Daily NCSC-FI news followup 2019-11-16

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/ As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers.. To that point, Venafi researchers uncovered the copycat phishing sites, which use trusted, valid TLS certificates (60 percent of them are free certificates from Lets Encrypt). These make phishing websites appear valid, the better to convince consumers to enter sensitive account and payment data into online forms.. This years explosion of copycat sites more than doubles the number seen last year, Venafi said; and, it means that the total number of look-alike domains is more than 400 percent greater than the number of authentic retail domains.

Android malware disguises as ad blocker, but then pesters users with ads

www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/#ftag=RSSbaffb68 Security researchers have discovered a new Android malware strain that’s currently being distributed as an ad blocker for Android users, but, ironically, once installed, it pesters victims with ads through multiple methods at every couple of minutes.. Its distribution vector is via third-party app stores, where it’s available for download as an ad-blocking app named Ads Blocker, said Nathan Collier, Senior Malware Intelligence Analyst.

Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign

www.bleepingcomputer.com/news/security/microsoft-office-365-admins-targeted-by-ongoing-phishing-campaign/ A new phishing campaign is actively targeting Microsoft Office 365 administrators with the end goal of compromising their entire domain and using newly created accounts on the domain to deliver future phishing emails.

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them.. The vulnerability tracked as CVE-2019-11931 is a stack-based buffer overflow issue that resided in the way vulnerable WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks.. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be used to install a malicious backdoor or spyware on compromised devices silently.

Nettikansa hämmentyi: Gigantin nettisivuilta pystyy katsomaan kenen tahansa julkiset yhteystiedot

www.iltalehti.fi/digiuutiset/a/bd10538a-a08d-4e60-8e55-9664d7ca1edf Jos omat numero- ja osoitetiedot ovat julkisia, Gigantin rekisteröitymislomakkeella ne saa selville kuka tahansa. Yhtiön markkinointijohtaja selittää Iltalehdelle, mistä on kysymys.. Gigantin markkinointijohtaja Sami Särkelän mukaan Gigantin nettisivun rekisteröitymislomake hakee puhelinnumeron perusteella julkisesti saatavilla olevia yhteystietoja, joita esimerkiksi numeropalvelut käyttävät. Hän painottaa, että Gigantin asiakasrekisteritiedot ovat salaisia, eikä käyttäjä pääse niihin käsiksi.

NetSupport RAT installed via fake update notices

www.zscaler.com/blogs/research/netsupport-rat-installed-fake-update-notices Recently, the Zscaler ThreatLabZ team came across two campaigns designed to trick users into downloading a Remote Access Trojan (RAT) via a fake Flash Player update and a font update.. The two malware campaigns we examine in this blog deliver a payload designed to steal sensitive information.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.