Daily NCSC-FI news followup 2020-10-02

Emotet malware takes part in the 2020 U.S. elections

www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/ Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative.

XDSpy cyber-espionage group operated discretely for nine years

www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/ Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Lisäksi:

vblocalhost.com/presentations/xdspy-stealing-government-secrets-since-2011/. Lisäksi:


HP Device Manager backdoor lets attackers take over Windows systems

www.bleepingcomputer.com/news/security/hp-device-manager-backdoor-lets-attackers-take-over-windows-systems/ HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover.

Graphology of an Exploit Fingerprinting exploit authors to help with hunting zero-day exploits in the wild

blog.checkpoint.com/2020/10/02/graphology-of-an-exploit-fingerprinting-exploit-authors-to-help-with-hunting-zero-day-exploits-in-the-wild/ In the cyber-crime economy, which is all about exploiting vulnerabilities in software and products, the most valuable and prized asset is the zero day’ a vulnerability for which there is no patch or update available. Our research methodology was to fingerprint’ an exploit author’s working technique, looking for unique identifiers that could be associated with that individual.

Google is creating a special Android security team to find bugs in sensitive apps

www.zdnet.com/article/google-is-creating-a-special-android-security-team-to-find-bugs-in-sensitive-apps Google is hiring to create a special Android security team that will be tasked with finding vulnerabilities in highly sensitive apps on the Google Play Store. Android apps that will be on the team’s radar include COVID-19 contact tracing apps and election-related apps.

Microsoft explains the cause of the recent Office 365 outage

www.bleepingcomputer.com/news/microsoft/microsoft-explains-the-cause-of-the-recent-office-365-outage/ A preliminary report by Microsoft states that a bug in the deployment of an Azure AD service update caused Monday’s Office 365 outage.

Serious Security: Phishing without links when phishers bring along their own web pages

nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/ In the past few days we received two phishing campaigns one sent in by a thoughtful reader and the other spammed directly to us that we thought would tell a useful visual story.

Attacks Aimed at Disrupting the Trickbot Botnet

krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot

You might be interested in …

Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts o365blog.com/post/phishing/ Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/ U.S. Bookstore giant Barnes & Noble has disclosed that they […]

Read More

Daily NCSC-FI news followup 2021-02-21

Experian challenged over massive data leak in Brazil www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens. After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and […]

Read More

Daily NCSC-FI news followup 2020-06-18

Car autopilot security www.kaspersky.com/blog/protecting-adas/35961/ Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). . The main issue that autopilot manufacturers must address is guaranteeing reliability and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.