Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-02

Hackers linked to Iran target WHO staff emails during coronavirus

www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.

CORONAVIRUS TROJAN OVERWRITING THE MBR

securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.. See also:

threatpost.com/wiper-malware-coronavirus-windows-victims/154368/

AZORult brings friends to the party

blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its . content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.

MakeFrame: Magecart Group 7s Latest Skimmer Has Claimed 19 Victim Sites

www.riskiq.com/blog/labs/magecart-makeframe/ On January 24th, we first became aware of a new Magecart skimmer, which we dubbed MakeFrame after its ability to make iframes for skimming payment data. We initially flagged it with our machine learning model for detecting obfuscated code.

Loncom packer: from backdoors to Cobalt Strike

securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/ The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. The malware uses

Pekraut – German RAT starts gnawing

www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.

[PDF] WireGuard: Next Generation Kernel Network Tunnel

www.wireguard.com/papers/wireguard.pdf WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network. interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or. TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.