Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites

www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.

Hacking group exploits ZeroLogon in automotive, industrial attack wave

www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper.

Four Industrial Control System Vendors Warn of Critical Bugs

threatpost.com/ics-vendors-warn-critical-bugs/161333/ In addition to the Real Time Automation and Paradox bugs, high-severity flaws were made public by Sensormatic Electronics, a subsidiary of Johnson Controls, and ICS behemoth Schneider Electric.

Be Very Sparing in Allowing Site Notifications

krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/ KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.

Ransomware attack forces web hosting provider Managed.com to take servers offline

www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/ Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack

The ransomware landscape is more crowded than you think

www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/#ftag=RSSbaffb68 More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing. RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.

You might be interested in …

Daily NCSC-FI news followup 2021-08-07

Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/ Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together. […]

Read More

Daily NCSC-FI news followup 2021-04-17

Major BGP leak disrupts thousands of networks globally www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources. […]

Read More

Daily NCSC-FI news followup 2021-04-29

Prime targets: Governments shouldn’t go it alone on cybersecurity www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/ A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital “BadAlloc” Memory allocation vulnerabilities could affect wide range of IoT and OT devices […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.