Daily NCSC-FI news followup 2020-04-02

Hackers linked to Iran target WHO staff emails during coronavirus

www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.

CORONAVIRUS TROJAN OVERWRITING THE MBR

securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.. See also:

threatpost.com/wiper-malware-coronavirus-windows-victims/154368/

AZORult brings friends to the party

blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its . content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.

MakeFrame: Magecart Group 7s Latest Skimmer Has Claimed 19 Victim Sites

www.riskiq.com/blog/labs/magecart-makeframe/ On January 24th, we first became aware of a new Magecart skimmer, which we dubbed MakeFrame after its ability to make iframes for skimming payment data. We initially flagged it with our machine learning model for detecting obfuscated code.

Loncom packer: from backdoors to Cobalt Strike

securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/ The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. The malware uses

Pekraut – German RAT starts gnawing

www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.

[PDF] WireGuard: Next Generation Kernel Network Tunnel

www.wireguard.com/papers/wireguard.pdf WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network. interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or. TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

You might be interested in …

Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2 arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents […]

Read More

Daily NCSC-FI news followup 2020-09-02

Suomalaisyhtiö löysi vakavan tietoturva-aukon WordPress-julkaisualustasta yle.fi/uutiset/3-11524279 Suomalaisyhtiö Seravo on löytänyt merkittävän tietoturva-aukon internetin WordPress-julkaisualustasta. Haavoittuvuus koskettaa maailmanlaajuisesti yli 700 000:ta sivua. Haavoittuvuuden paikkaava päivitys on jo julkaistu, ja Seravo kehottaakin kaikkia alustan käyttäjiä asentamaan päivityksen heti. also: arstechnica.com/information-technology/2020/09/hackers-are-exploiting-a-critical-flaw-affecting-350000-wordpress-sites/ Pelkäätkö Koronavilkkua? Vielä keväällä ammattihakkeri Benjamin Särkkä sanoi, ettei asentaisi koronasovellusta – 5 syytä miksi mieli on […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.