Daily NCSC-FI news followup 2020-02-29


blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the OSTAP javascript downloader.. This time we have identified the use of the latest version of the remote desktop activeX control class that was introduced for Windows 10. The attackers utilize the activeX control for automatic execution of the malicious Macro following an enable of the Document content.. also:


Meet the white-hat group fighting Emotet, the world’s most dangerous malware

www.zdnet.com/article/meet-the-white-hat-group-fighting-emotet-the-worlds-most-dangerous-malware/#ftag=RSSbaffb68 A private group of 20+ security researchers and system administrators have been waging a silent war against Emotet, today’s most dangerous malware operation.

TA505 hacking crew spent much of 2019 trying to breach South Korea’s financial sector

www.cyberscoop.com/ta505-south-korea-bank-phishing/ A gang of hackers with a long history of financially motivated attacks increased its targeting of businesses in South Korea last year, using a combination of malicious attachments and ransomware to haunt victims, according to new findings.

US Railroad Contractor Reports Data Breach After Ransomware Attack

www.bleepingcomputer.com/news/security/us-railroad-contractor-reports-data-breach-after-ransomware-attack/ RailWorks Corporation, one of North Americas leading railroad track and transit system providers, disclosed a ransomware attack that led to the exposure of personally identifiable information of current and former employees, their beneficiaries and dependents, as well as that of independent contractors.

The Long Path out of the Vulnerability Disclosure Dark Ages

www.wired.com/story/vulnerability-disclosure-bug-bounties/ Letting a company know about flaws in their products has gotten easier since 2003but not by much.

Domen toolkit gets back to work with new malvertising campaign

blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/ Last year, we documented a new social engineering toolkit we called Domen being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font.. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year, often reusing the same infrastructure that had already been partially disrupted. However, we recently came across a new malvertising campaign with brand new infrastructure that shows Domen is still being used by threat actors.. Even though Domen shares similarities with other social engineering templates, it is unique in its own ways. The client-side JavaScript responsible for the fake updates is one of the most thorough and professional coding jobs we had ever seen.

NVIDIA Fixes High Severity Flaw in Windows GPU Display Driver

www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaw-in-windows-gpu-display-driver/ NVIDIA has released a GPU display driver security update today, February 28, 2020, that fixes high and medium severity vulnerabilities that might lead to code execution, local escalation of privileges, information disclosure, and denial of service on unpatched Windows computers.

Käytätkö Windows-konettasi järjestelmänvalvojana? Näin luot itsellesi turvallisemman tilin

www.tivi.fi/uutiset/kaytatko-windows-konettasi-jarjestelmanvalvojana-nain-luot-itsellesi-turvallisemman-tilin/de2ebb88-5fba-4a42-b724-93215b9ab1b9 Tietokoneen käyttö on myös turvallisempaa, kun oma käyttäjä ei ole järjestelmänvalvoja. Uuden tietokoneen käyttöönoton yhteydessä kannattaa järjestelmänvalvojan lisäksi tehdä itselle peruskäyttäjätili, jolla ei ole järjestelmänvalvojan oikeuksia. Tällöin mahdolliset haittaohjelmat eivät voi itsestään rellestää tietokoneella, vaan laajoja oikeuksia vaativissa . Kommentti: Tilaajille

Hazelcast IMDG Discover Scan

isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/ Today my honeypot has been capturing scans for the Hazelcast REST API. I checked my logs for the past 2 years and these only started today. The last vulnerability published for Hazelcast was CVE-2018-10654 and related to “There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.”

You might be interested in …

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Daily NCSC-FI news followup 2020-09-21

JAMK kartoitti kyberharjoitusympäristöjä: Euroopassa tietoverkkohyökkäyksiä vastaan harjoitellaan aktiivisesti www.epressi.com/tiedotteet/tietoturva/jamk-kartoitti-kyberharjoitusymparistoja-euroopassa-tietoverkkohyokkayksia-vastaan-harjoitellaan-aktiivisesti.html Jyväskylän ammattikorkeakoulussa (JAMK) on selvitetty eurooppalaisia kyberturvallisuusympäristöjä ja niiden ominaisuuksia. Laaja selvitys on Euroopassa ensimmäinen laatuaan. Raportoituja eurooppalaisia kyberturvallisuusharjoitusympäristöjä (cyber range) löytyi selvityksessä kolmekymmentäyhdeksän. Suomalaisia harjoitusympäristöjä raportointiin maakohtaisesti eniten, yhteensä seitsemän. Slightly broken overlay phishing isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ At the Internet Storm Center, we often receive examples of […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.