Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns

blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% of organizations worldwide. The new variant of Agent Tesla has been modified to steal Wi-Fi passwords in addition to other information such as Outlook email credentials from target PCs.

Zeus Sphinx Back in Business: Some Core Modifications Arise

securityintelligence.com/posts/zeus-sphinx-back-in-business-some-core-modifications-arise/ The Zeus Sphinx banking Trojan is financial malware that was built upon the existing and leaked codebase of the forefather of many other Trojans in this class: Zeus v2.0.8.9. Over the years, Sphinx has been in different hands, initially offered as a commodity in underground forums and then suspected to be operated by various closed gangs.

Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months

www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/ Package and mail delivery giant Pitney Bowes has suffered a second ransomware attack in the past seven months, ZDNet has learned. The incident came to light today after a ransomware gang known as Maze published a blog post claiming to have breached and encrypted the company’s network.. Also:


Microsoft and Intel project converts malware into images before analyzing it

www.zdnet.com/article/microsoft-and-intel-project-converts-malware-into-images-before-analyzing-it/ Microsoft and Intel have recently collaborated on a new research project that explored a new approach to detecting and classifying malware. Called STAMINA (STAtic Malware-as-Image Network Analysis), the project relies on a new technique that converts malware samples into grayscale images and then scans the image for textural and structural patterns specific to malware samples.

Ransomware Hit ATM Giant Diebold Nixdorf

krebsonsecurity.com/2020/05/ransomware-hit-atm-giant-diebold-nixdorf/ Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ SECURITY PARANOIACS HAVE warned for years that any laptop left alone with a hacker for more than a few minutes should be considered compromised. Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs.. Also:





Venäläishakkereiden jättipotti? Kolmen vuoden viestit kopioitu

www.tivi.fi/uutiset/tv/7a6d0622-1d9f-473d-8179-177ff018d5b9 Saksassa on kerrottu tempusta, johon syylliseksi tai vähintään takapiruksi epäillään Venäjän sotilastiedustelupalvelua GRU:ta. Kyse on liittokansleri Angela Merkelin sähköpostilaatikoiden murtamisesta.

WordPress plugin bugs can let hackers take over almost 1M sites

www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/ Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites.

Threat Spotlight: Astaroth Maze of obfuscation and evasion reveals dark stealer

blog.talosintelligence.com/2020/05/astaroth-analysis.html Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. Complex maze of obfuscation and anti-analysis/evasion techniques implemented by Astaroth inhibit both detection and analysis of the malware family. I: Creative use of YouTube channel descriptions for encoded and encrypted command and control communications (C2) implemented by Astaroth.

Texas Courts hit by ransomware, network disabled to limit spread

www.bleepingcomputer.com/news/security/texas-courts-hit-by-ransomware-network-disabled-to-limit-spread/ The Texas court system was hit by ransomware on Friday night, May 8th, which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems.

Iran reports failed cyber-attack on Strait of Hormuz port

www.zdnet.com/article/iran-reports-failed-cyber-attack-on-strait-of-hormuz-port/ Iranian officials said on Sunday that hackers damaged a small number of computers in a failed cyber-attack against the port of Bandar Abbas, the country’s largest port in the Strait of Hormuz. Details about the cyber-attack’s nature remain unknown. Last week, when the attack took place, local officials from the Ports and Maritime Organization (PMO) in the state of Hormozgan denied that anything had gone wrong.

Breaking news? App promises news feeds, brings DDoS attacks instead

www.welivesecurity.com/2020/05/11/breaking-news-app-promises-news-brings-ddos-attacks/ ESET researchers discovered a malicious Android app used for launching DDoS attacks. Thanks to the fact it was ESETs website that was targeted, ESET researchers were able to identify the app, analyze it and report it to Google who swiftly removed it from the Play store.

Unpatched Bugs in Oracle iPlanet Opens Door to Info-Disclosure, Injection

threatpost.com/unpatched-bugs-oracle-iplanet/155639/ A pair of vulnerabilities in Oracles iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs (CVE-2020-9315 and CVE-2020-9314) are specifically found in the web administration console of iPlanet version 7, which has reached end-of-life and is no longer supported hence no patches.

You might be interested in …

Daily NCSC-FI news followup 2020-03-17

Working from home: Cybersecurity tips for remote workers www.zdnet.com/article/working-from-home-cybersecurity-tips-for-remote-workers/ Switching to remote working because of the coronavirus can create cybersecurity problems for employers and employees. Here are some things to watch.. ENISA said it had already seen an increase in coronavirus-related phishing attacks. The agency recommends, as far as possible, that workers try to not […]

Read More

Daily NCSC-FI news followup 2021-08-08

Australian govt warns of escalating LockBit ransomware attacks www.bleepingcomputer.com/news/security/australian-govt-warns-of-escalating-lockbit-ransomware-attacks/ The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. According to the agency, LockBit victims also report threats of having data stolen during the attacks leaked online, a known and popular tactic among ransomware […]

Read More

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.