Daily NCSC-FI news followup 2020-04-04

Zoomed In: A Look into a Coinminer Bundled with Zoom Installer

blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zooms official download center, and are assumed to come from fraudulent websites. We have been working with Zoom to ensure that they are able to communicate this to their . users appropriately.

NSO Group: Facebook tried to license our spyware to snoop on its own addicts the same spyware it’s suing us over

www.theregister.co.uk/2020/04/03/nso_facebook_pegasus_whatsapp/ The Israeli spyware maker’s CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 he was approached by Facebook reps who wanted to use NSO’s Pegasus technology in Facebook’s controversial Onavo Protect app to track mobile users.

Harri Hursti varoittaa: koronavirus tai kyberkonnat liikkeelle

www.tivi.fi/uutiset/tv/662fdc7d-d6f6-4132-b38c-af5310b4f322 Koronaviruksen varjolla rakennetaan parhaillaan massiivista disinformaatiokoneistoa sosiaaliseen mediaan ja internetiin, kyberasiantuntija Harri Hursti sanoo haastattelussa.

Twitter botnet targeted Turkey while politicizing coronavirus

medium.com/dfrlab/twitter-botnet-targeted-turkey-while-politicizing-coronavirus-708bb281bd85 Twitter has taken down a network of more than 9,000 Twitter bots that published inauthentic posts promoting the political interests of the United Arab Emirates and Saudi Arabia. This astroturfing network criticized Turkeys intervention in Libya a shared interest of both governments by targeting Turkish President Recep Tayyip Erdogan, DFRLab analysis confirmed through an analysis of . the network had begun politicizing the COVID-19 coronavirus pandemic.

Google rolls back Chrome privacy feature due to COVID-19

www.zdnet.com/article/google-rolls-back-chrome-privacy-feature-due-to-covid-19/ Google announced today it was rolling back a recent Chrome browser privacy feature to prevent any disruption to existing websites and their availability during the current coronavirus (COVID-19) outbreak..


Webcam Hacking

www.ryanpickren.com/webcam-hacking This post is a technical walkthrough of how I discovered several zero-day bugs in Safari during my hunt to hack the iOS/MacOS camera.

iPhone Camera Hack

www.ryanpickren.com/webcam-hacking-overview I discovered a vulnerability in Safari that allowed unauthorized. websites to access your camera on iOS and macOS

Why is ransomware still a thing? One-in-three polled netizens say they would cave to extortion demands

www.theregister.co.uk/2020/04/02/ransomware_pay_ransomware/ This is according to a customer survey [PDF] by Kaspersky Lab. The Russian security house polled more than 2,000 business workers in the US, and 1,000 in Canada, in an online study, and found that 33 per cent would cough up at least some money to cyber-extortionists to get their data back on their own personal machines.. Report at

www.theregister.co.uk/2020/04/02/ransomware_pay_ransomware/. Report at


More Than 8,000 Unsecured Redis Instances Found in the Cloud

blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/ We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have been found without Transport Layer Security (TLS) encryption and are not password protected.. Using Shodan, a popular search engine for internet-connected or IoT devices, we discovered over 8,000 unsecured Redis instances deployed worldwide. Some of these unsecured Redis instances were deployed in public clouds such as AWS, Azure, and Google Cloud.

Researchers Discover Hidden Behavior in Thousands of Android Apps

www.securityweek.com/researchers-discover-hidden-behavior-thousands-android-apps The research uncovered 12,706 applications (8.47%) with backdoor secrets (secret access keys, master passwords, and secret commands providing access to admin-only functions), and 4,028 apps (2.69%) that contain blacklist secrets (they would block content based on keywords subject to censorship, cyber bullying or discrimination).. Paper at


Zoom will enable waiting rooms by default to stop Zoombombing

techcrunch.com/2020/04/03/zoom-waiting-rooms-default/ Zoom is making some drastic changes to prevent rampant abuse as trolls attack publicly shared video calls. Starting April 5th, it will require passwords to enter calls via Meeting ID, as these may be guessed or reused. Meanwhile, it will change virtual waiting rooms to be on by default so hosts have to manually admit attendees.

Zoom admits some calls were routed through China by mistake

techcrunch.com/2020/04/03/zoom-calls-routed-china/ Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it mistakenly allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.


blog.syscall.party/post/tampering-with-zooms-anti-tampering-library/ This quick blog post highlights some of the flaws found in the Zoom application when attempting to do integrity checking, these checks verify that the DLLs inside the folder are signed by Zoom and also that no 3rd party DLLs are loaded at runtime. We can trivially disable this DLL, by replacing it with our own or simply unloading it from the process.

Helsingin Sanomien nimissä lähetetty huijausviestejä

www.hs.fi/kotimaa/art-2000006464535.html Linkistä avautuu Helsingin Sanomien juttua visuaalisesti muistuttava uutinen, joka kertoo, kuinka bitconeilla rikastuu erityisesti tällaisena aikana, kertoo Helsingin Sanomien hallintopäällikkö Jaakko Lähteenmaa.

IRS Warns of Surge in Economic Stimulus Payment Scams

www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/ The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure.

You might be interested in …

Daily NCSC-FI news followup 2019-11-19

Why Were the Russians So Set Against This Hacker Being Extradited? krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/ The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States.. When Israeli authorities turned down requests to send him back to Russia supposedly to face separate […]

Read More

Daily NCSC-FI news followup 2019-06-24

How to remove Ryuk Ransomware (Uninstall guide) csirt.cy/how-to-remove-ryuk-ransomware-uninstall-guide/ Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time.. According to the […]

Read More

Daily NCSC-FI news followup 2020-10-18

New Windows 10 Remote Hacking Threat ConfirmedHomeland Security Says Update Now www.forbes.com/sites/daveywinder/2020/10/18/new-windows-10-remote-hacking-threat-confirmed-homeland-security-says-update-now/ CVE-2020-5135 – Buffer Overflow in SonicWall VPNs – Patch Now isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.