Page 17 - AccumeView June
P. 17
Vulnerabilities &
IOCs
➢ MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
➢ 194 of The Top 1000 Docker Containers Don’t Have Root Passwords
➢ Chronicle experts spotted a Linux variant of the Winnti backdoor
➢ XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites
➢ Two Ransomware Recovery Firms Typically Pay Hackers
➢ Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses
➢ Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
➢ Over 25,000 Linksys Smart Wi-Fi routers vulnerable to sensitive information disclosure flaw
➢ North Korean cyberspies deploy new malware that harvests Bluetooth data
➢ Nigerian BEC Scammers Shifting to RATs As Tool of Choice
➢ Site Promoting KeePass Password Manager Pushes Malware
➢ High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack
➢ Retefe Banking Trojan resurfaces in the threat landscape with innovations
➢ D-Link camera vulnerability allows attackers to tap into the video stream
➢ Qakbot Assembles Itself from Encrypted Halves to Evade Detection
➢ 'Denial of service' attack caused grid cyber disruption: DOE
➢ Vodafone Found Hidden Backdoors in Huawei Equipment
➢ Buhtrap backdoor and ransomware distributed via major advertising platform
➢ P2P Weakness Exposes Millions of IoT Devices
➢ Researcher publishes Windows zero-days for the third day in a row
➢ One year later: The VPNFilter catastrophe that wasn't
➢ Critical Flaws in Khan Academy Opened Door to Account Takeovers
➢ Flaw Exposes Mitsubishi PLCs to Remote DoS Attacks
➢ 16Shop: Commercial Phishing Kit Has A Hidden Backdoor
➢ MuddyWater BlackWater campaign used new anti-detection techniques
➢ Account Hijacking Forum OGusers Hacked
“Ransomware is more about manipulating
vulnerabilities in human psychology than the
adversary’s technological sophistication.”
– James Scott
