Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

Microsoft warns of new BlueKeeplike flaws

www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to BlueKeep, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws tracked as CVE20191181, CVE20191182, CVE20191222 and CVE20191226 can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS.

Analysis: New Remcos RAT Arrives Via Phishing Email

blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Remcos RAT emerged in 2016 being peddled as a service in hacking forums advertised, sold, and offered cracked on various sites and forums. The RAT appears to still be actively pushed by cybercriminals. In 2017, we reported spotting Remcos being delivered via a malicious PowerPoint slideshow, embedded with an exploit for CVE-2017-0199. Recently, the RAT has made its way to phishing emails.

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

cofense.com/remote-access-trojan-uses-sendgrid-slip-proofpoint/ The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Heres how it works:

Mineraalijätti Omyan tehtaista moni yhä pysähdyksissä verkko­hyökkäyksen vuoksi: häiriöt voivat heijastua muuhun teollisuuteen

www.hs.fi/teknologia/art-2000006205730.html TEOLLISUUSMINERAALEJA louhivaan ja valmistavaan kansainväliseen Omya-konserniin kohdistuneen verkkohyökkäyksen jälkiä ei ole saatu vieläkään korjattua. Tehtaista reilu puolet on saatu nyt takaisin toimintaan.

You might be interested in …

Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of […]

Read More

Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher […]

Read More

Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2 arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.