Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears

threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health Organization (WHO).

Microsoft pauses Edge releases amid coronavirus outbreak

www.zdnet.com/article/microsoft-pauses-edge-releases-amid-coronavirus-outbreak/ Microsoft announced on Friday it was pausing the rollout of Edge v81, citing the ongoing “global circumstances” surrounding the coronavirus outbreak. New Edge releases (or any other kind of software updates) usually entail security reviews and compatibility testing to ensure operating systems and internal web applications don’t break.

Multiple botnets are spreading using LILIN DVR 0-day

blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/ Starting from August 30, 2019, 360Netlab Threat Detection System has flagged multiple attack groups using LILIN DVR 0-day vulnerabilities to spread Chalubo, FBot, Moobot botnets. On January 19, 2020, we reached out to the equipment manufacturer LILIN. On February 13, 2020, the vendor fixed the vulnerability, and released the latest firmware program 2.0b60_20200207. Also:

www.zdnet.com/article/ddos-botnets-have-abused-three-zero-days-in-lilin-video-recorders-for-months/.

thehackernews.com/2020/03/ddos-botnets-lilin-dvr.html.

arstechnica.com/information-technology/2020/03/lilin-dvrs-and-zyxel-nas-devices-have-been-active-exploit-for-months/

Rikollisjärjestöiltä hurskas lupaus: sairaalat saavat olla rauhassa koronakriisin ajan

www.tivi.fi/uutiset/tv/d623df42-01b7-4350-9dbb-4d2598ea7d63 Kiristyshaittaohjelmien tehtailijat ovat aiheuttaneet maailmassa monenlaista mielipahaa ja rahanmenoa. Koronaviruksen aiheuttama kriisi on nyt kuitenkin saanut jopa kyberrikolliset korjaamaan käytöstään.

PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware

www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/ PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created. At the beginning of March, we reported on a new ransomware called PwndLocker that was targeting enterprise networks and demanding ransoms ranging between $175,000 to over $660,000 depending on the size of the network.

200M Records of US Citizens Leaked in Unprotected Database

www.darkreading.com/cloud/200m-records-of-us-citizens-leaked-in-unprotected-database/d/d-id/1337377 Researchers discovered an unprotected database holding 800GB of personal user information, including 200 million detailed user records. The entirety of the database was wiped on March 3. User records inside the database held what appeared to be profiles of US users, according to researchers with Lithuanian research group CyberNews.

Windows, Ubuntu, macOS, VirtualBox fall at Pwn2Own hacking contest

www.zdnet.com/article/windows-ubuntu-macos-virtualbox-fall-at-pwn2own-hacking-contest/ The 2020 spring edition of the Pwn2Own hacking contest has come to a close today. This year’s winner is Team Fluoroacetate — made up of security researchers Amat Cama and Richard Zhu — who won the contest after accumulating nine points across the two-day competition, which was just enough to extend their dominance and win their fourth tournament in a row.

Netwalker Ransomware Infecting Users via Coronavirus Phishing

www.bleepingcomputer.com/news/security/netwalker-ransomware-infecting-users-via-coronavirus-phishing/ While we do not have access to the actual phishing email being sent, MalwareHunterTeam was able to find an attachment used in a new Coronavirus phishing campaign that installs the Netwalker Ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.