Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied to the Chinese government however, little is known about its tactics and techniques.. Huntley pointed to APT 35 (also known as Charming Kitten) as the group targeting Trumps campaign staff. The Iran-linked hacking group has been known to use phishing as an attack vector, and in February was discovered targeting public figures in phishing attacks that stole victims email-account information.

China, Iran, and Russia worked together to call out US hypocrisy on BLM protests

www.zdnet.com/article/china-iran-and-russia-worked-together-to-call-out-us-hypocrisy-on-blm-protests/ Report from social media research group shows foreign diplomats and state-controlled media pounced on the US’ abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals.

Cycldek: Bridging the (air) gap

securelist.com/cycldek-bridging-the-air-gap/97157/ While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into its latest activities and modus operandi.

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/ During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized to deliver such kind of malicious tool, uncovering a hidden malicious campaign designed to target Italian speaking victims.. The particular chain of attack we discovered showed interesting technical patterns resembling other previous activities targeting the Italian manufacturing landscape, for this reason we decided to dig deeper.

Mozilla fixes five highrisk Firefox flaws, bug in DoH feature

www.welivesecurity.com/2020/06/04/mozilla-fixes-five-high-risk-firefox-flaws-dns-over-https/ The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers

FULL INFRASTRUCTURE TAKEOVER OF VMWARE CLOUD DIRECTOR (CVE-2020-3956)

citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ How a single simple form submission can be manipulated to gain control of any Virtual Machine (VM) within VMware Cloud Director. The story of a critical vulnerability that enables a full infrastructure takeover.

CPA Canada discloses data breach affecting 329,000 individuals

www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/ Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/ After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

Tycoon Ransomware Banks on Unusual Image File Tactic

threatpost.com/tycoon-ransomware-unusual-image-file-tactic/156326/ To fly under the radar, the newly discovered ransomware is compiled into a Java image file format thats rarely used by developers.

Kupidon is the latest ransomware targeting your data

www.bleepingcomputer.com/news/security/kupidon-is-the-latest-ransomware-targeting-your-data/ The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks, but also home user’s personal data.

Älä avaa sitä ansioluetteloa! Saattaa sisältää pankkitietoja varastavan haittaohjelman

www.tivi.fi/uutiset/tv/49fce975-e43e-408f-8f07-45b8c3330b78 Check Point Software Technologies varoittaa erikoisesta haittaohjelmasta, joka saalistaa varomattomien työnantajien pankkitietoja. Julkaisemassaan tiedotteessa Check Point kertoo, että haittaohjelma on naamioitunut työnhakuun liittyvän ansioluettelon liitetiedostoksi.

WhatsApp Phone Numbers Pop Up in Google Search Results But is it a Bug?

threatpost.com/whatsapp-phone-numbers-google-search-results/156141/ A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a privacy issue for users.

Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/ We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones

Not so FastCGI!

isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ This past month, we’ve seen some new and different scans targeting tcp ports between 8000 and 10,000.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.