Daily NCSC-FI news followup 2020-04-29

Rogue affiliates are running fake antivirus expiration scams

www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/ Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale.

Microsoft warns of malware surprise pushed via pirated movies

www.bleepingcomputer.com/news/security/microsoft-warns-of-malware-surprise-pushed-via-pirated-movies/ Pirate streaming services and movie piracy sites have seen a huge surge of incoming traffic during the COVID-19 pandemic with most people now having to stay inside due to shelter in place and lockdown orders.

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

blog.rapid7.com/2020/04/27/cve-2020-12271-sophos-xg-firewall-pre-auth-sql-injection-vulnerability-remediation-guidance-and-exposure-overview/ We crafted a lightweight study (a more thorough one is in the works) to grab any accessible user and/or admin pages from the discovered nodes and extract that ver= build string. Just over 65, 500 appliances happily gave up their version information as noted in the figure at the top of the post, with a fairly inexcusably sizable corpus (~25%) of unpatched (as of Monday, April 27, 2020) systems. What’s next?. The Rapid7 Labs team is refining the Sophos version identification studies and will continue to monitor Project Heisenberg for opportunistic exploitation attempts. We’ll update this blog post as more information surfaces. Again, any service provider or individual organization running a Sophos XG appliance should remediate as quickly as possible.

Remote spring: the rise of RDP bruteforce attacks

securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820/ With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the increased number of people using remote-access tools.

Ad Hoc or Managed Penetration Testing: Which One Is Best for You?

securityintelligence.com/posts/ad-hoc-or-managed-penetration-testing-which-one-is-best-for-you/ Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-needed affair that takes place once or twice a year? Or do you need a managed testing program that is continual and coordinated by an outside testing team?

Google discloses zero-click bugs impacting several Apple operating systems

www.zdnet.com/article/google-discloses-zero-click-bugs-impacting-several-apple-operating-systems/ Apple needs to follow in Google and Mozilla’s footsteps and secure its multimedia processing libraries. Multimedia processing components are one of today’s most dangerous attack surfaces in any operating system. When it comes to managing multimedia files, all operating systems work the same. Any new multimedia file — image, audio, video — that reaches a device is automatically transferred to a local OS library that parses the file to know what it is and what to do with it next. Read also:


Two Usenet providers blame data breaches on partner company

www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/ Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on “a security vulnerability at a partner company.”

Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

thehackernews.com/2020/04/adobe-software-updates.html It’s not ‘Patch Tuesday, ‘ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities.

Grandoreiro: How engorged can an EXE get?

www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/ In this installment of our series, we introduce Grandoreiro, a Latin American banking trojan targeting Brazil, Mexico, Spain and Peru. As such, it shows unusual effort by its authors to evade detection and emulation, and progress towards a modular architecture.

Would You Have Fallen for This Phone Scam?

krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/ You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Pilaa nettihuijarin päivä!

kulma.kkv.fi/2020/04/29/pilaa-nettihuijarin-paiva/ Oman tiedon kartuttaminen on parasta ennaltaehkäisyä nettihuijausten välttämisessä. Tiedätkö mitä tehdä, jos luottokortti- tai henkilötietosi varastetaan? Tilasitko takin ja posti toikin kaulakorun? Saitko pankin nimissä tekstiviestin, jossa pyydetään päivittämään henkilötiedot? Saitko sosiaalisessa mediassa kaveripyynnön täysin vieraalta ulkomaalaiselta henkilöltä?

Alert (AA20-120A) – Microsoft Office 365 Security Recommendations

www.us-cert.gov/ncas/alerts/aa20-120a This Alert is an update to the Cybersecurity and Infrastructure Security Agency’s May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to O365 for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365.

Upgraded Aggah malspam campaign delivers multiple RATs

blog.talosintelligence.com/2020/04/upgraded-aggah-malspam-campaign.html Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs).

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

www.darkreading.com/threat-intelligence/phishers-start-to-exploit-oil-industry-amid-covid-19-woes/d/d-id/1337683 While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm. The oil and gas industry has been taking a beating as severe as any other hit hard by the COVID-19 shutdown. Tanker ships loaded with crude idle in the ocean, traders struggle to store what has already been pumped, and last week prices per barrel plummeted into negative sums. With all that going on, the industry is ripe for hackers to exploit.

Numerous sites leak user emails to advertising, analytics services

www.bleepingcomputer.com/news/security/numerous-sites-leak-user-emails-to-advertising-analytics-services/ Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a recent research published today.

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

threatpost.com/threatlist-bots-spike-e-commerce-and-travel/155302/ Overall bot activity on the web has soared, with a 26 percent growth rate attacks on applications, APIs and mobile sites are all on the rise. Read also:


Security experts warn: Don’t let contact-tracing app lead to surveillance

www.zdnet.com/article/security-experts-warn-dont-let-contact-tracing-app-lead-to-surveillance/ More than 170 UK researchers and scientists working in information security and privacy have signed a joint statement about their concerns over NHS plans to use a contact-tracing app to help contain the coronavirus outbreak, warning that the government must not create a tool that could be used for the purposes of surveillance.

Microsoft: Ransomware gangs that don’t threaten to leak your data steal it anyway

www.zdnet.com/article/microsoft-ransomware-gangs-that-dont-threaten-to-leak-your-data-steal-it-anyway/ And these human-operated ransomware gangs have stepped up attacks amid the pandemic to maximize profits. Just because ransomware attackers haven’t threatened to leak your company’s data, it doesn’t mean they haven’t stolen it, Microsoft warns.

Estonia: Foreign hackers breached local email provider for targeted attacks

www.zdnet.com/article/estonia-foreign-hackers-breached-local-email-provider-for-targeted-attacks/ Hackers hijacked a small number of Mail.ee accounts “belonging to persons of interest to a foreign country.”. State-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee. The attacks took place last year and the vulnerability in Mail.ee’s service has been fixed, the Estonian Internal Security Service (KaPo) said in an end-of-year report published this month. Read also:


You might be interested in …

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Read More

Daily NCSC-FI news followup 2021-04-01

www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm/ BazarCall malware uses malicious call centers to infect victims www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs […]

Read More

Daily NCSC-FI news followup 2021-05-08

Largest U.S. pipeline shuts down operations after ransomware attack www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/ Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack. Colonial Pipeline transports refined petroleum products between refineries located in the Gulf Coast and markets throughout the southern and eastern United […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.