Daily NCSC-FI news followup 2021-02-21

Experian challenged over massive data leak in Brazil

www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens. After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and said it is likely that the incident was initiated in a corporate environment.

Kroger data breach exposes pharmacy and employee data

www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/ Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files. Kroger is one of the largest retailers in the world, with almost 2, 800 stores in 35 states. Kroger employs approximately 500, 000 people and had over $122 billion in sales for 2019.

IronNetInjector: Turla’s New Malware Loading Tool

unit42.paloaltonetworks.com/ironnetinjector/ In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware. Unit 42 researchers have found several malicious IronPython scripts whose purpose is to load and run Turla’s malware tools on a victim’s system. The use of IronPython for malicious purposes isn’t new, but the way Turla uses it is new. The overall method is known as Bring Your Own Interpreter (BYOI).

Warning: Google Alerts abused to push fake Adobe Flash updater

www.bleepingcomputer.com/news/security/warning-google-alerts-abused-to-push-fake-adobe-flash-updater/ Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users’ computers. The threat actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords.

You might be interested in …

Daily NCSC-FI news followup 2020-03-05

Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html Over the past several weeks, FortiGuard Labs has been observing a significant increase in both legitimate and malicious activity surrounding the Coronavirus.. Threat findings via OSINT channels have yielded multiple themes, such as those appearing to be reports from trusted sources, such as governmental agencies, news […]

Read More

Daily NCSC-FI news followup 2020-07-31

Tutorial of ARM Stack Overflow Exploit against SETUID Root Program www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program In part I of this blog series, Tutorial of ARM Stack Overflow Exploit Defeating ASLR with ret2plt, I presented how to exploit a classic buffer overflow vulnerability when ASLR is enabled. That target program calls the function gets() to read a line from stdin. […]

Read More

Daily NCSC-FI news followup 2020-02-27

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now www.theregister.co.uk/2020/02/26/zyxel_security_hole/ Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right? www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/ Encryption keys forced to zero by chip-level KrØØk flaw Credit Card Skimmer Uses Fake CDNs To Evade Detection www.bleepingcomputer.com/news/security/credit-card-skimmer-uses-fake-cdns-to-evade-detection/ Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.