Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic

www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices.

AgentTesla Delivered via a Malicious PowerPoint Add-In

isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this kind of macro. Really? Not in the same way as Word and Excel do!

Automating nmap scans

isc.sans.edu/diary/rss/26138 I had indicated that I often use variations on that command to automate periodic scans against a critical IP range. I had left you with some basics about what other parts of nmap can be helpful to automate this.. This week I received some questions about the automation steps, so here is the rest of the details. In practice, most of my automated scripts have evolved from this simple state, but in its very basic form here is where they evolved from.

There’s a Jailbreak Out for the Current Version of iOS

www.wired.com/story/apple-ios-unc0ver-jailbreak/ The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release. Read also:



www.gmv.com/en/Company/Communication/News/2020/05/Informe-ciberamenazas-sistema-sanitario.html Phishing is on the rise in Spain, especially attacks exploiting the COVID19 pandemic. Spain’s health system is an attractive target for cybercriminals. Health-service providers, pharmaceutical and insurance companies and health centers all harbor between them a host of data on people’s health, plus information on the development of new drugs. If stolen, this data could impinge directly on patient care, the privacy of clinical test participants, industrial propriety or even the professional-association membership number of a medicament-prescribing doctor

Inside the NSA’s Secret Tool for Mapping Your Social Network

www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/ Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining, ” that database was much more powerful than anyone knew.

Now’s The Perfect Time to Start Using a Password Manager

www.wired.com/story/coronavirus-quarantine-start-using-password-manager/ Time has no meaning, and we’re all stuck in front of screens. You may as well secure your life while you’re always online.

Discord client turned into a password stealer by updated malware

www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/ A threat actor updated the AnarchyGrabber trojan into a new version that steals passwords and user tokens, disables 2FA, and spreads malware to a victim’s friends.

Hackers leak credit card info from Costa Rica’s state bank

www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/ Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files every week.

eBay port scans visitors’ computers for remote access programs

www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications. Over the weekend, Jack Rhysider of DarkNetDiaries discovered that when visiting eBay.com, the site performed a port scan of his computer for 14 different ports. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site. It is not confirmed why eBay is port scanning a visitor, but based on the programs being scanned for, it is most likely designed to detect hacked computers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.