could ease sanctions on Huawei
has prompted a backlash from lawmakers over national security concerns
amid confusion over how the deal may impact the Chinese tech giant.


https://www.securityweek.com/trump-move-ease-huawei-sanctions-sparks-
anger-confusion
   

− Cloudflare Worldwide Outage Caused by Bad Software Deployment
Cloudfare experienced a worldwide outage today for about 30 minutes,
with network performance issues that brought down a multitude of
websites and web services all around the world, and triggered "502 Bad
Gateway" errors. [...]


https://www.bleepingcomputer.com/news/technology/cloudflare-worldwide-
outage-caused-by-bad-software-deployment/
   

--- TLP:WHITE ---



 

 

−