Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan

www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As in their previous campaigns, this payload consists of a packer and a payload. However, both of these are different from the ones we have encountered previously.

A malicious website can infect my iPhone. Fact or fiction?

www.kaspersky.com/blog/malicious-websites-infect-iphones/28493/ The idea that iPhones are totally immune to threats has been debunked time after time. In fact, though the Apple smartphones may present a smaller target than Android devices, some say you can pick up all sorts of malware just by opening a dangerous website, without knowingly downloading and installing anything from that site. In this post, we find out whether that is true.

The Zero Trust Approach for the Cloud

blog.paloaltonetworks.com/2019/09/cloud-zero-trust-approach/ The term Zero Trust has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are tasked with protecting their systems from outside attacks as well as from within the organization.

How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

securityintelligence.com/posts/how-can-financial-services-stem-the-tide-of-mobile-phishing-attacks/ According to Forgerock, the financial services industry suffered $6.2 billion in damage from cyberattacks in Q1 2019, up from $8 million in Q1 2018 a 77,400 percent increase. HSBC, JP Morgan and PayPal are just a few of the financial institutions that have experienced data breaches. Even less established digital natives such as Monzo, Nutmeg and Coinbase have fallen foul. No one is immune.

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization – including the loss of access to data, systems, and operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming. Ransomware has become an increasingly popular choice for attackers over the past few years, and its easy to understand why given how simple it is to leverage in campaigns while offering a healthy financial return for attackers.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/ One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam site to specific email addresses. While some of the samples we found were for spamming and for redirecting users to cryptocurrency scam sites, the spam botnets routine may be used to spread malware to more systems and vulnerable servers.

Apple iOS Attack Underscores Importance of Threat Research

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/ The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to compromise iPhones, even the latest versions of the operating system, for more than two years. It takes remarkable talent and resources to operate this kind of infrastructure without being detected, as potentially thousands of users were compromised without the ca

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

threatpost.com/android-zero-day-bug-opens-door-to-privilege-escalation-attack-researchers-warn/148014/ The zero-day vulnerability could enable privilege escalation, and is not part of Googles Android September security update. Researchers are warning of a high-severity zero-day vulnerability in Googles Android operating system, which if exploited could give a local attacker escalated privileges on a targets device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 does not validate the existence of an object prior to performing operations on the object, according to researchers with Zero Day Initiative (ZDI). . Also: www.zdnet.com/article/zero-day-disclosed-in-android-os/.


A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/ Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers. A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks.

A huge database of Facebook users phone numbers found online

techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/ Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

Sipe Santapukki joutui nettihuijauksen keulakuvaksi: Kyllähän tuo vit

You might be interested in …

Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/ The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. 2, 000 coronavirus scammers taken offline in major phishing crackdown www.zdnet.com/article/2000-coronavirus-scammers-taken-offline-in-major-phishing-crackdown/ And now cybersecurity authorities want your help with spotting […]

Read More

Daily NCSC-FI news followup 2021-02-10

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7 www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/ An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. French MNH health insurance company hit by RansomExx ransomware www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/ French health insurance company Mutuelle Nationale des Hospitaliers (MNH) […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.