Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability

www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.

New Extortion Scam Threatens to Ruin a Website’s Reputation

www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million

www.bleepingcomputer.com/news/security/quest-labcorp-amca-sued-for-breach-impacting-over-19-million/
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30, 2019.

Troy Hunt: Messy Password Problem Isnt Getting Better

threatpost.com/troy-hunt-messy-password-problem/145439/
The security world is facing a major issue that has led to widespread breaches, data exposure, and more and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things (IoT) devices. Poor password hygiene including reusing passwords or picking easy-to-guess passwords is greatly exacerbating many of the major issues that plague the cybersecurity landscape, said Troy Hunt, creator of Have I Been Pwned?, who spoke Thursday at the Infosecurity Europe conference.

You might be interested in …

Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa? yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja. Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona […]

Read More

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Daily NCSC-FI news followup 2020-07-11

Trump confirms US conducted cyberattack against Russia in 2018 edition.cnn.com/2020/07/10/politics/donald-trump-us-russia-cyberattack/index.html President Donald Trump, for the first time, confirmed the US conducted a covert cyberattack in 2018 against Russia’s Internet Research Agency. Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/ A California jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.