17 July 2020 | Asia Cyber Summary


Blackpanda Origin Story:


Blackpanda CEO and Co-founder, Gene Yu, tells Blackpanda’s origin story from its creation in 2015. While our history is grounded in US Special Forces and crisis response roots, Blackpanda has adjusted its security focus over the years from physical to cyber, with human actors remaining at the core of security. Read the full story on Blackpanda origins and evolution here.




In the spotlight this week:


• American Twitter accounts hacked in Bitcoin scam

• Microsoft releases patch to remediate 17-year-old bug

• Firefox on Android: cameras remain active when the phone is locked or users switch apps




JUL 16, 2020 | Major US Twitter Accounts Hacked In Bitcoin Scam


A Twitter insider was responsible for a wave of high-profile account takeovers on Wednesday. High profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack. According to a source, the hacker “used a rep that literally did all the work for us”. The second source added they paid the Twitter insider. The accounts were taken over using an internal tool at Twitter, according to the sources.


Source:

https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos and https://www.bbc.com/news/technology-53425822




JUL 16, 2020 | SIGRed – Resolving Your Way Into Domain Admin: Exploiting A 17-Year-Old Bug In Windows DNS Servers


On the 14th of July, Microsoft released a patch to remediate a 17-year-old fault with their DNS implementation. The fault has been codenamed SIGRed (CVE-2020-1350) and has the potential to be automated into a worm that could rapidly propagate throughout the internet. Successful exploitation of this fault takes place through a craft DNS response packet and grants the attacker Domain Administrator rights, which put the entire corporate domain at risk.


Source: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/




JUL 15, 2020 | Firefox On Android: Camera Remains Active When Phone Is Locked Or The User Switches Apps


The bug was first spotted and reported to Mozilla a year ago in July 2019 by an employee of video delivery platform Appear TV. The bug manifests itself when users choose to stream videos from a website loaded in Firefox instead of a native app. "This bug [fix] aims to address this by defaulting to audio-only when the screen is locked," Mozilla said. "[The fix] is scheduled for release at the platform-level this October, and for consumers shortly after."


Source: https://www.zdnet.com/article/firefox-on-android-camera-remains-active-when-phone-is-locked-or-the-user-switches-apps/#ftag=RSSbaffb68




JUL 15, 2020 | Financially Motivated Actors Are Expanding Access Into OT: Analysis Of Kill Lists That Include OT Processes Used With Seven Malware Families


Financially motivated threat actors have been observed adding capabilities targeting operational technology (OT) to their ransomware families. Mandiant identified OT process names within samples from at least six ransomware families (DoppelPaymer, LockerGoga, Maze, MegaCortex, Nefilim, and SNAKEHOSE), all of which have been associated with high-profile incidents impacting industrial organizations over the past two years.


Source: https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html




JUL 15, 2020 | Phone of Top Catalan Politician Targeted by Government-Grade Spyware


Sergi Miquel, a top politician from Catalan was in Belgium when targeted. The targeting of a telephone with NSO's spyware in Belgium—another EU country—clearly indicates the need for an urgent European Union examination of the circumstances of these cases. Cases that were confirmed thus far all used the same technique, leveraging missed video calls from WhatsApp in April-May 2019. WhatsApp blocked the targeting shortly after it was discovered by CitizenLab.


Source:

https://www.theguardian.com/world/2020/jul/13/phone-of-top-catalan-politician-targeted-by-government-grade-spyware

https://citizenlab.ca/2019/10/nso-q-cyber-technologies-100-new-abuse-cases/




JUL 15, 2020 | PoC Exploits Released For SAP Recon Vulnerabilities


Exploits released on GitHub take advantage of a remote code execution (RCE) vulnerability in SAP’s NetWeaver AS Java component. When exploited, it allows the attacker to gain full and unauthenticated remote access to vulnerable systems. The attacker can then use this platform to launch attacks within the corporate network. Active reconnaissance scans for this vulnerability have been observed. A patch was released on July 13th. Due to the potential impact and ease of use of the exploit, it is recommended that affected clients using SAP implement the patch immediately.


Source: https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-sap-recon-vulnerabilities-patch-now/




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3

100 Cyberport Rd

Hong Kong

+852 6975 1099

SINGAPORE

6 Raffles Quay
#11-07
Singapore (048580)

+65 6692 9110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

  • LinkedIn
  • Facebook
  • Twitter