Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability

www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.

New Extortion Scam Threatens to Ruin a Website’s Reputation

www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/
A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site’s reputation and get them blacklisted for spam. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, further extortion scams were created that pretend to be the CIA, bomb threats, and even from hitmen asking you to pay them to call off their hit.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million

www.bleepingcomputer.com/news/security/quest-labcorp-amca-sued-for-breach-impacting-over-19-million/
Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that the personal and medical information of over 19 million of their customers was exposed in a data breach. The data breach which impacted the clients of both companies was caused by the web payment page breach of billing collections service provider American Medical Collection Agency (AMCA) between August 1, 2018, and March 30, 2019.

Troy Hunt: Messy Password Problem Isnt Getting Better

threatpost.com/troy-hunt-messy-password-problem/145439/
The security world is facing a major issue that has led to widespread breaches, data exposure, and more and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things (IoT) devices. Poor password hygiene including reusing passwords or picking easy-to-guess passwords is greatly exacerbating many of the major issues that plague the cybersecurity landscape, said Troy Hunt, creator of Have I Been Pwned?, who spoke Thursday at the Infosecurity Europe conference.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.