Daily NCSC-FI news followup 2020-05-30

List of well-known web sites that port scan their visitors

www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ Last weekend, news heavily circulated that eBay.com was port scanning visitors’ computers when they browsed their site. To see what other sites may be using this script, BleepingComputer reached out to DomainTools, a cybersecurity company specializing in web domain and DNS threat intelligence. Of the sites we tested, we saw Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay port scanning our computers.

Critical ‘Sign in with Apple’ Bug Could Have Let Attackers Hijack Anyone’s Account

thehackernews.com/2020/05/sign-in-with-apple-hacking.html Bhavuk responsibly reported the issue to the Apple security team last month, and the company has now patched the vulnerability. Besides paying bug bounty to the researcher, in response, the company also confirmed that it did an investigation of their server logs and found the flaw was not exploited to compromise any account.

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

thehackernews.com/2020/05/noise-resilient-flush-attack.html Modern Intel and AMD processors are susceptible to a new form of side-channel attack. The new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS.

Amtrak resets user passwords after Guest Rewards data breach

www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/ Amtrak, a high-speed intercity passenger rail provider and an independent US government agency, operates a nationwide rail network in 46 states, the District of Columbia, and three Canadian provinces, with 30 million customers during the last nine years.

The Week in Ransomware – May 29th 2020 – Quiet before the storm?

www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-29th-2020-quiet-before-the-storm/ The biggest news is the Netwalker attack on Michigan State University and a [F]Unicorn spam campaign targeting Italy.

TrickBot Updates Propagation Module

unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/ s early as April 2020, TrickBot updated one of its propagation modules known as “mworm” to a new module called “nworm.” Infections caused through nworm leave no artifacts on an infected DC, and they disappear after a reboot or shutdown.

Valak malware targets Microsoft Exchange servers to steal enterprise data

www.zdnet.com/article/valak-targets-microsoft-exchange-servers-to-steal-enterprise-data-in-active-campaigns/ The malware has been spotted in active campaigns mainly focused entities in the US and Germany, having previously been bundled together with Ursnif and IcedID banking Trojan payloads

You might be interested in …

Daily NCSC-FI news followup 2019-11-25

Livingston School District in New Jersey Hit With Ransomware www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/ Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. Hidden Cam Above […]

Read More

Daily NCSC-FI news followup 2021-06-27

Builder for Babuk Locker ransomware leaked online therecord.media/builder-for-babuk-locker-ransomware-leaked-online/ The builder for the Babuk Locker ransomware was leaked online this week, allowing easy access to an advanced ransomware strain to any would-be criminal group looking to get into the ransomware scene with little to no development effort Google announces unified vulnerability schema to strengthen open-source security […]

Read More

Daily NCSC-FI news followup 2021-06-17

Black Kingdom ransomware securelist.com/black-kingdom-ransomware/102873/ Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.