Daily NCSC-FI news followup 2020-04-02

Hackers linked to Iran target WHO staff emails during coronavirus

www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.

CORONAVIRUS TROJAN OVERWRITING THE MBR

securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.. See also:

threatpost.com/wiper-malware-coronavirus-windows-victims/154368/

AZORult brings friends to the party

blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its . content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.

MakeFrame: Magecart Group 7s Latest Skimmer Has Claimed 19 Victim Sites

www.riskiq.com/blog/labs/magecart-makeframe/ On January 24th, we first became aware of a new Magecart skimmer, which we dubbed MakeFrame after its ability to make iframes for skimming payment data. We initially flagged it with our machine learning model for detecting obfuscated code.

Loncom packer: from backdoors to Cobalt Strike

securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/ The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. The malware uses

Pekraut – German RAT starts gnawing

www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.

[PDF] WireGuard: Next Generation Kernel Network Tunnel

www.wireguard.com/papers/wireguard.pdf WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network. interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or. TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

You might be interested in …

Daily NCSC-FI news followup 2020-09-19

5 ways cybercriminals can try to extort you www.welivesecurity.com/2020/09/18/five-cybercriminals-extortion-schemes/ When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks to choose from. There are some tricks, that they favor more than others, one of which is extortion. According to the FBIs latest Internet Crime Report, […]

Read More

Daily NCSC-FI news followup 2019-06-25

Operation Soft Cell a worldwide campaign against telecommunications providers www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.