Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack

threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages.

Padding the Struct: How a Compiler Optimization Can Disclose Stack Memory

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/padding-the-struct-how-a-compiler-optimization-can-disclose-stack-memory/ In their eternal quest for more performance, compilers like GCC perform clever optimizations behind the scenes to make your code more performant, among other optimization classes. One example of this is adding padding to struct objects so that accessing their members is memory-aligned and therefore faster.

Nasty PHP7 remote code execution bug exploited in the wild

www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/ New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers. A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

Ulottaako Google valvontalonkeronsa jo liian pitkälle? Työntekijät esittävät tiukkoja syytöksiä

www.tivi.fi/uutiset/tv/55ce6a91-f0a1-449d-9c12-11c9b8eea65a Googlen työntekijät syyttävät yhtiötä sisäisen tarkkailutyökalun valmistamisesta. Kyseisen työkalun tarkoitus on urkkia työntekijöitä, jotka valmistelevat verkossa yli sadan hengen joukkotapaamisia. Näiden epäillään olevan organisoitua protesteja. Asiasta kertovat uutistoimisto Bloomberg ja The Next Web.

New FuxSocy Ransomware Impersonates the Notorious Cerber

www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/ A new ransomware has been discovered called FuxSocy that borrows much of its behavior from the notorious and now-defunct Cerber Ransomware. Discovered by MalwareHunterTeam, this ransomware calls itself FuxSocy Encryptor, which is named after the FSociety hacking group in the Mr. Robot television series. Like any other ransomware, FuxSocy will encrypt a victim’s files and then demand a ransom in order to get a decryptor.

Scammer Stole $500K from Ocala, FL in Spear Phishing Attack

www.tripwire.com/state-of-security/security-data-protection/scammer-stole-500k-from-ocala-fl-in-spear-phishing-attack/ A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an email that appeared to come from a construction company thats currently working with the City. Upon seeing a payment request for services performed, the employee complied and electronically sent over $640,000 to the bank account

Jokers Stash Upgrades With Large SSN Offering and Support Infrastructure

www.recordedfuture.com/jokers-stash-infrastructure/ The Jokers Stash marketplace has evolved both its offerings and its infrastructure to better support its clientele. The forum operators have moved beyond carding to include a variety of personally identifiable information (PII) on victims, including contact information and Social Security numbers (SSNs). This represents an escalation in the type of data that Jokers Stash operators are selling. Additionally, the actors have continued to provide dedicated domains and servers for their buyers but have moved the infrastructure off of Tor, allowing the infrastructure to be enumerated and tracked.

You might be interested in …

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2020-07-16

Britannia, USA ja Kanada epäilevät Venäjää koronarokotetutkijoiden vakoilusta yle.fi/uutiset/3-11451847 Maiden mukaan hakkeriryhmä APT29 eli Cozy Bear on hyökännyt rokotetutkimuksessa mukana olevia tutkimusryhmiä vastaan, niin akateemisia kuin lääketeollisuudenkin. Katso myös: www.ncsc.gov.uk/news/uk-and-allies-expose-russian-attacks-on-coronavirus-vaccine-development ja www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Useita poliitikkojen ja julkisuuden henkilöiden Twitter-tilejä kaapattiin – Bitcoin-valuuttaa onnistuttiin huijaamaan yli 100 000 euron arvosta yle.fi/uutiset/3-11450130 Viestejä lähetettiin muun muassa Yhdysvaltojen entisen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.