CIRCL (Twitter feed) @circl@mastodon.opencloud.lu
- Web site:
- https://www.circl.lu/
- Twitter:
- https://twitter.com/circl_lu
CIRCL is the #CERT (Computer Emergency Response Team) for the private sector, communes and non-governmental entities in #Luxembourg.
Joined Nov 2019
A new malware campaign of #COVID2019 based theme is ongoing with a very low detection rate. Don't hesitate to contact us to get access to our private sector MISP information sharing community and get the IOCs.
51eab875208923d82953fd3492b2efab3dc1d234c555a2db9dcd45e840a9040cpic.twitter.com/f3ja7EMe0J
#Critical #vulnerabilities in #Trend #Micro Apex One, OfficeScan and Worry-Free Business Security already actively exploited. Patch now!
#ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded. @LukasStefanko Details:
https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware …pic.twitter.com/ojkRkGznPN
Criminals never miss a chance to scam you Amid fears over the #COVID19 outbreak, they are after your #personaldata & money.
Make sure you:
Check the sender's email address
Don't click on suspicious attachments
Don't be rushed into making a purchase
#CyberScamspic.twitter.com/L2ULbDXIzh
"Vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet."
EX #LockedShields 2020, conference #CyCon and upcoming courses for 1st half of 2020 are cancelled. Safety of our community and contributors is priority #COVID19
"Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust."
"D4 core client and server - version 1.0 released"
https://github.com/D4-project/d4-core/releases/tag/v1.0 …pic.twitter.com/MHX6tS8iZy
"A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM)."
https://www.synology.com/en-global/security/advisory/Synology_SA_20_02 …
MISP 2.4.123 released with a new flexible internal dashboard features, various improvements and security fixes. We strongly recommend to wash our hands and do an update of your MISP instance.
https://www.misp-project.org/2020/03/10/MISP.2.4.123.released.html … #ThreatIntel #ThreatIntelligencepic.twitter.com/rEeVfj5d0I
"TR-58 - CVE-2020-0796 - Critical vulnerability in Microsoft SMBv3 - status and mitigation" Check the mitigation, it's really important.
https://www.circl.lu/pub/tr-58/ pic.twitter.com/DWj7bsvbbw
Bash script using Nmap to detect server systems vulnerable to CVE-2020-0796 aka #CoronaBlue #SmbGhost
- use it to scan the internet range, networks with attack surface (shared zones with providers / suppliers) etc.
https://gist.github.com/nikallass/40f3215e6294e94cde78ca60dbe07394 …
We saw an increase of Tor hidden services related to #Corona #COVID19 such as criminals selling fake vaccine or masks. Collected via the open source AIL framework
https://github.com/CIRCL/AIL-framework/ …pic.twitter.com/nz6W8skU75
CVE-2020-0796 - a "wormable" SMBv3 vulnerability.
Great...
pic.twitter.com/E3uPZkOyQN
"BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3."
"Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute RCE"
Trend Micro's Vit Sembera has analysed the Geost Android botnet
https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-geost-exposing-the-anatomy-of-the-android-trojan-targeting-russian-banks/ …
Geost was first analysed by researchers from the Stratosphere Lab in a #VB2019 paper
https://www.virusbulletin.com/blog/2019/10/vb2019-paper-geost-botnet-story-discovery-new-android-banking-trojan-opsec-error/ …pic.twitter.com/MM6xvIldJT
"An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
Welcome to 1995 > RT @circl_lu: “The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted” in Qualcomm Snapdragon and others.
Analysing TCP port scan of Mirai-based botnets. By analysing the TCP initial sequence number from black-hole monitoring from the D4 project, we discover interesting insights about the targeted equipments. #mirai #ThreatIntel #infosec
https://www.d4-project.org/2020/03/06/analyzer-d4-isn.html …pic.twitter.com/zHYRMFQ2nj
- Web site:
- https://www.circl.lu/
- Twitter:
- https://twitter.com/circl_lu
CIRCL is the #CERT (Computer Emergency Response Team) for the private sector, communes and non-governmental entities in #Luxembourg.
Joined Nov 2019
