Daily NCSC-FI news followup 2019-10-02

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

www.helpnetsecurity.com/2019/10/01/prying-eye-vulnerability/ Cequence Securitys CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected.

How SMBs Can Mitigate the Growing Risk of File-based Attacks

thehackernews.com/2019/10/business-cybersecurity-tips.html In the midst of rising threats, here are some ways on how SMBs can mitigate file-based attacks.

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

thehackernews.com/2019/10/yahoo-email-hacking.html An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos.

A recent example of Emotet malspam

isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/ Shown below is an example of malicious spam (malspam) pushing Emotet malware. It has an attached Word document with macros designed to install Emotet on a vulnerable Windows host.

Ransomware Attacks Leave U.S. Hospitals Turning Away Patients

threatpost.com/ransomware-attacks-leave-u-s-hospitals-turning-away-patients/148823/ A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments.

Falcon OverWatch Threat Hunting Report Finds an Increase in eCrime as Adversaries Mature Their Skills

www.crowdstrike.com/blog/falcon-overwatch-report-finds-increase-in-ecrime/ The CrowdStrike® Falcon OverWatch elite threat hunting team has released a new report, The 2019 OverWatch Mid-Year Report: Observations from the Front Lines of Threat Hunting.

Fake Browser Updates Infect Enterprises with Ransomware, Bankers

www.bleepingcomputer.com/news/security/fake-browser-updates-infect-enterprises-with-ransomware-bankers/ Attackers are utilizing hacked web sites that promote fake browser updates to infect targets with banking trojans. In some cases, post exploitation toolkits are later executed to encrypt the compromised network with ransomware.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service What The Code Tells Us

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ McAfees Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story?

This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019.


Virus Bulletin 2019: Japanese Attacks Highlight Savvy APT Strategy

threatpost.com/virus-bulletin-japanese-attacks-apt-strategygy/148859/ According to researchers at JPCERT in Japan, speaking at Virus Bulletin 2019, both the APT17 and Bronze Butler threat groups have carried out ongoing campaigns that use the same techniques, swapping out exploits as new exploits are developed.

Threat Group Uses Bit.ly, BlogSpot, Pastebin to Deliver Trojans, RATs

www.bleepingcomputer.com/news/security/threat-group-uses-bitly-blogspot-pastebin-to-deliver-trojans-rats/ A malicious campaign targeting corporations from all over the world was observed while using a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to deliver Azorult and RevengeRAT malware

Poliisin kyberkeskuksen uusi päällikkö muistuttaa: “Kyberrikollisuus löytää jatkuvasti uusia muotoja, joihin kaikkien tulee varautua”

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisin_kyberkeskuksen_uusi_paallikko_muistuttaa_kyberrikollisuus_loytaa_jatkuvasti_uusia_muotoja_joihin_kaikkien_tulee_varautua_84730?language=fi Jokaisen netinkäyttäjän tulee varautua siihen, että verkkoviestintä ei ole aina täysin turvallista. Vaikka kyberrikollisuus on yhä monimuotoisempaa, muutamalla perustoimenpiteellä pääsee hyvään alkuun: huolehdi tietokoneen tietoturvasta, käyttäjätunnuksista ja salasanoista ja mieti mitä tietoja annat itsestäsi internetissä, muistuttaa Poliisin kyberkeskuksen uusi päällikkö, rikostarkastaja Mikko Rauhamaa.

You might be interested in …

Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored […]

Read More

Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known […]

Read More

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.