Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack

threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages.

Padding the Struct: How a Compiler Optimization Can Disclose Stack Memory

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/padding-the-struct-how-a-compiler-optimization-can-disclose-stack-memory/ In their eternal quest for more performance, compilers like GCC perform clever optimizations behind the scenes to make your code more performant, among other optimization classes. One example of this is adding padding to struct objects so that accessing their members is memory-aligned and therefore faster.

Nasty PHP7 remote code execution bug exploited in the wild

www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/ New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers. A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

Ulottaako Google valvontalonkeronsa jo liian pitkälle? Työntekijät esittävät tiukkoja syytöksiä

www.tivi.fi/uutiset/tv/55ce6a91-f0a1-449d-9c12-11c9b8eea65a Googlen työntekijät syyttävät yhtiötä sisäisen tarkkailutyökalun valmistamisesta. Kyseisen työkalun tarkoitus on urkkia työntekijöitä, jotka valmistelevat verkossa yli sadan hengen joukkotapaamisia. Näiden epäillään olevan organisoitua protesteja. Asiasta kertovat uutistoimisto Bloomberg ja The Next Web.

New FuxSocy Ransomware Impersonates the Notorious Cerber

www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/ A new ransomware has been discovered called FuxSocy that borrows much of its behavior from the notorious and now-defunct Cerber Ransomware. Discovered by MalwareHunterTeam, this ransomware calls itself FuxSocy Encryptor, which is named after the FSociety hacking group in the Mr. Robot television series. Like any other ransomware, FuxSocy will encrypt a victim’s files and then demand a ransom in order to get a decryptor.

Scammer Stole $500K from Ocala, FL in Spear Phishing Attack

www.tripwire.com/state-of-security/security-data-protection/scammer-stole-500k-from-ocala-fl-in-spear-phishing-attack/ A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an email that appeared to come from a construction company thats currently working with the City. Upon seeing a payment request for services performed, the employee complied and electronically sent over $640,000 to the bank account

Jokers Stash Upgrades With Large SSN Offering and Support Infrastructure

www.recordedfuture.com/jokers-stash-infrastructure/ The Jokers Stash marketplace has evolved both its offerings and its infrastructure to better support its clientele. The forum operators have moved beyond carding to include a variety of personally identifiable information (PII) on victims, including contact information and Social Security numbers (SSNs). This represents an escalation in the type of data that Jokers Stash operators are selling. Additionally, the actors have continued to provide dedicated domains and servers for their buyers but have moved the infrastructure off of Tor, allowing the infrastructure to be enumerated and tracked.

You might be interested in …

Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals […]

Read More

Daily NCSC-FI news followup 2019-08-03

Joosua sai palkkion hakkeroinnista: Menneinä vuosina ei katsottu hyvällä www.is.fi/digitoday/tietoturva/art-2000006192538.html Joosua Santasalo sai tuntuvan palkkion löytämästään tietoturva-aukosta. Bug bounty -kampanjoiden yleistyminen kertoo ohjelmistoalan asennemuutoksesta. Internet connected cars can be hacked to gridlock major cities www.hackread.com/internet-connected-cars-hacked-gridlock-cities/ Hacking Internet Connected Cars a near possibility for cybercriminals to cause major havoc. Say hello to Lord Exploit Kit blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/ […]

Read More

Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts o365blog.com/post/phishing/ Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/ U.S. Bookstore giant Barnes & Noble has disclosed that they […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.