Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency

www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as the Agencia Tributaria the official tax agency of Spain. Here, we take a look at how the operators of Grandoreiro, an infamous Latin American banking trojan, have been using emails posing as the Agencia Tributaria in order to ensnare new victims.

A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware

thehackernews.com/2020/08/google-drive-file-versions.html An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issueof which Google is aware but, unfortunately, left unpatchedresides in the “manage versions” functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users.

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/ Freepik, a website dedicated to providing access to high-quality free photos and design graphics, has disclosed today a major security breach. The company made it official after users started grumbling on social media this week about receiving shady-looking breach notification emails in their inboxes.. Also:


The Week in Ransomware – August 21st 2020 – Ransomware Ahoy!

www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-21st-2020-ransomware-ahoy/ While it wasn’t a big week for new ransomware variants, we did learn about some ransomware attacks against very large organizations. This week BleepingComputer broke the story that Konica Minolta was hit with ransomware at the end of July that impacted some of their USA services. This was followed by Carnival Corporation, who disclosed in a 6-K SEC filing that one of their cruise brands got hit with ransomware.. We ended with the University of Utah disclosing that they decided to pay a $450,000 ransom to prevent stolen data from being leaked by the ransomware operators.

74 Days From the Presidential Election, Security Worries Mount

www.darkreading.com/risk/74-days-from-the-presidential-election-security-worries-mount/d/d-id/1338728 With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election. Spamming post offices with letters that feature a specific bar code to reset sorting machines. Creating fake reports that immigration and enforcement officers would hit certain polling places. Hacking into a COVID-19 test database and increasing the number of positive cases.

How 25 Dice In A Box Solve The Secure Password ConundrumIntroducing DiceKeys

www.forbes.com/sites/daveywinder/2020/08/22/how-25-dice-in-a-box-solve-the-secure-password-conundrum-introducing-dicekeys/ Want to create a master password that’s not only almost impossible to crack but easy to recall? Just roll the dice… There are a confusingly large number of problems with passwords, of that there can be little doubt. Password reuse across services that shoots holes in your security posture when, almost inevitably, just one of those services gets breached being among them. Recent research revealed there are more than 15 billion stolen logins available on the Dark Web, from 100,000 such breaches, which is why I, and many other security-oriented folks, recommend the use of a password manager.

Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms

www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. After leaking some of the documents, the group was banned by Twitter under its hacked files policy, however, Motherboard has been unable to confirm the authenticity of the documents.

– From SSRF to Compromise: Case Study

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/ I think every penetration tester has a story about the one that got away. The bug that LOOKED exploitable, but wasnt. The ones where youre eating into reporting time, madly trying put something together, and got absolutely nothing for your efforts. SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment youre making that internal request in.

You might be interested in …

Daily NCSC-FI news followup 2021-08-03

Five Southeast Asian telcos hacked by three different Chinese espionage groups therecord.media/five-southeast-asian-telcos-hacked-by-three-different-chinese-espionage-groups/ At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups. “These are global telcos with tens of millions of customers, ” Assaf Dahan, Senior Director and Head of Threat Research at security […]

Read More

Daily NCSC-FI news followup 2020-08-08

Small and mediumsized businesses: Big targets for ransomware attacks www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/ Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?. While large enterprises may present themselves as more lucrative prey, SMBs are an attractive target due to their lack of resources to defend against such attacks. Iranians, […]

Read More

Daily NCSC-FI news followup 2021-09-11

The Week in Ransomware – September 10th 2021 – REvil returns www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-10th-2021-revil-returns/ This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability. Their July attack affected over 1, 500 businesses and drew the full attention of international law enforcement and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.