CIRCL (Twitter feed) @circl@mastodon.opencloud.lu

"In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."

https://cve.circl.lu/cve/CVE-2020-11022 …

Kaspersky researchers analysed PhantomLance, Android malware linked to the OceanLotus APT group that was found on Google Play
https://securelist.com/apt-phantomlance/96772/ …pic.twitter.com/39l28GCijl

The registration for the AIL project virtual session is full. We were surprised by the number of registrations for our first virtual training about AIL. The session will be recorded and we will do more session after. Thank you very much!

https://twitter.com/circl_lu/status/1254780794830086144 …pic.twitter.com/fvXFx3nnGR

The folks at @circl_lu do great work, so if you work in leak collection/processing you should definitely look at their AIL framework and catch their sessions if you can
https://twitter.com/circl_lu/status/1255589292019200001 …

"BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence."

https://cve.circl.lu/cve/CVE-2020-12443 …

LIVE STREAMING at 18.00 with @miguelgsb | Building synergies and optimising cooperation: how far can the EU cyber capacity go?

#EUCyberCompetence

Find out more:

https://www.pubaffairsbruxelles.eu/invitation-building-synergies-and-optimising-cooperation-how-far-can-eu-cyber-capacity-go-april-29/ …

"Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter."

https://cve.circl.lu/cve/CVE-2020-12246 …

Disinfo crowd should check out this 2 hour training on the AIL project. They just released a Twitter feeder (and adding new scrapers is pretty simple). @bodaceacat @Ngree_H0bit @carljackmiller
https://twitter.com/circl_lu/status/1254780794830086144 …

Adequate awareness of & response to #cyberattacks aimed at member states or #EU is key nowadays

This #CEFTelecom project is enhancing #Cybersecurity by improving @intelmq & @CERT_at ’s incident handling capabilities & internal security

https://bit.ly/2Yf8IjG 
https://twitter.com/CERT_at/status/1255208420405202945 …pic.twitter.com/n0kV3HEyMN

We @circl_lu and @secin_lu just saw a Malspam impersonating @uni_lu . The sample was not detected by any AV software, at the time of delivery. Email subject: 'Ufro fir Zitat (Uni Lëtzebuerg) EUI894/BU4600'

The #COVID19 crisis has undoubtly changed the world we are living in.

However, we want to look at the bright (light) side and focus on the lessons learned by speakers of the public and private sectors.

For more info & registration:
https://securitymadein.lu/events/may-the-4th-be-with-you-first-lessons-of-the-covid-crisis/ …pic.twitter.com/vsQClHu59p

Call for testers! We have pre released our new project called DRAKVUF Sandbox, which is a hypervisor-level malware analysis system which incorporates #DRAKVUF by @tklengyel.

We invite to test it and any feedback on GitHub would be appreciated!
https://github.com/CERT-Polska/drakvuf-sandbox/releases/tag/v0.2.1 …

"Darkweb monitoring and leak detection with the open source AIL project - Practical examples and new features - Free Virtual session" 05 May 2020 15:00-17:00 Registration:
https://www.xing-events.com/FGGBEWA.html  Join us!pic.twitter.com/823wmYFzFv

"Grafana version < 6.7.3 is vulnerable for annotation popup XSS."

https://cve.circl.lu/cve/CVE-2020-12052 …

AIL integration with @MISPProject improved in the past months. If you never look at the open source AIL project, it's time to have a look at their webinar next week.
https://twitter.com/circl_lu/status/1254780794830086144 …

"ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field"

https://cve.circl.lu/cve/CVE-2019-18223 …

Kudos to Sophos for publishing its own analysis of the attack that exploited zero-day vulnerabilities in its firewall products. Not only (and mostly importantly) is this the grown-up thing to do, it also helps them control the conversation
https://news.sophos.com/en-us/2020/04/26/asnarok/ …

"The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php."

https://cve.circl.lu/cve/CVE-2020-12070 …

"A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2."

https://cve.circl.lu/cve/CVE-2020-7134 …

Malspam campaign sent from compromised email accounts, distributing #Gozi in Italy Spammed Excel (XLS) is completely undetected by AV

XLS:

https://bazaar.abuse.ch/sample/4b462d7cd8e4ba2d1da7332df73f99f89a4da71357fb855e9b9e8cc3949f40d6 …

EXE:

https://bazaar.abuse.ch/sample/d04ce36b2c6a5888bf4c413ed5a1c8d2e16af857957742059e7f4de74d36d854 …

Payload URL:

https://urlhaus.abuse.ch/url/350489/ pic.twitter.com/skuPg75WYS