Daily NCSC-FI news followup 2019-11-28

Threat Spotlight: Machete Info-Stealer

threatvector.cylance.com/en_us/home/threat-spotlight-machete-info-stealer.html Machete is an info-stealing malware that can harvest user credentials, chat logs, screenshots, webcam pictures, geolocation, and perform keylogging. It can also copy files to a USB device and take control of the clipboard to exfiltrate information.

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

www.schneier.com/blog/archives/2019/11/dhs_mandates_fe.html The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it.

Magento Marketplace Suffers Data Breach Exposing Users’ Account Info

thehackernews.com/2019/11/magento-marketplace-data-breach.html Adobethe company owning Magento e-commerce platformtoday disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

NSO Group President Defends Controversial Tactics

threatpost.com/nso-group-president-defends-controversial-tactics/150694/ In a rare public appearance by Shiri Dolev, the president of the secretive NSO Group Technologies, the company leader vented over what she called false myths about the firm.

Microsoft Outlook for Android Bug Opens Door to XSS

threatpost.com/microsoft-outlook-android-bug-xss/150528/ Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems.

Security firm Prosegur: We’ve shut our IT network after Ryuk ransomware attack

www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/ Spanish multinational cash logistics and private security company Prosegur said Wednesday it had shut down its IT network to mitigate a Ryuk ransomware infection.

Dutch Govt Warns of 3 Ransomware Infecting 1,800 Businesses

www.bleepingcomputer.com/news/security/dutch-govt-warns-of-3-ransomware-infecting-1-800-businesses/ A confidential report from the National Cyber Security Centre (NCSC) in the Netherlands informs that at least 1,800 companies are affected by ransomware across the world. The report names three file-encrypting malware pieces responsible for the infections that use the same digital infrastructure and considers them “common forms of ransomware.”

You might be interested in …

Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination www.securityfocus.com/archive/1/542248 CISA Publishes 2020 Chemical Security Presentations www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others. Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese […]

Read More

Daily NCSC-FI news followup 2019-08-12

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording www.forbes.com/sites/zakdoffman/2019/08/11/nasty-new-malware-waits-until-you-visit-a-pornsite-then-starts-recording/#120b21d7568d At the end of last week, ESET’s security researchers disclosed the discovery of a new strain of malware that takes the trend for sextortion to a new level. Varenyky, as the malware was named by its finders, monitors the activity on infected […]

Read More

Daily NCSC-FI news followup 2020-12-02

Using Speakeasy Emulation Framework Programmatically to Unpack Malware www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.