QuoIntelligence’s Weekly Intelligence Snapshot for the week of 5 February – 12 March 2020 is now available! Find the summary below and subscribe to our mailing list at the bottom if you want to receive Weekly summaries and other regular updates from us!

CYBER

Threat Actor

ESET researchers recently discovered cyber attacks they attributed to Turla cyberespionage group, targeting Armenian government websites in watering hole attacks with previously undocumented malware dubbed NetFlash and PyFlash.

Vulnerabilities

Microsoft released an advisory and emergency patch for a critical ‘wormable’ remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) affecting versions of Microsoft Windows 10 and Windows Servers. Separately, in this month’s Patch Tuesday, Microsoft released 115 security fixes for vulnerabilities in Microsoft Windows, Exchange Server, Windows Defender, Office, Internet Explorer, Edge, and more. Microsoft rates 26 of the 115 vulnerabilities as critical remote code execution (RCE) flaws, 88 as important, and one as moderate.

Source Incite security researchers disclosed a zero-day vulnerability existing in Zoho ManageEngine Desktop Central, along with a proof-of-concept code. Successful exploitation could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. As of 9 March, researchers observed active exploitation activity in the wild against the vulnerability. A security fix is available.

GEOPOLITICS

The World Health Organization (WHO) declared the coronavirus (COVID-19) outbreak a pandemic on 11 March, as it continues spreading globally including in Europe. In Europe, the case of infections reached 28,000, with more than 1,191 deaths by the time of publication. The impact of coronavirus has resulted in drastic market falls globally and governments are attempting to stem the outbreak in differing ways.

OUTLOOK

17 March – Turkish President Erdogan to hold summit with President Macron and Chancellor Merkel on refugee crisis