Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability

www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.

New Extortion Scam Threatens to Ruin a Website’s Reputation

www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million

www.bleepingcomputer.com/news/security/quest-labcorp-amca-sued-for-breach-impacting-over-19-million/
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30, 2019.

Troy Hunt: Messy Password Problem Isnt Getting Better

threatpost.com/troy-hunt-messy-password-problem/145439/
The security world is facing a major issue that has led to widespread breaches, data exposure, and more and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things (IoT) devices. Poor password hygiene including reusing passwords or picking easy-to-guess passwords is greatly exacerbating many of the major issues that plague the cybersecurity landscape, said Troy Hunt, creator of Have I Been Pwned?, who spoke Thursday at the Infosecurity Europe conference.

You might be interested in …

Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa US aerospace services provider breached by Maze Ransomware www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached […]

Read More

Daily NCSC-FI news followup 2020-03-19

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Hackers […]

Read More

Daily NCSC-FI news followup 2019-11-13

While CISOs Fret, Business Leaders Tout Security Robustness www.darkreading.com/operations/while-cisos-fret-business-leaders-tout-security-robustness/d/d-id/1336342 Nominet recently surveyed nearly 300 senior security and IT practitioners, including CISOs, CIOs, and CTOs from the US and UK. The survey sought to assess the level of confidence among executives about their organizations’ cybersecurity posture and readiness to deal with threats.. Seventy percent of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.