Daily NCSC-FI news followup 2020-04-29

Rogue affiliates are running fake antivirus expiration scams

www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/ Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale.

Microsoft warns of malware surprise pushed via pirated movies

www.bleepingcomputer.com/news/security/microsoft-warns-of-malware-surprise-pushed-via-pirated-movies/ Pirate streaming services and movie piracy sites have seen a huge surge of incoming traffic during the COVID-19 pandemic with most people now having to stay inside due to shelter in place and lockdown orders.

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

blog.rapid7.com/2020/04/27/cve-2020-12271-sophos-xg-firewall-pre-auth-sql-injection-vulnerability-remediation-guidance-and-exposure-overview/ We crafted a lightweight study (a more thorough one is in the works) to grab any accessible user and/or admin pages from the discovered nodes and extract that ver= build string. Just over 65, 500 appliances happily gave up their version information as noted in the figure at the top of the post, with a fairly inexcusably sizable corpus (~25%) of unpatched (as of Monday, April 27, 2020) systems. What’s next?. The Rapid7 Labs team is refining the Sophos version identification studies and will continue to monitor Project Heisenberg for opportunistic exploitation attempts. We’ll update this blog post as more information surfaces. Again, any service provider or individual organization running a Sophos XG appliance should remediate as quickly as possible.

Remote spring: the rise of RDP bruteforce attacks

securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820/ With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the increased number of people using remote-access tools.

Ad Hoc or Managed Penetration Testing: Which One Is Best for You?

securityintelligence.com/posts/ad-hoc-or-managed-penetration-testing-which-one-is-best-for-you/ Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-needed affair that takes place once or twice a year? Or do you need a managed testing program that is continual and coordinated by an outside testing team?

Google discloses zero-click bugs impacting several Apple operating systems

www.zdnet.com/article/google-discloses-zero-click-bugs-impacting-several-apple-operating-systems/ Apple needs to follow in Google and Mozilla’s footsteps and secure its multimedia processing libraries. Multimedia processing components are one of today’s most dangerous attack surfaces in any operating system. When it comes to managing multimedia files, all operating systems work the same. Any new multimedia file — image, audio, video — that reaches a device is automatically transferred to a local OS library that parses the file to know what it is and what to do with it next. Read also:


Two Usenet providers blame data breaches on partner company

www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/ Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on “a security vulnerability at a partner company.”

Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

thehackernews.com/2020/04/adobe-software-updates.html It’s not ‘Patch Tuesday, ‘ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities.

Grandoreiro: How engorged can an EXE get?

www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/ In this installment of our series, we introduce Grandoreiro, a Latin American banking trojan targeting Brazil, Mexico, Spain and Peru. As such, it shows unusual effort by its authors to evade detection and emulation, and progress towards a modular architecture.

Would You Have Fallen for This Phone Scam?

krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/ You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Pilaa nettihuijarin päivä!

kulma.kkv.fi/2020/04/29/pilaa-nettihuijarin-paiva/ Oman tiedon kartuttaminen on parasta ennaltaehkäisyä nettihuijausten välttämisessä. Tiedätkö mitä tehdä, jos luottokortti- tai henkilötietosi varastetaan? Tilasitko takin ja posti toikin kaulakorun? Saitko pankin nimissä tekstiviestin, jossa pyydetään päivittämään henkilötiedot? Saitko sosiaalisessa mediassa kaveripyynnön täysin vieraalta ulkomaalaiselta henkilöltä?

Alert (AA20-120A) – Microsoft Office 365 Security Recommendations

www.us-cert.gov/ncas/alerts/aa20-120a This Alert is an update to the Cybersecurity and Infrastructure Security Agency’s May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to O365 for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365.

Upgraded Aggah malspam campaign delivers multiple RATs

blog.talosintelligence.com/2020/04/upgraded-aggah-malspam-campaign.html Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs).

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

www.darkreading.com/threat-intelligence/phishers-start-to-exploit-oil-industry-amid-covid-19-woes/d/d-id/1337683 While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm. The oil and gas industry has been taking a beating as severe as any other hit hard by the COVID-19 shutdown. Tanker ships loaded with crude idle in the ocean, traders struggle to store what has already been pumped, and last week prices per barrel plummeted into negative sums. With all that going on, the industry is ripe for hackers to exploit.

Numerous sites leak user emails to advertising, analytics services

www.bleepingcomputer.com/news/security/numerous-sites-leak-user-emails-to-advertising-analytics-services/ Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a recent research published today.

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

threatpost.com/threatlist-bots-spike-e-commerce-and-travel/155302/ Overall bot activity on the web has soared, with a 26 percent growth rate attacks on applications, APIs and mobile sites are all on the rise. Read also:


Security experts warn: Don’t let contact-tracing app lead to surveillance

www.zdnet.com/article/security-experts-warn-dont-let-contact-tracing-app-lead-to-surveillance/ More than 170 UK researchers and scientists working in information security and privacy have signed a joint statement about their concerns over NHS plans to use a contact-tracing app to help contain the coronavirus outbreak, warning that the government must not create a tool that could be used for the purposes of surveillance.

Microsoft: Ransomware gangs that don’t threaten to leak your data steal it anyway

www.zdnet.com/article/microsoft-ransomware-gangs-that-dont-threaten-to-leak-your-data-steal-it-anyway/ And these human-operated ransomware gangs have stepped up attacks amid the pandemic to maximize profits. Just because ransomware attackers haven’t threatened to leak your company’s data, it doesn’t mean they haven’t stolen it, Microsoft warns.

Estonia: Foreign hackers breached local email provider for targeted attacks

www.zdnet.com/article/estonia-foreign-hackers-breached-local-email-provider-for-targeted-attacks/ Hackers hijacked a small number of Mail.ee accounts “belonging to persons of interest to a foreign country.”. State-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee. The attacks took place last year and the vulnerability in Mail.ee’s service has been fixed, the Estonian Internal Security Service (KaPo) said in an end-of-year report published this month. Read also:


You might be interested in …

Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also: www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/, www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack Microsoft details the most clever phishing techniques it saw in 2019 www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this […]

Read More

Daily NCSC-FI news followup 2020-08-25

DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown labs.ripe.net/Members/daniel_kopp/ddos-hide-and-seek In this article, we investigated booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting fifteen booter websites in December 2018. We investigated and compared attack properties of multiple booter services by launching DDoS attacks against our own […]

Read More

Daily NCSC-FI news followup 2020-09-24

#InstaHack: how researchers were able to take over the Instagram App using a malicious image blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/ Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.