Daily NCSC-FI news followup 2020-05-29

Highly-targeted attacks on industrial sector hide payload in images

www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/ Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. Victims in multiple countries (Japan, the U.K., Germany, Italy) were identified. Some of them supply equipment and software solutions to industrial enterprises.

Fortune 500 company NTT discloses security breach

www.zdnet.com/article/fortune-500-company-ntt-discloses-security-breach/ Japanese telecommunications giant NTT says hackers breached its internal network and stole data on 621 customers.

Microsoft bans Trend Micro driver from Windows 10 for “cheating” hardware tests

www.itpro.co.uk/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10 Microsoft has blocked a free antivirus tool developed by Trend Micro after the security firm was accused of designing its driver to “cheat” hardware tests through coding trickery.

New Octopus Scanner malware spreads via GitHub supply chain attack

www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/ Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). While investigating this malware, GitHub Security Lab researchers found 26 open source projects compromised by Octopus Scanner

NetWalker Ransomware – What You Need to Know

www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/ NetWalker, like the Maze ransomware and a small number of other ransomware families, aggressively threatens to publish victims’ data on the internet if ransoms are not paid.

Michigan State University hit by NetWalker ransomware gang

www.zdnet.com/article/michigan-state-university-hit-by-ransomware-gang/ In case MSU officials refuse to pay or choose to restore from backups, the ransomware gang is prepared to leak documents stolen from the university’s network on a special website the group is operating on the dark web.

200K sites with buggy WordPress plugin exposed to takeover attacks and wiped sites

www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/ PageLayer is a WordPress plugin with over 200, 000+ active installations according to numbers available on its WordPress plugins repository entry.

Hack-For-Hire Criminals Spoof WHO To Target Google Credentials

threatpost.com/hack-hire-spoof-who-google-credentials/156100/ Hack-for-hire organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials.

Google Threat Analysis Group: Updates about government-backed hacking and disinformation

blog.google/threat-analysis-group/updates-about-government-backed-hacking-and-disinformation Last month, we sent 1, 755 warnings to users whose accounts were targets of government-backed attackers.

You might be interested in …

Daily NCSC-FI news followup 2020-01-18

Microsoft Issues Mitigation for Actively Exploited IE Zero-Day www.bleepingcomputer.com/news/security/microsoft-issues-mitigation-for-actively-exploited-ie-zero-day/ Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.. Redmond’s advisory says that the company is aware of “limited targeted attacks” targeting this vulnerability. Kriittinen nollap√§iv√§haavoittuvuus Internet Explorerissa (CVE-2020-0674) www.kyberturvallisuuskeskus.fi/fi/kriittinen-nollapaivahaavoittuvuus-internet-explorerissa-cve-2020-0674 Microsoft on julkaissut tiedotteen […]

Read More

Daily NCSC-FI news followup 2021-10-14

Analyzing Email Services Abused for Business Email Compromise www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses despite the decrease in number of victims. Our continued monitoring of BEC activities […]

Read More

Daily NCSC-FI news followup 2020-06-07

Fake ransomware decryptor double-encrypts desperate victims’ files www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. New Tekya Ad Fraud Found […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.