Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability

www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.

New Extortion Scam Threatens to Ruin a Website’s Reputation

www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million

www.bleepingcomputer.com/news/security/quest-labcorp-amca-sued-for-breach-impacting-over-19-million/
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30, 2019.

Troy Hunt: Messy Password Problem Isnt Getting Better

threatpost.com/troy-hunt-messy-password-problem/145439/
The security world is facing a major issue that has led to widespread breaches, data exposure, and more and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things (IoT) devices. Poor password hygiene including reusing passwords or picking easy-to-guess passwords is greatly exacerbating many of the major issues that plague the cybersecurity landscape, said Troy Hunt, creator of Have I Been Pwned?, who spoke Thursday at the Infosecurity Europe conference.

You might be interested in …

Daily NCSC-FI news followup 2020-04-16

Linksys asks users to reset passwords after hackers hijacked home routers last month www.zdnet.com/article/linksys-asks-users-to-reset-passwords-after-hackers-hijacked-home-routers-last-month/ Linksys locks Smart WiFi cloud accounts and asks users to reset passwords after hackers hijacked routers to redirect traffic to malware sites. Continued Threat Actor Exploitation Post Pulse Secure VPN Patching www.us-cert.gov/ncas/alerts/aa20-107a This Alert provides an update to Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.