Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps

www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites on which user accounts can be compromised based on a SIM swap alone.

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers

www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/ Late last night, multiple groups released working exploits for the Citrix ADC path traversal flaw. First, “Project Zero India” released a simple exploit essentially consisting of two curl commands [1]. The first one will write a template file that includes a shell command of the user’s choosing. The second curl request will download the result of the command execution. The exploit worked for me, but

You might be interested in …

Daily NCSC-FI news followup 2020-12-11

AIVD exposes espionage network in the Netherlands; two Russian intelligence officers forced to leave the country english.aivd.nl/latest/news/2020/12/10/aivd-exposes-espionage-network-in-the-netherlands-two-russian-intelligence-officers-forced-to-leave-the-country Recently the General Intelligence and Security Service (“Algemene Inlichtingen- en Veiligheidsdienst” AIVD) disrupted the covert activities of an intelligence officer of the Russian civil intelligence agency SVR. The intelligence officer – who worked at the Russian Embassy in […]

Read More

Daily NCSC-FI news followup 2021-05-25

– From Wiper to Ransomware – The Evolution of Agrius labs.sentinelone.com/from-wiper-to-ransomware-the-evolution-of-agrius/ Researchers say they’ve uncovered a new disk-wiping malware (wiper) that’s disguising itself as ransomware as it unleashes destructive attacks on Israeli targets. Full report as PDF: assets.sentinelone.com/sentinellabs/evol-agrius Evolution of JSWorm ransomware securelist.com/evolution-of-jsworm-ransomware/102428/ JSWorm ransomware was discovered in 2019 and since then different variants have […]

Read More

Daily NCSC-FI news followup 2020-05-22

Ragnar Locker ransomware deploys virtual machine to dodge security news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ A new ransomware attack method takes defense evasion to a new leveldeploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.