Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack

threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages.

Padding the Struct: How a Compiler Optimization Can Disclose Stack Memory

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/padding-the-struct-how-a-compiler-optimization-can-disclose-stack-memory/ In their eternal quest for more performance, compilers like GCC perform clever optimizations behind the scenes to make your code more performant, among other optimization classes. One example of this is adding padding to struct objects so that accessing their members is memory-aligned and therefore faster.

Nasty PHP7 remote code execution bug exploited in the wild

www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/ New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers. A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

Ulottaako Google valvontalonkeronsa jo liian pitkälle? Työntekijät esittävät tiukkoja syytöksiä

www.tivi.fi/uutiset/tv/55ce6a91-f0a1-449d-9c12-11c9b8eea65a Googlen työntekijät syyttävät yhtiötä sisäisen tarkkailutyökalun valmistamisesta. Kyseisen työkalun tarkoitus on urkkia työntekijöitä, jotka valmistelevat verkossa yli sadan hengen joukkotapaamisia. Näiden epäillään olevan organisoitua protesteja. Asiasta kertovat uutistoimisto Bloomberg ja The Next Web.

New FuxSocy Ransomware Impersonates the Notorious Cerber

www.bleepingcomputer.com/news/security/new-fuxsocy-ransomware-impersonates-the-notorious-cerber/ A new ransomware has been discovered called FuxSocy that borrows much of its behavior from the notorious and now-defunct Cerber Ransomware. Discovered by MalwareHunterTeam, this ransomware calls itself FuxSocy Encryptor, which is named after the FSociety hacking group in the Mr. Robot television series. Like any other ransomware, FuxSocy will encrypt a victim’s files and then demand a ransom in order to get a decryptor.

Scammer Stole $500K from Ocala, FL in Spear Phishing Attack

www.tripwire.com/state-of-security/security-data-protection/scammer-stole-500k-from-ocala-fl-in-spear-phishing-attack/ A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an email that appeared to come from a construction company thats currently working with the City. Upon seeing a payment request for services performed, the employee complied and electronically sent over $640,000 to the bank account

Jokers Stash Upgrades With Large SSN Offering and Support Infrastructure

www.recordedfuture.com/jokers-stash-infrastructure/ The Jokers Stash marketplace has evolved both its offerings and its infrastructure to better support its clientele. The forum operators have moved beyond carding to include a variety of personally identifiable information (PII) on victims, including contact information and Social Security numbers (SSNs). This represents an escalation in the type of data that Jokers Stash operators are selling. Additionally, the actors have continued to provide dedicated domains and servers for their buyers but have moved the infrastructure off of Tor, allowing the infrastructure to be enumerated and tracked.

You might be interested in …

Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to […]

Read More

Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta. […]

Read More

Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa US aerospace services provider breached by Maze Ransomware www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.