Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan

www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As in their previous campaigns, this payload consists of a packer and a payload. However, both of these are different from the ones we have encountered previously.

A malicious website can infect my iPhone. Fact or fiction?

www.kaspersky.com/blog/malicious-websites-infect-iphones/28493/ The idea that iPhones are totally immune to threats has been debunked time after time. In fact, though the Apple smartphones may present a smaller target than Android devices, some say you can pick up all sorts of malware just by opening a dangerous website, without knowingly downloading and installing anything from that site. In this post, we find out whether that is true.

The Zero Trust Approach for the Cloud

blog.paloaltonetworks.com/2019/09/cloud-zero-trust-approach/ The term Zero Trust has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are tasked with protecting their systems from outside attacks as well as from within the organization.

How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

securityintelligence.com/posts/how-can-financial-services-stem-the-tide-of-mobile-phishing-attacks/ According to Forgerock, the financial services industry suffered $6.2 billion in damage from cyberattacks in Q1 2019, up from $8 million in Q1 2018 a 77,400 percent increase. HSBC, JP Morgan and PayPal are just a few of the financial institutions that have experienced data breaches. Even less established digital natives such as Monzo, Nutmeg and Coinbase have fallen foul. No one is immune.

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization – including the loss of access to data, systems, and operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming. Ransomware has become an increasingly popular choice for attackers over the past few years, and its easy to understand why given how simple it is to leverage in campaigns while offering a healthy financial return for attackers.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/ One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam site to specific email addresses. While some of the samples we found were for spamming and for redirecting users to cryptocurrency scam sites, the spam botnets routine may be used to spread malware to more systems and vulnerable servers.

Apple iOS Attack Underscores Importance of Threat Research

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/ The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to compromise iPhones, even the latest versions of the operating system, for more than two years. It takes remarkable talent and resources to operate this kind of infrastructure without being detected, as potentially thousands of users were compromised without the ca

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

threatpost.com/android-zero-day-bug-opens-door-to-privilege-escalation-attack-researchers-warn/148014/ The zero-day vulnerability could enable privilege escalation, and is not part of Googles Android September security update. Researchers are warning of a high-severity zero-day vulnerability in Googles Android operating system, which if exploited could give a local attacker escalated privileges on a targets device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 does not validate the existence of an object prior to performing operations on the object, according to researchers with Zero Day Initiative (ZDI). . Also: www.zdnet.com/article/zero-day-disclosed-in-android-os/.


A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/ Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers. A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks.

A huge database of Facebook users phone numbers found online

techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/ Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

Sipe Santapukki joutui nettihuijauksen keulakuvaksi: Kyllähän tuo vit

You might be interested in …

[NCSC-FI News] WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers

In court documents unsealed on Wednesday, an FBI agent wrote that the WatchGuard firewalls hacked by Sandworm were “vulnerable to an exploit that allows unauthorized remote access to the management panels of those devices.” It wasn’t until after the court document was public that WatchGuard published this FAQ, which for the first time made reference […]

Read More

[NCSC-FI News] Webcam hacking: How to know if someone may be spying on you through your webcam

Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2021-12-03

Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers therecord.media/germany-warns-of-ransomware-attacks-over-christmas-citing-emotet-return-unpatched-exchange-servers/ The German cybersecurity authority has told German organizations to expect ransomware and other cyber-attacks over the Christmas and end-of-year holidays, citing the return of the Emotet botnet and the large number of Microsoft Exchange email servers that have been left unpatched. […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.