The intelligence in this week’s iteration discuss the following threats: APT, Data leak, Phishing, PII, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Chrome 0-day Exploit CVE-2019-13720 Used in Operation WizardOpium (November 1, 2019)Security researchers from Kaspersky have discovered a new vulnerability in Google’s Chrome Browser, registered as “CVE-2019-13720”. Attacks using this zero-day are being referred to as “Operation WizardOpium”, and there is yet to be any clear evidence to link the attacks with known threat actors. The zero-day was exploited by placing malicious JavaScript code on a Korean-language news portal. The script loads a profiling script which checks if the victim is running Google Chrome version 65 or higher. If the Chrome version condition is met, then the script will make requests to the attacker controlled Command and Control (C2) server. These requests download encrypted chunks of exploit code. An image file will be sent as well with an embedded key to decrypt the final payload. Once the chunks are concatenated and payload decrypted, this will give the attacker a new piece of JavaScript code to exploit the browser. The focus of the exploit code is to undergo several operations which will allocate/free memory space which will give actors read/write capabilities. This is used to create an object that can be used to perform code execution for a shellcode payload.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] D ..
Support the originator by clicking the read the rest link below.
