Daily NCSC-FI news followup 2019-09-06

Critical Exim TLS Flaw Lets Attackers Remotely Execute Commands as Root

www.bleepingcomputer.com/news/security/critical-exim-tls-flaw-lets-attackers-remotely-execute-commands-as-root/ The bug allows local or unauthenticated remote attackers to execute programs with root privileges on servers that accept TLS connections.

Metasploit team releases BlueKeep exploit

www.zdnet.com/article/metasploit-team-releases-bluekeep-exploit/ Metasploit BlueKeep module can achieve code execution, is easy to use.. BlueKeep, also known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service in older versions of the Windows operating system (Windows XP, Windows 2003, Windows 7, Windows Server 2008, and Windows Server 2008 R2).

GootKit Malware Bypasses Windows Defender by Setting Path Exclusions

www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/ As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection. Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows Defender Antivirus.

Lilocked Ransomware Actively Targeting Servers and Web Sites

www.bleepingcomputer.com/news/security/lilocked-ransomware-actively-targeting-servers-and-web-sites/ A relatively new ransomware named Lilocked by researchers and Lilu by the developers is actively targeting servers and encrypting the data located on them. All of the known infected servers are web sites, which is causing the encrypted files to show up in Google search results.

Ransomware Protection Strategies

www.us-cert.gov/ncas/current-activity/2019/09/06/ransomware-protection-strategies The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent, mitigate, and recover against ransomware

Over $37 Million Lost by Toyota Boshoku Subsidiary in BEC Scam

www.bleepingcomputer.com/news/security/over-37-million-lost-by-toyota-boshoku-subsidiary-in-bec-scam/ Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, announced today that one of its European subsidiaries lost more than $37 million following a business email compromise (BEC) attack.

China hacked Asian telcos to spy on Uighur travelers: sources

www.reuters.com/article/us-china-cyber-uighurs-idUSKCN1VQ1A5 Hackers working for the Chinese government have broken into telecoms networks to track Uighur travelers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.

Belarusian police shut down notorious hacking forum

www.zdnet.com/article/belarusian-police-shut-down-notorious-hacking-forum/ XakFor served as a cybercrime hub for Russian-speaking criminals since 2012.

Facebook, Microsoft: We’ll pay out $10m for tech to spot deepfake videos

www.zdnet.com/article/facebook-microsoft-well-pay-out-10m-for-tech-to-spot-deepfake-videos/ Facebook will create its own deepfake videos to help build a system that can detect them.

FunkyBot Malware Intercepts Android Texts, 2FA Codes

threatpost.com/funkybot-malware-intercepts-android-texts-2fa-codes/148059/ The spyware poses as a legitimate application, spreading via SMS messages to victims contact lists.

Chinas APT3 Pilfers Cyberweapons from the NSA

threatpost.com/chinas-apt3-pilfers-cyberweapons-nsa/148086/ Large portions of APT3s remote code-execution package were likely reverse-engineered from prior attack artifacts.

600,000 GPS trackers left exposed online with a default password of ‘123456’

www.zdnet.com/article/600000-gps-trackers-left-exposed-online-with-a-default-password-of-123456/ At least 600,000 GPS trackers manufactured by a Chinese company are using the same default password of “123456,” security researchers from Czech cyber-security firm Avast disclosed today.

Malware Classification with Graph Hash, Applied to the Orca Cyberespionage Campaign

blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/ Our research, which weve named Graph Hash, builds on the advantages of these two approaches by calculating the hash of executable files using a graph view, which would help in classifying malware more consistently and efficiently. Our research aims to provide a viable approach to malware classification, which, in turn, can help in the sharing of actionable threat intelligence beyond simple checksums, such as MD5s and secure hash algorithm (S

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.