Daily NCSC-FI news followup 2020-04-01

Holy water: ongoing targeted water-holing attack in Asia

securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/ The threat actors unsophisticated but creative toolset has been evolving a lot since the inception date, may still be in development, and leverages Sojson obfuscation, NSIS installer, Python, open-source code, GitHub distribution, Go language, as well as Google Drive-based C2 channels.

Zoom Client Leaks Windows Login Credentials to Attackers

www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/ The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.. See also:

threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/

42 million Iranian Telegram user IDs and phone numbers leaked online: report

www.comparitech.com/blog/information-security/iranian-telegram-accounts-leaked/ 42 million records from a third-party version of messaging app Telegram used in Iran was exposed on the web without any authentication required to access it. Comparitech worked with security researcher Bob Diachenko to uncover and report the exposure, which included usernames and phone numbers, among other data.

SilverTerrier: 2019 Nigerian Business Email Compromise Update

unit42.paloaltonetworks.com/silverterrier-2019-update/ In 2019, Business Email Compromise (BEC) maintained its rankings as both the most profitable and the most prominent threat facing our customers. According to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), which recently released its annual report, US$1.77 billion in losses were attributed to BEC attacks over the course of 2019. This number dwarfed losses associated

Attacks involving the Mespinoza/Pysa ransomware

www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-003/ In the past few weeks, ANSSI became aware of cyber attacks targeting French local authorities. These attacks involved ransomwares whose use resulted in several encrypted files. The origin of these attacks is still unknown, and investigations are in progress. However, ransomware attacks are usually opportunistic and driven by a lucrative purpose.

THE VOLLGAR CAMPAIGN: MS-SQL SERVERS UNDER ATTACK

www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ Guardicore Labs team has recently uncovered a long-running attack campaign which aims to infect Windows machines running MS-SQL servers. Dating back to May 2018, the campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. We dubbed the campaign Vollgar after

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Heres what to do

www.microsoft.com/security/blog/2020/04/01/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do/ As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.

Trickbot: A primer

blog.talosintelligence.com/2020/03/trickbot-primer.html In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale (POS) systems. Not only does it function as a standalone trojan, Trickbot is also . commonly used as a dropper for other malware such as the Ryuk ransomware. The wide range of functionality allows this malware to adapt to different environments and maximize effectiveness in a compromised network.

You might be interested in …

Daily NCSC-FI news followup 2019-11-07

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections www.theregister.co.uk/2019/11/07/ignite_2019_security/ Your guide to some of the security enhancements announced this week. Office 365 will be getting additional security protections through Application Guard, the sandboxing tool Microsoft debuted with its Edge browser. The idea is that Application Guard will isolate documents, preventing malicious […]

Read More

Daily NCSC-FI news followup 2020-10-27

Uusi työkalu johdolle kyberuhkien hallintaan www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/uusi-tyokalu-johdolle-kyberuhkien-hallintaan Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen kehittämä Kybermittari auttaa yritysjohtoa saamaan kyberriskit kattavammin hallintaan ja turvaamaan liiketoiminnan jatkuvuuden. DN: Suuri tietomurto ruotsalaiseen turvallisuusalan yritykseen, verkkoon on vuodettu muun muassa pankki­holvien piirustuksia www.hs.fi/ulkomaat/art-2000006700788.html Ruotsalaiseen, kansainvälisesti toimivaan turvallisuusalan yhtiöön on tehty mittava tietomurto, jossa verkkoon on vuodettu esimerkiksi pankkiholvien piirustuksia ja hälytysjärjestelmien […]

Read More

Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden. The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.