Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency

www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as the Agencia Tributaria the official tax agency of Spain. Here, we take a look at how the operators of Grandoreiro, an infamous Latin American banking trojan, have been using emails posing as the Agencia Tributaria in order to ensnare new victims.

A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware

thehackernews.com/2020/08/google-drive-file-versions.html An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issueof which Google is aware but, unfortunately, left unpatchedresides in the “manage versions” functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users.

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/ Freepik, a website dedicated to providing access to high-quality free photos and design graphics, has disclosed today a major security breach. The company made it official after users started grumbling on social media this week about receiving shady-looking breach notification emails in their inboxes.. Also:


The Week in Ransomware – August 21st 2020 – Ransomware Ahoy!

www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-21st-2020-ransomware-ahoy/ While it wasn’t a big week for new ransomware variants, we did learn about some ransomware attacks against very large organizations. This week BleepingComputer broke the story that Konica Minolta was hit with ransomware at the end of July that impacted some of their USA services. This was followed by Carnival Corporation, who disclosed in a 6-K SEC filing that one of their cruise brands got hit with ransomware.. We ended with the University of Utah disclosing that they decided to pay a $450,000 ransom to prevent stolen data from being leaked by the ransomware operators.

74 Days From the Presidential Election, Security Worries Mount

www.darkreading.com/risk/74-days-from-the-presidential-election-security-worries-mount/d/d-id/1338728 With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election. Spamming post offices with letters that feature a specific bar code to reset sorting machines. Creating fake reports that immigration and enforcement officers would hit certain polling places. Hacking into a COVID-19 test database and increasing the number of positive cases.

How 25 Dice In A Box Solve The Secure Password ConundrumIntroducing DiceKeys

www.forbes.com/sites/daveywinder/2020/08/22/how-25-dice-in-a-box-solve-the-secure-password-conundrum-introducing-dicekeys/ Want to create a master password that’s not only almost impossible to crack but easy to recall? Just roll the dice… There are a confusingly large number of problems with passwords, of that there can be little doubt. Password reuse across services that shoots holes in your security posture when, almost inevitably, just one of those services gets breached being among them. Recent research revealed there are more than 15 billion stolen logins available on the Dark Web, from 100,000 such breaches, which is why I, and many other security-oriented folks, recommend the use of a password manager.

Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms

www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. After leaking some of the documents, the group was banned by Twitter under its hacked files policy, however, Motherboard has been unable to confirm the authenticity of the documents.

– From SSRF to Compromise: Case Study

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/ I think every penetration tester has a story about the one that got away. The bug that LOOKED exploitable, but wasnt. The ones where youre eating into reporting time, madly trying put something together, and got absolutely nothing for your efforts. SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment youre making that internal request in.

You might be interested in …

Daily NCSC-FI news followup 2019-08-17

Apples Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market www.vice.com/en_us/article/d3a8jq/apple-corellium-lawsuit Apple sued Corellium, a company that makes virtual copies of iOS for researchers to practice hacking the iPhone on. NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down www.theregister.co.uk/2019/08/16/spying_reauthorization_coats/ In […]

Read More

Daily NCSC-FI news followup 2019-10-07

Mikko Hyppönen: Unohda nämä kaksi turvasääntöä www.is.fi/digitoday/tietoturva/art-2000006262088.html F-Securen tietoturvajohtaja Mikko Hyppönen haluaa kumota yleisen uskomuksen siitä, että kalastelun tai nettihuijauksen uhriksi joutuneet ihmiset olisivat tyhmiä tai tapahtunut olisi heidän omaa vikaansa.. Hyppösen mukaan verkkokonnien keksimät uudet keinot ovat tehneet kahdesta klassisesta turvallisen verkkosivuston tunnusmerkistä vanhentuneita. Nämä ovat osoiterivillä oleva lukon kuva sekä osoiterivillä näkyvä turvallisena […]

Read More

Daily NCSC-FI news followup 2019-12-03

An Update on Android TLS Adoption security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html Today, were happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default. Critical Android Flaw Leads to Permanent DoS threatpost.com/google-critical-android-permanent-dos-flaw/150764/ The December security update stomped […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.