Daily NCSC-FI news followup 2019-10-16

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people.

Docker Containers Riddled with Graboid Crypto-Worm

threatpost.com/docker-containers-graboid-crypto-worm/149235/ A worm with a randomized propagation method is spreading via the popular container technology.. The Docker cloud containerization technology is the target for a just-discovered cryptojacking worm dubbed Graboid.

On-Board Mystery Boxes Threaten Global Shipping Vessels

threatpost.com/on-board-mystery-boxes-threaten-global-shipping-vessels/149211/ Unknown, vulnerable systems are present in nearly every ship environment that researchers have pen-tested.. see also

www.pentestpartners.com/security-blog/unmasking-mystery-boxes-on-ships-bridges/

New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns

www.bleepingcomputer.com/news/security/new-sdbot-remote-access-trojan-used-in-ta505-malspam-campaigns/ Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot.

.WAVs Hide Malware in Their Depths in Innovative Campaign

threatpost.com/wavs-hide-malware/149240/ Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the files audio data.

Facebook Encourages Bug Hunting in Third-Party Services

www.bleepingcomputer.com/news/security/facebook-encourages-bug-hunting-in-third-party-services/ Facebook updated the terms of its bug bounty program for third-party services integrating with the platform to increase the rewards received by researchers.

Intelligence Gathering on U.S. Critical Infrastructure

www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/ This time I will present how Open Source Intelligence can be applied to reconnaissance on critical infrastructure. In many cases its possible to narrow a search to specific buildings like power plants, wastewater plants, or chemical and manufactured facilities. The research consists of 26,000 exposed devices in United States.

Daily NCSC-FI news followup 2019-11-28

Threat Spotlight: Machete Info-Stealer threatvector.cylance.com/en_us/home/threat-spotlight-machete-info-stealer.html Machete is an info-stealing malware that can harvest user credentials, chat logs, screenshots, webcam pictures, geolocation, and perform keylogging. It can also copy files to a USB device and take control of the clipboard to exfiltrate information. DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy www.schneier.com/blog/archives/2019/11/dhs_mandates_fe.html The DHS is […]

Daily NCSC-FI news followup 2020-06-13

Fraudster gets maximum jail time for news site DDoS extortion www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/ Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500, 000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites. Microsoft […]

Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP! thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa 48K Windows Hosts Vulnerable […]