Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before

www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet.

Google offers up $50k in cloud credits to fuzz the hell out of JavaScript engines

www.theregister.com/2020/10/02/google_javascript_fuzzing_funds/ Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.

Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt The Threat Hunter Team at Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered a new espionage campaign carried out by the Palmerworm group (aka BlackTech) involving a brand new suite of custom malware, targeting organizations in Japan, Taiwan, the U.S., and China.

Two Members of Notorious Videogame Piracy Group “Team Xecuter” in Custody

www.justice.gov/opa/pr/two-members-notorious-videogame-piracy-group-team-xecuter-custody Two leaders of one of the world’s most notorious videogame piracy groups, Team Xecuter, have been arrested and are in custody facing charges filed in U.S. District Court in Seattle.

Python programming in the final frontier: Microsoft and NASA release student learning portal

www.techrepublic.com/article/python-programming-in-the-final-frontier-microsoft-and-nasa-release-student-learning-portal/ Overall, the project includes three different NASA-inspired lessons. These learning pathways were created by computer scientist and entrepreneur Sarah Guthals to teach programming fundamentals using space exploration challenges and themes.

Online avatar service Gravatar allows mass collection of user info

www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/ A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots.

Two North American hospitality merchants hacked in May and June

www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/ Visa did not share the name of the two victims but said that one company had three different strains of point-of-sale (POS) malware on its network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.