Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy

threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.

8 U.S. City Websites Targeted in Magecart Attacks

threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.

Admin of carding portal behind $568M in losses pleads guilty

www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/ Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization’s carding portal, today pleaded guilty to RICO conspiracy.

Firm That Tracked Protesters Targeted Evangelicals During 2016 Election

www.vice.com/en_us/article/9353qv/mobilewalla-tracked-protesters-targeted-evangelicals-during-2016-election The CEO of data broker Mobilewalla, which worked with Republican SuperPACs, says it tracked Evangelicals’ cell phone locations for six months.

Almost 300 Windows 10 executables vulnerable to DLL hijacking

www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/ A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.

GeoVision access control devices let hackers steal fingerprints

www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/ GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors.

Suomalaisia yritetään huijata ennätysmäärin varo näitä kolmea petkutusta

www.tivi.fi/uutiset/tv/65fc5798-cfe6-4c5c-a87c-8657363985e7 Puhelimen soidessa kannattaa nyt olla tarkkana, sillä suomalaisia kiusaa parhaillaan poikkeuksellisen suurilukuinen määrä puhelinhuijareita. Yleisimmässä huijausmallissa uhrit ovat menettäneet keskimäärin tuhansia euroja.

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68 Almost 110, 000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the companies investigated in these incidents were not in compliance with PCI DSS requirement 6, the rule that requires store owners to run up-to-date systems.

Russian Cybercrime Boss Burkov Gets 9 Years

krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/ A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.