Daily NCSC-FI news followup 2020-03-10

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

thehackernews.com/2020/03/necurs-botnet-takedown.html Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure.

Fingridin kumppani joutui tietomurron uhriksi Verkot ovat hyvin suojassa edelleen

www.is.fi/digitoday/tietoturva/art-2000006434452.html Hyökkäys Entso-E:n tietojärjestelmiin ei aiheuta vaaraa Suomen sähköverkoille, Fingrid vakuuttaa.

NSA Warns About Microsoft Exchange Flaw as Attacks Start

www.bleepingcomputer.com/news/security/nsa-warns-about-microsoft-exchange-flaw-as-attacks-start/ The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency’s Twitter account.

Intel CPUs vulnerable to new LVI attacks

www.zdnet.com/article/intel-cpus-vulnerable-to-new-lvi-attacks/ Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

blog.malwarebytes.com/threat-analysis/2020/03/rocket-loader-skimmer-impersonates-cloudflare-library-in-clever-scheme/ In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme.. This latest skimmer is disguised as a JavaScript file that appears to be CloudFlares Rocket Loader, a library used to improve page load time. The attackers created an almost authentic replica by registering a specially crafted domain name.

Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)

blog.trendmicro.com/trendlabs-security-intelligence/busting-ghostcat-an-analysis-of-the-apache-tomcat-vulnerability-cve-2020-1938-and-cnvd-2020-10487/ Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).

Microsoft shares nightmare tale: 6 sets of hackers on a customer’s network

www.zdnet.com/article/microsoft-shares-nightmare-tale-6-sets-of-hackers-on-a-customers-network/ Microsoft’s first report from its Detection and Response Team (DART), which helps customers in deep cyber trouble, details the case of a large customer with six threat actors simultaneously on its network, including one state-sponsored hacker group that had been stealing data and email for 243 days. . see also


FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

krebsonsecurity.com/2020/03/fbi-arrests-alleged-owner-of-deer-io-a-top-broker-of-stolen-accounts/ FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores.

Paradise Ransomware Distributed via Uncommon Spam Attachment

www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

How poor IoT security is allowing this 12-year-old malware to make a comeback

www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-year-old-malware-to-make-a-comeback/ Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 – and the healthcare sector is where it’s infected the most targets.


www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites.

You might be interested in …

Daily NCSC-FI news followup 2019-11-05

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/ A malware infection has crippled the IT operations in the remote Canadian territory of Nunavut. An alert from the provincial government on Monday says that “all government services requiring access to electronic information” are being impacted by what they describe as […]

Read More

Daily NCSC-FI news followup 2020-07-02

Connection discovered between Chinese hacker group APT15 and defense contractor www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/ Lookout said it linked APT15 malware to Xi’an Tianhe Defense Technology, a Chinese defense contractor. In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense […]

Read More

Daily NCSC-FI news followup 2020-07-10

Mitigating a 754 Million PPS DDoS Attack Automatically blog.cloudflare.com/mitigating-a-754-million-pps-ddos-attack-automatically/ On June 21, Cloudflare automatically mitigated a highly volumetric DDoS attack that peaked at 754 million packets per second. This DDoS campaign, the attack peaked at a mere 250 Gbps so it does not seem as the attacker intended to saturate our Internet links, perhaps because […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.