Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers

www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service Provider), a server-side Hyper-V component.

Chilean bank shuts down all branches following ransomware attack

www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/ All BancoEstado branches will remain closed on Monday, September 7, and possibly more days. Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware.

Money from bank hacks rarely gets laundered through cryptocurrencies

www.zdnet.com/article/money-from-bank-hacks-rarely-gets-laundered-through-cryptocurrencies/ Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week. These funds are usually laundered using an assortment of techniques, such as money mules, front companies, cash businesses, cryptocurrencies, and investments back into other forms of crime. Some groups might rely on one technique, while others may combine multiple.

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

thehackernews.com/2020/09/emv-payment-card-pin-hacking.html The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN, and even trick a point of sale (PoS) terminal into accepting an unauthentic offline card transaction. This, however, doesn’t impact Mastercard, American Express, and JCB. Research: emvrace.github.io/

FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks

www.cnet.com/news/fcc-estimates-itll-cost-1-8b-to-remove-huawei-zte-equipment-from-us-networks/ The two Chinese tech giants have been designated national security threats.

Samsung scores $6.6bn for 5G at Verizon

www.theregister.com/2020/09/07/samsung_wins_verizon_5g/ Samsung Electronics has won a $6.6bn contract to supply 5G infrastructure to Verizon in the US, beating out more established and traditional telco suppliers Nokia and Ericsson.

You might be interested in …

Daily NCSC-FI news followup 2019-06-26

Security flaw in LTE networks can let hackers send false presidential alerts cyware.com/news/security-flaw-in-lte-networks-can-let-hackers-send-false-presidential-alerts-109ceabf A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts. New Silex malware is bricking IoT devices, has scary plans www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ A new […]

Read More

Daily NCSC-FI news followup 2020-06-23

Introducing the TypeRefHash (TRH) www.gdatasoftware.com/blog/2020/06/36164-introducing-the-typerefhash-trh We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware families. Zoom 5 moves toward security www.kaspersky.com/blog/zoom-5-security/36001/ Zoom developers have made their service more secure. We review whats […]

Read More

Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.