Daily NCSC-FI news followup 2020-04-02

Hackers linked to Iran target WHO staff emails during coronavirus

www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.

CORONAVIRUS TROJAN OVERWRITING THE MBR

securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.. See also:

threatpost.com/wiper-malware-coronavirus-windows-victims/154368/

AZORult brings friends to the party

blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its . content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.

MakeFrame: Magecart Group 7s Latest Skimmer Has Claimed 19 Victim Sites

www.riskiq.com/blog/labs/magecart-makeframe/ On January 24th, we first became aware of a new Magecart skimmer, which we dubbed MakeFrame after its ability to make iframes for skimming payment data. We initially flagged it with our machine learning model for detecting obfuscated code.

Loncom packer: from backdoors to Cobalt Strike

securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/ The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. The malware uses

Pekraut – German RAT starts gnawing

www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.

[PDF] WireGuard: Next Generation Kernel Network Tunnel

www.wireguard.com/papers/wireguard.pdf WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network. interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or. TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

You might be interested in …

Daily NCSC-FI news followup 2019-08-01

Ransomware: Cyberattack forces Houston County schools to postpone opening day www.scmagazine.com/home/security-news/malware/cyberattack-forces-houston-county-schools-to-postpone-opening-day/ Ransomware: Syracuse, NY and Watertown, NY City School Districts have been targeted in a ransomware attack spectrumlocalnews.com/nys/watertown/news/2019/07/30/watertown-the-latest-school-system-targeted-by-cyber-attack Ransomware: Steps to Safeguard Against Ransomware Attacks www.us-cert.gov/ncas/current-activity/2019/07/30/steps-safeguard-against-ransomware-attacks 1. Back up systems – now (and daily). Store one copy offline.. 2. Reinforce basic cybersecurity awareness and education. […]

Read More

Daily NCSC-FI news followup 2019-06-26

Security flaw in LTE networks can let hackers send false presidential alerts cyware.com/news/security-flaw-in-lte-networks-can-let-hackers-send-false-presidential-alerts-109ceabf A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts. New Silex malware is bricking IoT devices, has scary plans www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ A new […]

Read More

Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do? New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.