Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT

threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike beacons as well as a downloader that has similarities to the Shifu banking Trojan. Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

thehackernews.com/2019/12/strandhogg-android-vulnerability.html Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking credentials and spy on their activities.. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.. see also


Imminent Monitor a RAT Down Under


CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

threatpost.com/cisa-us-agencies-vulnerability-disclosure-policies/150718/ A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.. see also


Insecure Database Exposes Millions of Private SMS Messages

threatpost.com/insecure-database-exposes-millions-of-private-sms-messages/150706/ Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Now even the FBI is warning about your smart TVs security

techcrunch.com/2019/12/01/fbi-smart-tv-security/ If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things.

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/ We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign.

Supo ja Nato tutkivat jo nyt ulkoministeriö kutsuu hakkerit testaamaan palvelujensa turvallisuutta

www.tivi.fi/uutiset/tv/6fe4dd92-4381-4b27-9460-34d2c6e5de6e Ulkoministeriö kertoo käynnistävänsä palkkionmetsästysohjelman verkkopalvelujen haavoittuvuuksien etsimiseksi.. Hakkerien havaintojen varaan ulkoministeriön palvelujen tietoturvaa ei toki ole jätetty. Sitä ovat arvioineet jo muun muassa Kyberturvallisuuskeskus, Suojelupoliisi, EU Neuvoston turvakomitea, Nato Office of Security sekä useat suomalaiset tietoturvayritykset.

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

www.zdnet.com/article/researchers-disclose-bugs-in-autodesk-trend-micro-kaspersky-software/ Researchers have disclosed a set of security vulnerabilities in Autodesk, Trend Micro, and Kaspersky software. . On Monday, the SafeBreach Labs published three security advisories describing the bugs, all of which were privately reported to the vendors before public disclosure.

Luetko sähköpostisi kännykällä? Ole varovainen

www.is.fi/digitoday/tietoturva/art-2000006325653.html Tietojenkalasteluviestit ovat uskottavampia puhelimella katsottaessa, tietoturvayhtiö varoittaa mobiiliuhkien oppaassaan.

Eettistä hakkerointia: opiskelijat tietoturva-aukkoja etsimässä

www.epressi.com/tiedotteet/tietoturva/eettista-hakkerointia-opiskelijat-tietoturva-aukkoja-etsimassa.html Perjantaina 8.11. noin 30 espoolaista lukiolaista ja datanomiopiskelijaa kokoontui Ciscon Espoon toimitiloihin tehtävänään hakkeroida Sanoma Pron sähköisiä järjestelmiä. Haaste tuotti myös tulosta, sillä opiskelijat tekijät kolme merkittävää löydöstä, joita voidaan hyödyntää jatkossa esimerkiksi ohjelmistonkehitystyössä.

Next up, what’s up with TCP port 26?

isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Whenever I sign up for another shift, if I don’t already have a diary topic in mind, I take a look at the top 10 ports in the dashboard when I login to isc.sans.edu. For the last few weeks, I’ve noticed port 26 showing up, so I decided to see if I could figure out what was going on there.

Attain Embedded Cloud Security With a DevSecOps Approach


Fake Android apps uploaded to Play store by notorious Sandworm hackers

nakedsecurity.sophos.com/2019/12/02/fake-android-apps-uploaded-to-play-store-by-notorious-sandworm-hackers/ The Russian Sandworm hacking group (not to be confused with the malware of the same name) has been caught repeatedly uploading fake and modified Android apps to Googles Play store.. They were detected by Google Threat Analysis Group (TAG), making the attacks public during a presentation at the recent CyberwarCon conference.

You might be interested in …

Daily NCSC-FI news followup 2020-10-01

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week. MAR-10303705-1.v1 Remote Access Trojan: SLOTHFULMEDIA us-cert.cisa.gov/ncas/analysis-reports/ar20-275a The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named mediaplayer.exe”, […]

Read More

Daily NCSC-FI news followup 2019-09-01

Latest Sextortion Email Scheme Sent by ChaosCC Hacker Group www.bleepingcomputer.com/news/security/latest-sextortion-email-scheme-sent-by-chaoscc-hacker-group/ A new sextortion scam is underway that claims to be from the ChaosCC hacker group who states they infected the recipient’s computer with a Trojan that videoed them on adult web sites. If you received this email, it is important to know from the beginning […]

Read More

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.