Daily NCSC-FI news followup 2020-05-30

List of well-known web sites that port scan their visitors

www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ Last weekend, news heavily circulated that eBay.com was port scanning visitors’ computers when they browsed their site. To see what other sites may be using this script, BleepingComputer reached out to DomainTools, a cybersecurity company specializing in web domain and DNS threat intelligence. Of the sites we tested, we saw Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay port scanning our computers.

Critical ‘Sign in with Apple’ Bug Could Have Let Attackers Hijack Anyone’s Account

thehackernews.com/2020/05/sign-in-with-apple-hacking.html Bhavuk responsibly reported the issue to the Apple security team last month, and the company has now patched the vulnerability. Besides paying bug bounty to the researcher, in response, the company also confirmed that it did an investigation of their server logs and found the flaw was not exploited to compromise any account.

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

thehackernews.com/2020/05/noise-resilient-flush-attack.html Modern Intel and AMD processors are susceptible to a new form of side-channel attack. The new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS.

Amtrak resets user passwords after Guest Rewards data breach

www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/ Amtrak, a high-speed intercity passenger rail provider and an independent US government agency, operates a nationwide rail network in 46 states, the District of Columbia, and three Canadian provinces, with 30 million customers during the last nine years.

The Week in Ransomware – May 29th 2020 – Quiet before the storm?

www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-29th-2020-quiet-before-the-storm/ The biggest news is the Netwalker attack on Michigan State University and a [F]Unicorn spam campaign targeting Italy.

TrickBot Updates Propagation Module

unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/ s early as April 2020, TrickBot updated one of its propagation modules known as “mworm” to a new module called “nworm.” Infections caused through nworm leave no artifacts on an infected DC, and they disappear after a reboot or shutdown.

Valak malware targets Microsoft Exchange servers to steal enterprise data

www.zdnet.com/article/valak-targets-microsoft-exchange-servers-to-steal-enterprise-data-in-active-campaigns/ The malware has been spotted in active campaigns mainly focused entities in the US and Germany, having previously been bundled together with Ursnif and IcedID banking Trojan payloads

You might be interested in …

Daily NCSC-FI news followup 2020-05-14

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users www.gdatasoftware.com/blog/netwire-rat-via-pasteee-and-ms-excel G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL. Sodinokibi drops greatest hits collection, and crime is the secret ingredient blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/ […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-09-30

Android Spyware Variant Snoops on WhatsApp, Telegram Messages threatpost.com/new-android-spyware-whatsapp-telegram/159694/ The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. The Emerald Connection: EquationGroup collaboration with Stuxnet fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/ This article is part of a continued ongoing effort in my research of the use of a series of libraries called Exploit […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.