Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic

www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices.

AgentTesla Delivered via a Malicious PowerPoint Add-In

isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this kind of macro. Really? Not in the same way as Word and Excel do!

Automating nmap scans

isc.sans.edu/diary/rss/26138 I had indicated that I often use variations on that command to automate periodic scans against a critical IP range. I had left you with some basics about what other parts of nmap can be helpful to automate this.. This week I received some questions about the automation steps, so here is the rest of the details. In practice, most of my automated scripts have evolved from this simple state, but in its very basic form here is where they evolved from.

There’s a Jailbreak Out for the Current Version of iOS

www.wired.com/story/apple-ios-unc0ver-jailbreak/ The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release. Read also:

www.zdnet.com/article/new-unc0ver-jailbreak-released-works-on-all-recent-ios-versions/

CYBERTHREATS EXPLOITING THE COVID19 EPIDEMIC AT THE EXPENSE OF SPAIN’S HEALTH SYSTEM

www.gmv.com/en/Company/Communication/News/2020/05/Informe-ciberamenazas-sistema-sanitario.html Phishing is on the rise in Spain, especially attacks exploiting the COVID19 pandemic. Spain’s health system is an attractive target for cybercriminals. Health-service providers, pharmaceutical and insurance companies and health centers all harbor between them a host of data on people’s health, plus information on the development of new drugs. If stolen, this data could impinge directly on patient care, the privacy of clinical test participants, industrial propriety or even the professional-association membership number of a medicament-prescribing doctor

Inside the NSA’s Secret Tool for Mapping Your Social Network

www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/ Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining, ” that database was much more powerful than anyone knew.

Now’s The Perfect Time to Start Using a Password Manager

www.wired.com/story/coronavirus-quarantine-start-using-password-manager/ Time has no meaning, and we’re all stuck in front of screens. You may as well secure your life while you’re always online.

Discord client turned into a password stealer by updated malware

www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/ A threat actor updated the AnarchyGrabber trojan into a new version that steals passwords and user tokens, disables 2FA, and spreads malware to a victim’s friends.

Hackers leak credit card info from Costa Rica’s state bank

www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/ Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files every week.

eBay port scans visitors’ computers for remote access programs

www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications. Over the weekend, Jack Rhysider of DarkNetDiaries discovered that when visiting eBay.com, the site performed a port scan of his computer for 14 different ports. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site. It is not confirmed why eBay is port scanning a visitor, but based on the programs being scanned for, it is most likely designed to detect hacked computers.

You might be interested in …

Daily NCSC-FI news followup 2020-07-29

www.zdnet.com/article/hacker-gang-behind-garmin-attack-doesnt-have-a-history-of-stealing-user-data ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot The vulnerability, codenamed BootHole, allows attackers to tamper with the boot-loading process that precedes starting up the actual operating system (OS). Lisäksi: kb.cert.org/vuls/id/174059 ja www.openwall.com/lists/oss-security/2020/07/29/3. Lisäksi: www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/ ja www.theregister.com/2020/07/29/grub2_code_exec_flaw/ ja eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ APT reports – APT trends report Q2 2020 securelist.com/apt-trends-report-q2-2020/97937/ For […]

Read More

Daily NCSC-FI news followup 2020-01-19

Kohta kaikki tapahtuu pilvessä Amazonin evankelista vertaa pilvipalveluita sähkölaitoksiin yle.fi/uutiset/3-11151242 Pilvipalveluista on lyhyessä ajassa muodostunut perusta, jonka päälle arkemme rakentuu. Sähköpostit, valokuvat ja pikaviestit tallentuvat kaikki palvelinkeskuksiin eri puolille maailmaa.. Suomessa yritykset ovat viime vuosien aikana siirtyneet vauhdilla pilvipalveluiden asiakkaiksi. Elinkeinoelämän keskusliiton EK:n tilastojen mukaan suurista suomalaisyrityksistä 90 prosenttia käyttää maksullisia pilvipalveluita.. Suunta on aivan […]

Read More

Daily NCSC-FI news followup 2019-06-28

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.. The malware, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.