May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to cause a denial-of-service (DoS) condition. Source
May 14, V3.co.uk – (International) APT17 DeputyDog hackers are pushing Blackcoffee malware using TechNet. Research by FireEye revealed that the APT17 threat group used posts and profiles on the TechNet blog as a way to conceal their use of the Blackcoffee backdoor by embedding strings that the malware would decode to find and communicate with the malware’s true command-and-control (C&C) server. The TechNet blog was not compromised and the operation was shut down, but FireEye warned that other groups may mimic the tactic. Source
May 13, Threatpost – (International) XSS, CSRF vulnerabilities identified in WSO2 Identity Server. Researchers at SEC Consult discovered three cross-site scripting (XSS), cross-site request forgery (CSRF), and extensible markup language (XML) external injection vulnerabilities in version 5.0.0 of WSO2 Identity Server that could allow an attacker to take over a victim’s session, add arbitrary users to the server, or inject arbitrary XML entities. Source
May 13, Securityweek – (International) Flaw found in OSIsoft product deployed in critical infrastructure sectors. OSIsoft advised customers to mitigate an incorrect default permissions vulnerability in its PI Asset Framework (PI AF) in which an unauthorized remote attacker could leverage “Trusted Users” group status in some product installations to execute arbitrary structured query language (SQL) statements on the affected system, potentially leading to information disclosure, data tampering, privilege escalation, and/or denial-of-service (DoS) conditions. Source
May 13, Dark Reading – (International) Oil & gas firms hit by cyber attacks that forgo malware. Panda Lab researchers discovered a unique targeted attack campaign dubbed Phantom Menace that has infiltrated and stolen credentials from 10 international oil and gas maritime transportation companies since August 2013, via a spear-phishing email containing a fake Adobe PDF file utilizing a file transfer protocol (FTP) server. The attackers contact oil brokers and request a fee in exchange for fake barrels of oil sold at a discounted rate, which are never delivered. Source