Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic

www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices.

AgentTesla Delivered via a Malicious PowerPoint Add-In

isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this kind of macro. Really? Not in the same way as Word and Excel do!

Automating nmap scans

isc.sans.edu/diary/rss/26138 I had indicated that I often use variations on that command to automate periodic scans against a critical IP range. I had left you with some basics about what other parts of nmap can be helpful to automate this.. This week I received some questions about the automation steps, so here is the rest of the details. In practice, most of my automated scripts have evolved from this simple state, but in its very basic form here is where they evolved from.

There’s a Jailbreak Out for the Current Version of iOS

www.wired.com/story/apple-ios-unc0ver-jailbreak/ The Unc0ver tool works on all versions of iOS from 11 to 13.5, the current release. Read also:

www.zdnet.com/article/new-unc0ver-jailbreak-released-works-on-all-recent-ios-versions/

CYBERTHREATS EXPLOITING THE COVID19 EPIDEMIC AT THE EXPENSE OF SPAIN’S HEALTH SYSTEM

www.gmv.com/en/Company/Communication/News/2020/05/Informe-ciberamenazas-sistema-sanitario.html Phishing is on the rise in Spain, especially attacks exploiting the COVID19 pandemic. Spain’s health system is an attractive target for cybercriminals. Health-service providers, pharmaceutical and insurance companies and health centers all harbor between them a host of data on people’s health, plus information on the development of new drugs. If stolen, this data could impinge directly on patient care, the privacy of clinical test participants, industrial propriety or even the professional-association membership number of a medicament-prescribing doctor

Inside the NSA’s Secret Tool for Mapping Your Social Network

www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/ Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining, ” that database was much more powerful than anyone knew.

Now’s The Perfect Time to Start Using a Password Manager

www.wired.com/story/coronavirus-quarantine-start-using-password-manager/ Time has no meaning, and we’re all stuck in front of screens. You may as well secure your life while you’re always online.

Discord client turned into a password stealer by updated malware

www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/ A threat actor updated the AnarchyGrabber trojan into a new version that steals passwords and user tokens, disables 2FA, and spreads malware to a victim’s friends.

Hackers leak credit card info from Costa Rica’s state bank

www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/ Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files every week.

eBay port scans visitors’ computers for remote access programs

www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/ When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications. Over the weekend, Jack Rhysider of DarkNetDiaries discovered that when visiting eBay.com, the site performed a port scan of his computer for 14 different ports. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site. It is not confirmed why eBay is port scanning a visitor, but based on the programs being scanned for, it is most likely designed to detect hacked computers.

You might be interested in …

Daily NCSC-FI news followup 2019-10-07

Mikko Hyppönen: Unohda nämä kaksi turvasääntöä www.is.fi/digitoday/tietoturva/art-2000006262088.html F-Securen tietoturvajohtaja Mikko Hyppönen haluaa kumota yleisen uskomuksen siitä, että kalastelun tai nettihuijauksen uhriksi joutuneet ihmiset olisivat tyhmiä tai tapahtunut olisi heidän omaa vikaansa.. Hyppösen mukaan verkkokonnien keksimät uudet keinot ovat tehneet kahdesta klassisesta turvallisen verkkosivuston tunnusmerkistä vanhentuneita. Nämä ovat osoiterivillä oleva lukon kuva sekä osoiterivillä näkyvä turvallisena […]

Read More

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Daily NCSC-FI news followup 2020-06-07

Fake ransomware decryptor double-encrypts desperate victims’ files www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. New Tekya Ad Fraud Found […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.