Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

Microsoft warns of new BlueKeeplike flaws

www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to BlueKeep, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws tracked as CVE20191181, CVE20191182, CVE20191222 and CVE20191226 can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS.

Analysis: New Remcos RAT Arrives Via Phishing Email

blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Remcos RAT emerged in 2016 being peddled as a service in hacking forums advertised, sold, and offered cracked on various sites and forums. The RAT appears to still be actively pushed by cybercriminals. In 2017, we reported spotting Remcos being delivered via a malicious PowerPoint slideshow, embedded with an exploit for CVE-2017-0199. Recently, the RAT has made its way to phishing emails.

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

cofense.com/remote-access-trojan-uses-sendgrid-slip-proofpoint/ The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Heres how it works:

Mineraalijätti Omyan tehtaista moni yhä pysähdyksissä verkko­hyökkäyksen vuoksi: häiriöt voivat heijastua muuhun teollisuuteen

www.hs.fi/teknologia/art-2000006205730.html TEOLLISUUSMINERAALEJA louhivaan ja valmistavaan kansainväliseen Omya-konserniin kohdistuneen verkkohyökkäyksen jälkiä ei ole saatu vieläkään korjattua. Tehtaista reilu puolet on saatu nyt takaisin toimintaan.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.