Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT

threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike beacons as well as a downloader that has similarities to the Shifu banking Trojan. Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

thehackernews.com/2019/12/strandhogg-android-vulnerability.html Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking credentials and spy on their activities.. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.. see also


Imminent Monitor a RAT Down Under


CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

threatpost.com/cisa-us-agencies-vulnerability-disclosure-policies/150718/ A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.. see also


Insecure Database Exposes Millions of Private SMS Messages

threatpost.com/insecure-database-exposes-millions-of-private-sms-messages/150706/ Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Now even the FBI is warning about your smart TVs security

techcrunch.com/2019/12/01/fbi-smart-tv-security/ If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things.

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/ We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign.

Supo ja Nato tutkivat jo nyt ulkoministeriö kutsuu hakkerit testaamaan palvelujensa turvallisuutta

www.tivi.fi/uutiset/tv/6fe4dd92-4381-4b27-9460-34d2c6e5de6e Ulkoministeriö kertoo käynnistävänsä palkkionmetsästysohjelman verkkopalvelujen haavoittuvuuksien etsimiseksi.. Hakkerien havaintojen varaan ulkoministeriön palvelujen tietoturvaa ei toki ole jätetty. Sitä ovat arvioineet jo muun muassa Kyberturvallisuuskeskus, Suojelupoliisi, EU Neuvoston turvakomitea, Nato Office of Security sekä useat suomalaiset tietoturvayritykset.

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

www.zdnet.com/article/researchers-disclose-bugs-in-autodesk-trend-micro-kaspersky-software/ Researchers have disclosed a set of security vulnerabilities in Autodesk, Trend Micro, and Kaspersky software. . On Monday, the SafeBreach Labs published three security advisories describing the bugs, all of which were privately reported to the vendors before public disclosure.

Luetko sähköpostisi kännykällä? Ole varovainen

www.is.fi/digitoday/tietoturva/art-2000006325653.html Tietojenkalasteluviestit ovat uskottavampia puhelimella katsottaessa, tietoturvayhtiö varoittaa mobiiliuhkien oppaassaan.

Eettistä hakkerointia: opiskelijat tietoturva-aukkoja etsimässä

www.epressi.com/tiedotteet/tietoturva/eettista-hakkerointia-opiskelijat-tietoturva-aukkoja-etsimassa.html Perjantaina 8.11. noin 30 espoolaista lukiolaista ja datanomiopiskelijaa kokoontui Ciscon Espoon toimitiloihin tehtävänään hakkeroida Sanoma Pron sähköisiä järjestelmiä. Haaste tuotti myös tulosta, sillä opiskelijat tekijät kolme merkittävää löydöstä, joita voidaan hyödyntää jatkossa esimerkiksi ohjelmistonkehitystyössä.

Next up, what’s up with TCP port 26?

isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Whenever I sign up for another shift, if I don’t already have a diary topic in mind, I take a look at the top 10 ports in the dashboard when I login to isc.sans.edu. For the last few weeks, I’ve noticed port 26 showing up, so I decided to see if I could figure out what was going on there.

Attain Embedded Cloud Security With a DevSecOps Approach


Fake Android apps uploaded to Play store by notorious Sandworm hackers

nakedsecurity.sophos.com/2019/12/02/fake-android-apps-uploaded-to-play-store-by-notorious-sandworm-hackers/ The Russian Sandworm hacking group (not to be confused with the malware of the same name) has been caught repeatedly uploading fake and modified Android apps to Googles Play store.. They were detected by Google Threat Analysis Group (TAG), making the attacks public during a presentation at the recent CyberwarCon conference.

You might be interested in …

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Daily NCSC-FI news followup 2020-10-13

Windows Update can be abused to execute malicious programs www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/ MDSec researcher David Middlehurst discovered that Windows Update client (wuauclt) can also be used by attackers to execute malicious code on Windows 10 systems. Middlehurst also found a sample using it in the wild. Microsoft October Patch Tuesday fixes 87 bugs, six publicly disclosed www.bleepingcomputer.com/news/security/microsoft-october-patch-tuesday-fixes-87-bugs-six-publicly-disclosed/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.