Daily NCSC-FI news followup 2019-11-16

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/ As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers.. To that point, Venafi researchers uncovered the copycat phishing sites, which use trusted, valid TLS certificates (60 percent of them are free certificates from Lets Encrypt). These make phishing websites appear valid, the better to convince consumers to enter sensitive account and payment data into online forms.. This years explosion of copycat sites more than doubles the number seen last year, Venafi said; and, it means that the total number of look-alike domains is more than 400 percent greater than the number of authentic retail domains.

Android malware disguises as ad blocker, but then pesters users with ads

www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/#ftag=RSSbaffb68 Security researchers have discovered a new Android malware strain that’s currently being distributed as an ad blocker for Android users, but, ironically, once installed, it pesters victims with ads through multiple methods at every couple of minutes.. Its distribution vector is via third-party app stores, where it’s available for download as an ad-blocking app named Ads Blocker, said Nathan Collier, Senior Malware Intelligence Analyst.

Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign

www.bleepingcomputer.com/news/security/microsoft-office-365-admins-targeted-by-ongoing-phishing-campaign/ A new phishing campaign is actively targeting Microsoft Office 365 administrators with the end goal of compromising their entire domain and using newly created accounts on the domain to deliver future phishing emails.

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them.. The vulnerability tracked as CVE-2019-11931 is a stack-based buffer overflow issue that resided in the way vulnerable WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks.. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be used to install a malicious backdoor or spyware on compromised devices silently.

Nettikansa hämmentyi: Gigantin nettisivuilta pystyy katsomaan kenen tahansa julkiset yhteystiedot

www.iltalehti.fi/digiuutiset/a/bd10538a-a08d-4e60-8e55-9664d7ca1edf Jos omat numero- ja osoitetiedot ovat julkisia, Gigantin rekisteröitymislomakkeella ne saa selville kuka tahansa. Yhtiön markkinointijohtaja selittää Iltalehdelle, mistä on kysymys.. Gigantin markkinointijohtaja Sami Särkelän mukaan Gigantin nettisivun rekisteröitymislomake hakee puhelinnumeron perusteella julkisesti saatavilla olevia yhteystietoja, joita esimerkiksi numeropalvelut käyttävät. Hän painottaa, että Gigantin asiakasrekisteritiedot ovat salaisia, eikä käyttäjä pääse niihin käsiksi.

NetSupport RAT installed via fake update notices

www.zscaler.com/blogs/research/netsupport-rat-installed-fake-update-notices Recently, the Zscaler ThreatLabZ team came across two campaigns designed to trick users into downloading a Remote Access Trojan (RAT) via a fake Flash Player update and a font update.. The two malware campaigns we examine in this blog deliver a payload designed to steal sensitive information.

You might be interested in …

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2020-03-08

Data-Stealing FormBook Malware Preys on Coronavirus Fears www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/ Another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan. Hackers can clone millions of Toyota, Hyundai, and Kia keys arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/ Encryption flaws in common anti-theft feature expose vehicles from major […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.