Daily NCSC-FI news followup 2019-11-28

Threat Spotlight: Machete Info-Stealer

threatvector.cylance.com/en_us/home/threat-spotlight-machete-info-stealer.html Machete is an info-stealing malware that can harvest user credentials, chat logs, screenshots, webcam pictures, geolocation, and perform keylogging. It can also copy files to a USB device and take control of the clipboard to exfiltrate information.

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

www.schneier.com/blog/archives/2019/11/dhs_mandates_fe.html The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it.

Magento Marketplace Suffers Data Breach Exposing Users’ Account Info

thehackernews.com/2019/11/magento-marketplace-data-breach.html Adobethe company owning Magento e-commerce platformtoday disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

NSO Group President Defends Controversial Tactics

threatpost.com/nso-group-president-defends-controversial-tactics/150694/ In a rare public appearance by Shiri Dolev, the president of the secretive NSO Group Technologies, the company leader vented over what she called false myths about the firm.

Microsoft Outlook for Android Bug Opens Door to XSS

threatpost.com/microsoft-outlook-android-bug-xss/150528/ Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems.

Security firm Prosegur: We’ve shut our IT network after Ryuk ransomware attack

www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/ Spanish multinational cash logistics and private security company Prosegur said Wednesday it had shut down its IT network to mitigate a Ryuk ransomware infection.

Dutch Govt Warns of 3 Ransomware Infecting 1,800 Businesses

www.bleepingcomputer.com/news/security/dutch-govt-warns-of-3-ransomware-infecting-1-800-businesses/ A confidential report from the National Cyber Security Centre (NCSC) in the Netherlands informs that at least 1,800 companies are affected by ransomware across the world. The report names three file-encrypting malware pieces responsible for the infections that use the same digital infrastructure and considers them “common forms of ransomware.”

Daily NCSC-FI news followup 2021-06-15

Ransomware attacks continue to Surge, hitting a 93% increase year over year blog.checkpoint.com/2021/06/14/ransomware-attacks-continue-to-surge-hitting-a-93-increase-year-over-year/ Number of organizations impacted by ransomware has risen to 1210 in June 2021. Check Point Research sees a 41% increase in attacks since the beginning of 2021 and a 93% increase year over year. Latin America and Europe saw the largest increase […]

Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting […]

Daily NCSC-FI news followup 2019-12-22

Florida man jailed for over five years after cyberstalking schoolmate, posting threats www.zdnet.com/article/man-jailed-for-over-five-years-after-cyberstalking-schoolmate-posting-threats/ One Day, Three Credit Card Data Breach Notifications www.bleepingcomputer.com/news/security/one-day-three-credit-card-data-breach-notifications/ On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.. […]