Daily NCSC-FI news followup 2020-10-02

Emotet malware takes part in the 2020 U.S. elections

www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/ Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative.

XDSpy cyber-espionage group operated discretely for nine years

www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/ Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Lisäksi:

vblocalhost.com/presentations/xdspy-stealing-government-secrets-since-2011/. Lisäksi:

www.zdnet.com/article/eset-discovers-a-rare-apt-that-stayed-undetected-for-nine-years

HP Device Manager backdoor lets attackers take over Windows systems

www.bleepingcomputer.com/news/security/hp-device-manager-backdoor-lets-attackers-take-over-windows-systems/ HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover.

Graphology of an Exploit Fingerprinting exploit authors to help with hunting zero-day exploits in the wild

blog.checkpoint.com/2020/10/02/graphology-of-an-exploit-fingerprinting-exploit-authors-to-help-with-hunting-zero-day-exploits-in-the-wild/ In the cyber-crime economy, which is all about exploiting vulnerabilities in software and products, the most valuable and prized asset is the zero day’ a vulnerability for which there is no patch or update available. Our research methodology was to fingerprint’ an exploit author’s working technique, looking for unique identifiers that could be associated with that individual.

Google is creating a special Android security team to find bugs in sensitive apps

www.zdnet.com/article/google-is-creating-a-special-android-security-team-to-find-bugs-in-sensitive-apps Google is hiring to create a special Android security team that will be tasked with finding vulnerabilities in highly sensitive apps on the Google Play Store. Android apps that will be on the team’s radar include COVID-19 contact tracing apps and election-related apps.

Microsoft explains the cause of the recent Office 365 outage

www.bleepingcomputer.com/news/microsoft/microsoft-explains-the-cause-of-the-recent-office-365-outage/ A preliminary report by Microsoft states that a bug in the deployment of an Azure AD service update caused Monday’s Office 365 outage.

Serious Security: Phishing without links when phishers bring along their own web pages

nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/ In the past few days we received two phishing campaigns one sent in by a thoughtful reader and the other spammed directly to us that we thought would tell a useful visual story.

Attacks Aimed at Disrupting the Trickbot Botnet

krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot

You might be interested in …

Daily NCSC-FI news followup 2019-10-14

Laajamittainen häiriö Nesteen IT-järjestelmissä www.neste.com/fi/tiedotteet-ja-uutiset/laajamittainen-hairio-nesteen-it-jarjestelmissa Nesteen IT-järjestelmissä on havaittu laajamittainen häiriö. Häiriö vaikuttaa Nesteen Suomen ja Baltian toimintoihin laajasti prosessi-, säiliö- ja terminaalialueella, ja aiheuttaa viivästyksiä tuotejakelussa. Häiriön syytä tutkitaan parhaillaan yhteistyössä palveluntarjoajien kanssa. Connecting the dots: Exposing the arsenal and methods of the Winnti Group www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ New ESET white paper released describing updates to […]

Read More

Daily NCSC-FI news followup 2020-02-26

Iranian APT Targets Govs With New Malware threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/ A new campaign is targeting governments with the ForeLord malware, which steals credentials.. A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat (APT) group. Internal Docs Show Why […]

Read More

Daily NCSC-FI news followup 2020-05-14

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users www.gdatasoftware.com/blog/netwire-rat-via-pasteee-and-ms-excel G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL. Sodinokibi drops greatest hits collection, and crime is the secret ingredient blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.