Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika

www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi.

Detecting and Preventing Emotet 2019 Campaign

media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the known Command-and-Control (CnC) servers started responding again. . ince September 16th, 2019, CERT-EU has been observing new phishing campaigns. To detect and prevent infection, CERT-EU analysed the behavior of those new versions of Emotet and hereby provides some recommendations for the SOC teams.

New Critical Exim Flaw Exposes Email Servers to Remote Attacks Patch Released

thehackernews.com/2019/09/exim-email-security-vulnerability.html A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.

Malvertiser exploited two browser bugs to show over one billion malicious ads

www.zdnet.com/article/malvertiser-exploited-two-browser-bugs-to-show-over-one-billion-malicious-ads/ Over the past six months, a criminal group specialized in showing malicious ads (malvertising) has used two obscure browser bugs to bypass browser security protections and successfully show intrusive popup ads and redirect users to malicious sites.

New PDFex attack can exfiltrate data from encrypted PDF files

www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/ German academics have developed a new attack that can extract and steal data from encrypted PDF files, sometimes without user interaction. Named PDFex, the new attack comes in two variations and was successfully tested against 27 desktop and web PDF viewers.

You might be interested in …

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. […]

Read More

Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.