Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating systems victims are using.

Most malspam contains a malicious URL these days, not file attachments

www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/ Most malicious email spam (malspam) sent in the first half of the year has contained links to malicious files, rather than file attachments, according to telemetry gathered by cyber-security firm Proofpoint.

Cyber-Attacks Hit Defense Contractors in Europe and North America

www.bleepingcomputer.com/news/security/cyber-attacks-hit-defense-contractors-in-europe-and-north-america/ Defense contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyber-attacks that impacted and disrupted their information technology systems.

Masad Stealer: Exfiltrating using Telegram

forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559 Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Using Telegram as a Command and Control (CnC) channel allows the malware some anonymity, as Telegram is a legitimate messaging application with 200 million monthly active users.

Daily NCSC-FI news followup 2019-12-24

Google Chrome impacted by new Magellan 2.0 vulnerabilities www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/ A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.. All apps that use an SQLite database to store data are vulnerable, although, the vector for “remote attacks over the internet” is How […]

Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware […]

Daily NCSC-FI news followup 2021-08-15

T-Mobile Investigating Claims of Massive Customer Data Breach www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile […]