Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites

www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.

Hacking group exploits ZeroLogon in automotive, industrial attack wave

www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper.

Four Industrial Control System Vendors Warn of Critical Bugs

threatpost.com/ics-vendors-warn-critical-bugs/161333/ In addition to the Real Time Automation and Paradox bugs, high-severity flaws were made public by Sensormatic Electronics, a subsidiary of Johnson Controls, and ICS behemoth Schneider Electric.

Be Very Sparing in Allowing Site Notifications

krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/ KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.

Ransomware attack forces web hosting provider Managed.com to take servers offline

www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/ Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack

The ransomware landscape is more crowded than you think

www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/#ftag=RSSbaffb68 More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing. RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.

You might be interested in …

Daily NCSC-FI news followup 2019-07-12

Buhtrap group uses zeroday in latest espionage campaigns www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/ ESET research reveals notorious crime group also conducting espionage campaigns for the past five years Over 17,000 Domains Infected with Code that Steals Card Data www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/ Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured […]

Read More

Daily NCSC-FI news followup 2020-09-17

Ransomware attack at German hospital leads to death of patient www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/ A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack. www.is.fi/digitoday/tietoturva/art-2000006638568.html Postin nimissä lähetettäviä huijaustekstiviestejä tulee suomalaisille hyvin aktiivisesti. Ilta-Sanomat Digitoday on saanut useita ilmoituksia viime viikonloppuna ja tällä viikolla lähetetyistä […]

Read More

Daily NCSC-FI news followup 2020-07-15

Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans – starting September 1, 2020 rootdaemon.com/2020/07/14/mozilla-joins-apple-google-in-reducing-tls-certificate-lifespans/ Currently, SSL/TLS certificates have a maximum lifespan of 825 days, but, in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days. The TLS […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.