The intelligence in this week’s iteration discuss the following threats: APT29, Bitcoin theft, Blackremote, FTCode ransomware, Operation Ghost, and SDBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Researcher Discovers Critical Linux WiFi Vulnerability That Existed For Four Years (October 21, 2019)A critical Linux WiFi vulnerability has been discovered that could allow attackers to compromise vulnerable machines. The Linux WiFi vulnerability has existed for about four years, according to the researcher that identified the flaw, Nico Waisman. The vulnerability “CVE-2019-17666” exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek WiFi modules, used in Linux devices, to communicate with the Linux operating system. According to Waisman, the vulnerability may lead to remote code execution upon exploit, but is still working on a proof-of-concept. Versions through 5.3.6 of the Linux kernel operating system are impacted, and only affects devices using the Realtek chip. A fix has been proposed by the Linux kernel team, but has not yet been released.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Remote Access Tools - T1219
FTCode Ransomware Drops, Rocks, & Locks Files (October 18, 2019)Office 365 customers in Italy are being targeted with “FTcode” ransomware in an email phishing campaign that plays German rock music while encrypting files on the victim's computer. Security analysts at AppRiver report that the malicious emails contain files posing as “resumes, invoices, or document scans”. In one instance, wh ..
Support the originator by clicking the read the rest link below.
