Daily NCSC-FI news followup 2020-05-30

List of well-known web sites that port scan their visitors

www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ Last weekend, news heavily circulated that eBay.com was port scanning visitors’ computers when they browsed their site. To see what other sites may be using this script, BleepingComputer reached out to DomainTools, a cybersecurity company specializing in web domain and DNS threat intelligence. Of the sites we tested, we saw Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay port scanning our computers.

Critical ‘Sign in with Apple’ Bug Could Have Let Attackers Hijack Anyone’s Account

thehackernews.com/2020/05/sign-in-with-apple-hacking.html Bhavuk responsibly reported the issue to the Apple security team last month, and the company has now patched the vulnerability. Besides paying bug bounty to the researcher, in response, the company also confirmed that it did an investigation of their server logs and found the flaw was not exploited to compromise any account.

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

thehackernews.com/2020/05/noise-resilient-flush-attack.html Modern Intel and AMD processors are susceptible to a new form of side-channel attack. The new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS.

Amtrak resets user passwords after Guest Rewards data breach

www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/ Amtrak, a high-speed intercity passenger rail provider and an independent US government agency, operates a nationwide rail network in 46 states, the District of Columbia, and three Canadian provinces, with 30 million customers during the last nine years.

The Week in Ransomware – May 29th 2020 – Quiet before the storm?

www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-29th-2020-quiet-before-the-storm/ The biggest news is the Netwalker attack on Michigan State University and a [F]Unicorn spam campaign targeting Italy.

TrickBot Updates Propagation Module

unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/ s early as April 2020, TrickBot updated one of its propagation modules known as “mworm” to a new module called “nworm.” Infections caused through nworm leave no artifacts on an infected DC, and they disappear after a reboot or shutdown.

Valak malware targets Microsoft Exchange servers to steal enterprise data

www.zdnet.com/article/valak-targets-microsoft-exchange-servers-to-steal-enterprise-data-in-active-campaigns/ The malware has been spotted in active campaigns mainly focused entities in the US and Germany, having previously been bundled together with Ursnif and IcedID banking Trojan payloads

You might be interested in …

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Read More

Daily NCSC-FI news followup 2020-11-27

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark […]

Read More

Daily NCSC-FI news followup 2019-09-25

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.