Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards

threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.

Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world.

New Charges, Sentencing in Satori IoT Botnet Conspiracy

krebsonsecurity.com/2020/06/new-charges-sentencing-in-satori-iot-botnet-conspiracy/ The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks.

Hackers hide credit card stealing script in favicon metadata

www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/ Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection.

New Ransom X Ransomware used in Texas TxDOT cyberattack

www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/ A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises.

Evil Corp blocked from deploying ransomware on 30 major US firms

www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/ The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies.

Chinese bank requires foreign firm to install app with covert backdoor

arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/ A multinational tech company gets schooled in the risks of doing business in China.

Hämärä singaporelaisfirma kerää suomalaisten yhteystietoja harhauttamalla listaa kumppaneikseen nimekkäitä suomalaisyrityksiä

www.is.fi/digitoday/art-2000006553111.html Ihmisille näytetään tällä hetkellä McDonald’sin nimissä mainoksia, joissa heidät houkutellaan kyselysivulle. Tämän jälkeen aukeaa sivu, jossa kysytään vastaajan yhteystietoja “lahjakorttiarvontaan osallistumiseksi”.

Näin Suomen koronasovellus toimii tartuntatautilain väliaikainen muutos hyväksyttiin tänään


TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

threatpost.com/tiktok-to-stop-clipboard-snooping-after-apple-privacy-feature-exposes-behavior/156945/ App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.

More than 75% of all vulnerabilities reside in indirect dependencies

www.zdnet.com/article/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies/ JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.

Best Practices for IoT Security: What Does That Even Mean?

arxiv.org/abs/2004.12179 We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what (generically) “best practice” means, independent of meaningfully identifying specific individual practices. We also find that an overwhelming majority of recommendations (91%) are not actual practices but rather desired outcomes.

Nvidia squashes display driver code execution, information leak bugs

www.zdnet.com/article/nvidia-squashes-display-driver-code-execution-information-leak-bugs/ The vulnerabilities impact both Windows and Linux machines.

You might be interested in …

Daily NCSC-FI news followup 2019-11-28

Threat Spotlight: Machete Info-Stealer threatvector.cylance.com/en_us/home/threat-spotlight-machete-info-stealer.html Machete is an info-stealing malware that can harvest user credentials, chat logs, screenshots, webcam pictures, geolocation, and perform keylogging. It can also copy files to a USB device and take control of the clipboard to exfiltrate information. DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy www.schneier.com/blog/archives/2019/11/dhs_mandates_fe.html The DHS is […]

Read More

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More

Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do? New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.