Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers

blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart.

Landry’s restaurant chain disclose POS malware incident

www.zdnet.com/article/landrys-restaurant-chain-disclose-pos-malware-incident/ US restaurant chain Landry’s disclosed a security incident that involved the discovery of malware on the network of hundreds of restaurants.

Ransomware Attackers Offer Holiday Discounts and Greetings

www.bleepingcomputer.com/news/security/ransomware-attackers-offer-holiday-discounts-and-greetings/ To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand.Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.

Starbucks Devs Leave API Key in GitHub Public Repo

www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/ One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

Post-quantum TLS now supported in AWS KMS https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ AWS Key Management Service (AWS KMS) now supports post-quantum hybrid key exchange for the Transport Layer Security (TLS) network encryption protocol that is used when connecting to KMS API endpoints. In this post, Ill tell you what post-quantum TLS is, what hybrid key exchange is, why its important, how to take advantage of this new feature, and how to give us feedback.

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. = Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even […]

Daily NCSC-FI news followup 2021-03-20

Office 365 Phishing Attack Targets Financial Execs threatpost.com/office-365-phishing-attack-financial-execs/164925/ Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. Also: www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/ Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10 arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/ As if the mass-exploitation of Exchange servers wasn’t enough, now there’s BIG-IP. Last week, F5 disclosed and patched […]