Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan

www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As in their previous campaigns, this payload consists of a packer and a payload. However, both of these are different from the ones we have encountered previously.

A malicious website can infect my iPhone. Fact or fiction?

www.kaspersky.com/blog/malicious-websites-infect-iphones/28493/ The idea that iPhones are totally immune to threats has been debunked time after time. In fact, though the Apple smartphones may present a smaller target than Android devices, some say you can pick up all sorts of malware just by opening a dangerous website, without knowingly downloading and installing anything from that site. In this post, we find out whether that is true.

The Zero Trust Approach for the Cloud

blog.paloaltonetworks.com/2019/09/cloud-zero-trust-approach/ The term Zero Trust has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are tasked with protecting their systems from outside attacks as well as from within the organization.

How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

securityintelligence.com/posts/how-can-financial-services-stem-the-tide-of-mobile-phishing-attacks/ According to Forgerock, the financial services industry suffered $6.2 billion in damage from cyberattacks in Q1 2019, up from $8 million in Q1 2018 a 77,400 percent increase. HSBC, JP Morgan and PayPal are just a few of the financial institutions that have experienced data breaches. Even less established digital natives such as Monzo, Nutmeg and Coinbase have fallen foul. No one is immune.

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization – including the loss of access to data, systems, and operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming. Ransomware has become an increasingly popular choice for attackers over the past few years, and its easy to understand why given how simple it is to leverage in campaigns while offering a healthy financial return for attackers.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/ One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam site to specific email addresses. While some of the samples we found were for spamming and for redirecting users to cryptocurrency scam sites, the spam botnets routine may be used to spread malware to more systems and vulnerable servers.

Apple iOS Attack Underscores Importance of Threat Research

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/ The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to compromise iPhones, even the latest versions of the operating system, for more than two years. It takes remarkable talent and resources to operate this kind of infrastructure without being detected, as potentially thousands of users were compromised without the ca

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

threatpost.com/android-zero-day-bug-opens-door-to-privilege-escalation-attack-researchers-warn/148014/ The zero-day vulnerability could enable privilege escalation, and is not part of Googles Android September security update. Researchers are warning of a high-severity zero-day vulnerability in Googles Android operating system, which if exploited could give a local attacker escalated privileges on a targets device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 does not validate the existence of an object prior to performing operations on the object, according to researchers with Zero Day Initiative (ZDI). . Also: www.zdnet.com/article/zero-day-disclosed-in-android-os/.


A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/ Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers. A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks.

A huge database of Facebook users phone numbers found online

techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/ Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

Sipe Santapukki joutui nettihuijauksen keulakuvaksi: Kyllähän tuo vit

You might be interested in …

Daily NCSC-FI news followup 2019-07-19

Security Lessons From a New Programming Language www.darkreading.com/application-security/security-lessons-from-a-new-programming-language/d/d-id/1335300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process. It’s never good when ‘Magecart’ and ‘bulletproof’ appear in the same sentence, but here we are www.theregister.co.uk/2019/07/18/magecart_ukraine_hosting/ Researchers with security shop Malwarebytes […]

Read More

Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.