Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability

www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.

New Extortion Scam Threatens to Ruin a Website’s Reputation

www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million

www.bleepingcomputer.com/news/security/quest-labcorp-amca-sued-for-breach-impacting-over-19-million/
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30, 2019.

Troy Hunt: Messy Password Problem Isnt Getting Better

threatpost.com/troy-hunt-messy-password-problem/145439/
The security world is facing a major issue that has led to widespread breaches, data exposure, and more and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things (IoT) devices. Poor password hygiene including reusing passwords or picking easy-to-guess passwords is greatly exacerbating many of the major issues that plague the cybersecurity landscape, said Troy Hunt, creator of Have I Been Pwned?, who spoke Thursday at the Infosecurity Europe conference.

You might be interested in …

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Daily NCSC-FI news followup 2020-02-16

Rikolliset huijasivat 2,6 miljoonaa Puerto Ricon hallitukselta www.tivi.fi/uutiset/tv/be9c0d32-bac0-42b0-ae4d-2ea0bca660cc Puerto Ricossa on paljastunut tapaus, jossa hakkerit ovat onnistuneet saamaan omalle tililleen peräti 2,6 miljoonaa paikallisen hallinnon rahoja. Tarkkaa huijauskeinoa ei ole paljastettu, mutta Softpedian mukaan hakkerit onnistuivat jollakin konstilla vaihtamaan yhden tilinumeron, ja sitä kautta rahat valuivat vääriin käsiin. Israelilaissotilaita houkuteltiin naisten avulla – seksikuvien sijasta […]

Read More

Daily NCSC-FI news followup 2019-06-27

Firefox Will Give You a Fake Browsing History to Fool Advertisers www.vice.com/en_us/article/43j8qm/firefox-will-give-you-a-fake-browsing-history-to-fool-advertisers Using the ‘Track THIS’ tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. Google Public DNS over HTTPS (DoH) supports RFC 8484 standard security.googleblog.com/2019/06/google-public-dns-over-https-doh.html Ever since […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.