The intelligence in this week’s iteration discuss the following threats: Emotet, Gootkit, Magecart, Payment card theft, Roomleader, and Tortoiseshell. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks (September 20, 2019)Researchers at SafeBreach discovered that the Forcepoint VPN Client for Windows is affected by a vulnerability that can be exploited to achieve an escalation of privilege, persistence, and defense evasion. The flaw, tracked as “CVE-2019-6145” and described as an unquoted search path issue, affects Forcepoint VPN Client for Windows versions prior to 6.6.1, and now includes a patch. According to SafeBreach, when the client application is launched, a process attempts to run several executable files that do not exist. This would allow a threat actor to place their own malicious executables in these locations that they could run when the Forcepoint application was launched, but only if the actor was local and already had some administrator privileges.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Process Discovery - T1057 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Modify Registry - T1112
Eight US Cities See Payment Data Card Stolen (September 20, 2019)Gemini Advisory has reported that more than 20,000 payment card records have been harvested from the Click2Gov payment portals of eight U.S. cities. ..
Support the originator by clicking the read the rest link below.
