Daily NCSC-FI news followup 2020-03-10

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

thehackernews.com/2020/03/necurs-botnet-takedown.html Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure.

Fingridin kumppani joutui tietomurron uhriksi Verkot ovat hyvin suojassa edelleen

www.is.fi/digitoday/tietoturva/art-2000006434452.html Hyökkäys Entso-E:n tietojärjestelmiin ei aiheuta vaaraa Suomen sähköverkoille, Fingrid vakuuttaa.

NSA Warns About Microsoft Exchange Flaw as Attacks Start

www.bleepingcomputer.com/news/security/nsa-warns-about-microsoft-exchange-flaw-as-attacks-start/ The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency’s Twitter account.

Intel CPUs vulnerable to new LVI attacks

www.zdnet.com/article/intel-cpus-vulnerable-to-new-lvi-attacks/ Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

blog.malwarebytes.com/threat-analysis/2020/03/rocket-loader-skimmer-impersonates-cloudflare-library-in-clever-scheme/ In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme.. This latest skimmer is disguised as a JavaScript file that appears to be CloudFlares Rocket Loader, a library used to improve page load time. The attackers created an almost authentic replica by registering a specially crafted domain name.

Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)

blog.trendmicro.com/trendlabs-security-intelligence/busting-ghostcat-an-analysis-of-the-apache-tomcat-vulnerability-cve-2020-1938-and-cnvd-2020-10487/ Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).

Microsoft shares nightmare tale: 6 sets of hackers on a customer’s network

www.zdnet.com/article/microsoft-shares-nightmare-tale-6-sets-of-hackers-on-a-customers-network/ Microsoft’s first report from its Detection and Response Team (DART), which helps customers in deep cyber trouble, details the case of a large customer with six threat actors simultaneously on its network, including one state-sponsored hacker group that had been stealing data and email for 243 days. . see also

mssecurity.wpengine.com/wp-content/uploads/2020/03/then-there-were-six.pdf

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

krebsonsecurity.com/2020/03/fbi-arrests-alleged-owner-of-deer-io-a-top-broker-of-stolen-accounts/ FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores.

Paradise Ransomware Distributed via Uncommon Spam Attachment

www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

How poor IoT security is allowing this 12-year-old malware to make a comeback

www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-year-old-malware-to-make-a-comeback/ Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 – and the healthcare sector is where it’s infected the most targets.

WHO’S HACKING THE HACKERS: NO HONOR AMONG THIEVES

www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.