Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.. Also:


A hacker group is selling more than 73 million user records on the dark web

www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/ A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products. The hackers are the same group who breached last week Tokopedia, Indonesia’s largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company’s entire database of 91 million user records on sale for $5,000.. Also:


Rail vehicle manufacturer Stadler hit by cyberattack, blackmailed

www.bleepingcomputer.com/news/security/rail-vehicle-manufacturer-stadler-hit-by-cyberattack-blackmailed/ International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. Stadler manufactures a wide range of railway vehicles from high-speed trains to tramways and trams, and it is the worlds leading service provider in the rack-and-pinion rail vehicle industry.

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

www.theregister.co.uk/2020/05/08/samsung_android_patches/ Samsung has patched a serious security hole in its smartphones that can be exploited by maliciously crafted text messages to hijack devices. It appears no user interaction is required: if Samsung’s messaging app bundled with phones since 2015 receives a booby-trapped MMS, it will parse it automatically before the user even opens it. This will trigger a vulnerability in the Skia graphics library, used by the app to decode the message’s embedded Qmage image.

North Korean hackers infect real 2FA app to compromise Macs

www.bleepingcomputer.com/news/security/north-korean-hackers-infect-real-2fa-app-to-compromise-macs/ Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT variant for macOS borrows from them much of the functionality and code.

Companies Struggle for Effective Cybersecurity

www.darkreading.com/operations/companies-struggle-for-effective-cybersecurity/d/d-id/1337779?_mc The money companies are spending on cybersecurity tools doesn’t necessarily result in better security, a new survey shows. Organizations of all sizes are under near-constant attack from cybercriminals that we know. And of course they must defend themselves against attacks. But there are some huge questions about just how effective their ability to do so is. A new report by Mandiant Security Validation aims to address those questions.

Scams to watch out for not just this Mothers Day

www.welivesecurity.com/2020/05/08/scams-watch-out-mothers-day/ As it is with every special occasion, large or small, in the run-up to Mothers Day retailers are promoting special offers to honor all mothers around the world. That provides ample opportunity for cybercriminals to pull out all the stops in their mission to make money off of everything. even a kind occasion like this. Scammers wont just be focusing on masquerading as vendors; they will probably stoop as low as possible and try to woo single mothers in search of romance and swindle them out of their money.

Hackers Target WHO by Posing as Think Tank, Broadcaster

www.bloomberg.com/news/articles/2020-05-07/hackers-target-who-by-posing-as-think-tank-broadcaster The messages began arriving in World Health Organization employees inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers. But a close examination revealed that they contained malicious links, and some security experts have traced the emails to a hacking group in Iran believed to be sponsored by the government.

You might be interested in …

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2020-02-19

ISS: Security incident impacting parts of the IT environment www.fi.issworld.com/ On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident. Dharma […]

Read More

Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn. threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys ENTSO-E: cyber intrusion on its office […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.