News – Page 2 – BU-CERT

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Posted on 8 July 2020

From thehackernews.com

microsoft linux forensics rootkit scanner

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.

The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Posted on 8 July 2020

From thehackernews.com

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.

Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

Posted on 8 July 2020

From malware.news

We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboration between the FLARE reverse engineering team and the Mandiant consulting team which ultimately saved many hours of difficult reverse engineering.

Scant3R – Web Security Scanner

Posted on 8 July 2020

From kitploit.com

Detect This vulnerabilities

Remote Code Execution
- Linux
XSS Reflected
Template Injection
- Jinja2
- ERB
- Java
- Twig
- Freemarker
SQl Injection

ThiefQuest info-stealing Mac wiper gets free decryptor

Posted on 8 July 2020

From bleepingcomputer.com

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup.

While the malware (initially named EvilQuest) deploys the encryption routine immediately after infecting a system, paying a ransom is not an option because it offers no way to contact the attackers.

Shopped recently from a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart

Posted on 8 July 2020

From theregister.com

The payment-card-skimming Magecart malware has turned up on yet more websites, this time 570 spanning 55 countries, it emerged this week.

The team at security biz Gemini Advisory said a long-running criminal gang dubbed Keeper compromised hundreds of online shopping sites over the past three years to install the software nasty.

FAKESPY – An Android Malware steal SMS messages, Application, and Financial data Around the World

Posted on 8 July 2020

From cybersecuritynews.com

Security experts uncovered a new version of Android malware “FAKESPY” that is stealing SMS messages, Applications’ data, and financial data from Android users all over the world.

This is a type of phishing malware, and it’s an upgraded version of the FAKESPY android malware. This phishing campaign is targetting France, China, Switzerland, Taiwan, United Kingdom, Germany, and the United States.