NCSC-FI News followup

Daily NCSC-FI news followup 2019-10-02

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping Cequence Securitys CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected.

How SMBs Can Mitigate the Growing Risk of File-based Attacks In the midst of rising threats, here are some ways on how SMBs can mitigate file-based attacks.

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos.

A recent example of Emotet malspam Shown below is an example of malicious spam (malspam) pushing Emotet malware. It has an attached Word document with macros designed to install Emotet on a vulnerable Windows host.

Ransomware Attacks Leave U.S. Hospitals Turning Away Patients A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments.

Falcon OverWatch Threat Hunting Report Finds an Increase in eCrime as Adversaries Mature Their Skills The CrowdStrike® Falcon OverWatch elite threat hunting team has released a new report, The 2019 OverWatch Mid-Year Report: Observations from the Front Lines of Threat Hunting.

Fake Browser Updates Infect Enterprises with Ransomware, Bankers Attackers are utilizing hacked web sites that promote fake browser updates to infect targets with banking trojans. In some cases, post exploitation toolkits are later executed to encrypt the compromised network with ransomware.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service What The Code Tells Us McAfees Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story?

This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019.

Virus Bulletin 2019: Japanese Attacks Highlight Savvy APT Strategy According to researchers at JPCERT in Japan, speaking at Virus Bulletin 2019, both the APT17 and Bronze Butler threat groups have carried out ongoing campaigns that use the same techniques, swapping out exploits as new exploits are developed.

Threat Group Uses, BlogSpot, Pastebin to Deliver Trojans, RATs A malicious campaign targeting corporations from all over the world was observed while using a combination of pages hosted on, BlogSpot, and Pastebin to deliver Azorult and RevengeRAT malware

Poliisin kyberkeskuksen uusi päällikkö muistuttaa: “Kyberrikollisuus löytää jatkuvasti uusia muotoja, joihin kaikkien tulee varautua” Jokaisen netinkäyttäjän tulee varautua siihen, että verkkoviestintä ei ole aina täysin turvallista. Vaikka kyberrikollisuus on yhä monimuotoisempaa, muutamalla perustoimenpiteellä pääsee hyvään alkuun: huolehdi tietokoneen tietoturvasta, käyttäjätunnuksista ja salasanoista ja mieti mitä tietoja annat itsestäsi internetissä, muistuttaa Poliisin kyberkeskuksen uusi päällikkö, rikostarkastaja Mikko Rauhamaa.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.