Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy

threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.

8 U.S. City Websites Targeted in Magecart Attacks

threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.

Admin of carding portal behind $568M in losses pleads guilty

www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/ Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization’s carding portal, today pleaded guilty to RICO conspiracy.

Firm That Tracked Protesters Targeted Evangelicals During 2016 Election

www.vice.com/en_us/article/9353qv/mobilewalla-tracked-protesters-targeted-evangelicals-during-2016-election The CEO of data broker Mobilewalla, which worked with Republican SuperPACs, says it tracked Evangelicals’ cell phone locations for six months.

Almost 300 Windows 10 executables vulnerable to DLL hijacking

www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/ A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.

GeoVision access control devices let hackers steal fingerprints

www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/ GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors.

Suomalaisia yritetään huijata ennätysmäärin varo näitä kolmea petkutusta

www.tivi.fi/uutiset/tv/65fc5798-cfe6-4c5c-a87c-8657363985e7 Puhelimen soidessa kannattaa nyt olla tarkkana, sillä suomalaisia kiusaa parhaillaan poikkeuksellisen suurilukuinen määrä puhelinhuijareita. Yleisimmässä huijausmallissa uhrit ovat menettäneet keskimäärin tuhansia euroja.

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68 Almost 110, 000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the companies investigated in these incidents were not in compliance with PCI DSS requirement 6, the rule that requires store owners to run up-to-date systems.

Russian Cybercrime Boss Burkov Gets 9 Years

krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/ A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

You might be interested in …

Daily NCSC-FI news followup 2021-02-08

Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack-into-private-signal-messages-on-a-locked-iphone-evidence-indicates-yes/ The FBI appears to have a tool that can access Signal messages, even if a device is locked. WestRock Ransomware Attack Hinders Packaging Production threatpost.com/westrock-ransomware-attack/163717/ The ransomware attack, affecting OT systems, resulted in some of WestRock’s facilities lagging in […]

Read More

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Daily NCSC-FI news followup 2021-05-14

[The Irish Health Service Executive] shuts down IT systems amid significant cyber attack www.irishtimes.com/news/health/hse-shuts-down-it-systems-amid-significant-cyber-attack-1.4564957 There has been a significant ransomware attack on the Health Service Executives (HSE) IT systems.. The HSE said it has taken the precaution of shutting down all its IT systems in order to protect them from this attack and to allow […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.