Daily NCSC-FI news followup 2020-10-16

Microsoft issues out-of-band Windows security updates for RCE bugs

www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/ Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library.

Alert: Risk of SharePoint vulnerability to UK organisations

www.ncsc.gov.uk/news/sharepoint-vulnerability-uk-organisations The NCSC is raising awareness of a new remote code execution vulnerability (CVE-2020-16952) affecting Microsoft SharePoint. Successful exploitation of this vulnerability would allow an attacker to run arbitrary code and carry out security actions in the context of the local administrator on affected installations of SharePoint server.

800,000 SonicWall VPNs vulnerable to new remote code execution bug

www.zdnet.com/article/800000-sonicwall-vpns-vulnerable-to-new-remote-code-execution-bug/ Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday.

Critical Magento Holes Open Online Shops to Code Execution

threatpost.com/critical-magento-holes-online-shops-code-execution/160181/ Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

thehackernews.com/2020/10/linux-Bluetooth-hacking.html Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy

threatpost.com/biden-campaign-staffers-targeted-in-cyberattack-leveraging-anti-virus-lure-dropbox-ploy/160234/ Googles Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Bidens presidential campaign.

Carnival Corp. Ransomware Attack Affects Three Cruise Lines

threatpost.com/carnival-corp-ransomware-attack-cruise/160134/ Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.

NPM nukes NodeJS malware opening Windows, Linux reverse shells

www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/ NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data.

Microsoft now lets you disable insecure JScript in Internet Explorer

www.bleepingcomputer.com/news/security/microsoft-now-lets-you-disable-insecure-jscript-in-internet-explorer/ Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates.

Fancy Bear Imposters Are on a Hacking Extortion Spree

www.wired.com/story/ddos-extortion-hacking-fancy-bear-lazarus-group/ On Wednesday, the web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28.. The communications threaten that if the target doesnt send a set number of bitcointypically equivalent to tens or even hundreds of thousands of dollarsthe group will launch powerful distributed denial of service attacks against the victim

Lazarus Bear Armada (LBA) DDoS Extortion Attack Campaign October 2020

www.netscout.com/blog/asert/lazarus-bear-armada-lba-ddos-extortion-attack-campaign-october

Time to remove Nano Adblocker and Defender from your browsers (except Firefox)

www.ghacks.net/2020/10/16/time-to-remove-nano-adblocker-and-defender-from-your-browsers-except-firefox/

IAmTheKing and the SlothfulMedia malware family

securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/

You might be interested in …

Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain […]

Read More

Daily NCSC-FI news followup 2020-06-07

Fake ransomware decryptor double-encrypts desperate victims’ files www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. New Tekya Ad Fraud Found […]

Read More

Daily NCSC-FI news followup 2019-09-10

Business Email Compromise Is a $26 Billion Scam Says the FBI www.bleepingcomputer.com/news/security/business-email-compromise-is-a-26-billion-scam-says-the-fbi/ FBI’s Internet Crime Complaint Center (IC3) says that Business Email Compromise (BEC) scams are continuing to grow every year, with a 100% increase in the identified global exposed losses between May 2018 and July 2019. 281 Arrested in Worldwide Business Email Compromise Crackdown […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.