Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before

www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet.

Google offers up $50k in cloud credits to fuzz the hell out of JavaScript engines

www.theregister.com/2020/10/02/google_javascript_fuzzing_funds/ Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.

Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt The Threat Hunter Team at Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered a new espionage campaign carried out by the Palmerworm group (aka BlackTech) involving a brand new suite of custom malware, targeting organizations in Japan, Taiwan, the U.S., and China.

Two Members of Notorious Videogame Piracy Group “Team Xecuter” in Custody

www.justice.gov/opa/pr/two-members-notorious-videogame-piracy-group-team-xecuter-custody Two leaders of one of the world’s most notorious videogame piracy groups, Team Xecuter, have been arrested and are in custody facing charges filed in U.S. District Court in Seattle.

Python programming in the final frontier: Microsoft and NASA release student learning portal

www.techrepublic.com/article/python-programming-in-the-final-frontier-microsoft-and-nasa-release-student-learning-portal/ Overall, the project includes three different NASA-inspired lessons. These learning pathways were created by computer scientist and entrepreneur Sarah Guthals to teach programming fundamentals using space exploration challenges and themes.

Online avatar service Gravatar allows mass collection of user info

www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/ A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots.

Two North American hospitality merchants hacked in May and June

www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/ Visa did not share the name of the two victims but said that one company had three different strains of point-of-sale (POS) malware on its network.

You might be interested in …

Daily NCSC-FI news followup 2021-04-10

FBI arrests man for plan to kill 70% of Internet in AWS bomb attack www.bleepingcomputer.com/news/security/fbi-arrests-man-for-plan-to-kill-70-percent-of-internet-in-aws-bomb-attack/ The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. No password […]

Read More

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.