Daily NCSC-FI news followup 2021-05-23

Bizarro banking malware targets 70 banks in Europe and South America

www.bleepingcomputer.com/news/security/bizarro-banking-malware-targets-70-banks-in-europe-and-south-america/ The malware spreads through phishing emails that are typically disguised as official tax-related messages informing of outstanding obligations. The malware can terminate online banking sessions and force the user to re-enter the account credentials, while also transferring those credentials to the attackers. There are also an extensive set of commands the backdoor functionality has, including key logging, displaying fake pop-up messages and control of mouse and keyboard.

It took over 80 different developers to review and fix mess made by students who sneaked bad code into Linux

www.theregister.com/2021/05/21/linux_5_13_patches/ Earlier, computer scientist at the University of Minnesota sneaked bad code into Linux as an experiment. Greg Kroah-Hartman, leading Linux kernel maintainer, has been posting extensively about the fallout of the experiment and the size of the cleanup effort.

Microsoft Exchange admin portal blocked by expired SSL certificate

www.bleepingcomputer.com/news/microsoft/microsoft-exchange-admin-portal-blocked-by-expired-ssl-certificate/ The Exchange admin portal is was inaccessible after Microsoft forgot to renew the SSL certificate. For Google Chrome users the site couldn’t be accessed at all and for Firefox users a warning was displayed about the insecure connection.

Belgium approves new cyber strategy with emphasis on essential institutions

therecord.media/belgium-approves-new-cyber-strategy-with-emphasis-on-essential-institutions/ After Belgium’s parliament, universities, and scientific institutions were hit by a cyberattack, a new cybersecurity strategy has been approved. Six strategic areas they are focusing on are: investing in secure network infrastructure; raising awareness of cybersecurity threats; protecting vital institutions; deterring cyberattacks; improving public, private, and academic partnerships; and articulating a clear international commitment to the issue.

Didier Stevens updates 1768.py, the Cobalt Stike beacon analyzer

blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ The new version supports more encodings and option to output the config in JSON format. More information about the tool:

isc.sans.edu/forums/diary/Quick%20Tip%20Cobalt%20Strike%20Beacon%20Analysis/26818. A related video to understanding Cobalt Strike traffic:


Everything you ever wanted to know about DNS and more!

isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ It’s not DNS. There’s no way it’s DNS. It was DNS. New video series from SANS ISC describes in the inner workings of DNS and walks you through some of the DNS problems.

You might be interested in …

Daily NCSC-FI news followup 2020-09-19

5 ways cybercriminals can try to extort you www.welivesecurity.com/2020/09/18/five-cybercriminals-extortion-schemes/ When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks to choose from. There are some tricks, that they favor more than others, one of which is extortion. According to the FBIs latest Internet Crime Report, […]

Read More

Daily NCSC-FI news followup 2020-01-15

Hainan Xiandun Technology Company is APT40 intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40/ You knew where this was heading. Facebook to notify users of third-party app logins www.zdnet.com/article/facebook-to-notify-users-of-third-party-app-logins/ Facebook launched a new feature this week that will notify users whenever they (or somebody else) logs into a third-party app or website using their Facebook account. Have an iPhone? Use it to […]

Read More

Daily NCSC-FI news followup 2020-02-24

Operation DRBControl www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-drbcontrol-uncovering-a-cyberespionage-campaign-targeting-gambling-companies-in-southeast-asia Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia. The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns. EU Commission to staff: Switch to Signal messaging app www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/ The European Commission has told its staff to start […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.