Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy

threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.

8 U.S. City Websites Targeted in Magecart Attacks

threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.

Admin of carding portal behind $568M in losses pleads guilty

www.bleepingcomputer.com/news/security/admin-of-carding-portal-behind-568m-in-losses-pleads-guilty/ Russian national Sergey Medvedev, one of the co-founders of Internet-based cybercriminal enterprise Infraud Organization and an admin on the organization’s carding portal, today pleaded guilty to RICO conspiracy.

Firm That Tracked Protesters Targeted Evangelicals During 2016 Election

www.vice.com/en_us/article/9353qv/mobilewalla-tracked-protesters-targeted-evangelicals-during-2016-election The CEO of data broker Mobilewalla, which worked with Republican SuperPACs, says it tracked Evangelicals’ cell phone locations for six months.

Almost 300 Windows 10 executables vulnerable to DLL hijacking

www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/ A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.

GeoVision access control devices let hackers steal fingerprints

www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/ GeoVision, a Taiwanese fingerprint scanner, access control, and surveillance tech manufacturer, fixed critical vulnerabilities in their devices that could be abused by hackers and nation-state threat actors.

Suomalaisia yritetään huijata ennätysmäärin varo näitä kolmea petkutusta

www.tivi.fi/uutiset/tv/65fc5798-cfe6-4c5c-a87c-8657363985e7 Puhelimen soidessa kannattaa nyt olla tarkkana, sillä suomalaisia kiusaa parhaillaan poikkeuksellisen suurilukuinen määrä puhelinhuijareita. Yleisimmässä huijausmallissa uhrit ovat menettäneet keskimäärin tuhansia euroja.

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68 Almost 110, 000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the companies investigated in these incidents were not in compliance with PCI DSS requirement 6, the rule that requires store owners to run up-to-date systems.

Russian Cybercrime Boss Burkov Gets 9 Years

krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/ A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

You might be interested in …

[NCSC-FI News] A deeper look at the malware being used on Ukrainian targets

Over the last two months, the number of cyberattacks against Ukrainian government agencies, security and defense services, and commercial organizations has soared. Since February 24, Ukrainian security officials have identified at least eight new types of malware used by hackers to attack Ukraine: AcidRain, WhisperGate, WhisperKill, HermeticWiper, IsaacWiper, CaddyWiper, DoubleZero and Industroyer2. Source: Read More […]

Read More

[NCSC-FI News] HP fixes bug letting attackers overwrite firmware in over 200 models

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.