Bizarro banking malware targets 70 banks in Europe and South America
www.bleepingcomputer.com/news/security/bizarro-banking-malware-targets-70-banks-in-europe-and-south-america/ The malware spreads through phishing emails that are typically disguised as official tax-related messages informing of outstanding obligations. The malware can terminate online banking sessions and force the user to re-enter the account credentials, while also transferring those credentials to the attackers. There are also an extensive set of commands the backdoor functionality has, including key logging, displaying fake pop-up messages and control of mouse and keyboard.
It took over 80 different developers to review and fix mess made by students who sneaked bad code into Linux
www.theregister.com/2021/05/21/linux_5_13_patches/ Earlier, computer scientist at the University of Minnesota sneaked bad code into Linux as an experiment. Greg Kroah-Hartman, leading Linux kernel maintainer, has been posting extensively about the fallout of the experiment and the size of the cleanup effort.
Microsoft Exchange admin portal blocked by expired SSL certificate
www.bleepingcomputer.com/news/microsoft/microsoft-exchange-admin-portal-blocked-by-expired-ssl-certificate/ The Exchange admin portal is was inaccessible after Microsoft forgot to renew the SSL certificate. For Google Chrome users the site couldn’t be accessed at all and for Firefox users a warning was displayed about the insecure connection.
Belgium approves new cyber strategy with emphasis on essential institutions
therecord.media/belgium-approves-new-cyber-strategy-with-emphasis-on-essential-institutions/ After Belgium’s parliament, universities, and scientific institutions were hit by a cyberattack, a new cybersecurity strategy has been approved. Six strategic areas they are focusing on are: investing in secure network infrastructure; raising awareness of cybersecurity threats; protecting vital institutions; deterring cyberattacks; improving public, private, and academic partnerships; and articulating a clear international commitment to the issue.
Didier Stevens updates 1768.py, the Cobalt Stike beacon analyzer
blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ The new version supports more encodings and option to output the config in JSON format. More information about the tool:
isc.sans.edu/forums/diary/Quick%20Tip%20Cobalt%20Strike%20Beacon%20Analysis/26818. A related video to understanding Cobalt Strike traffic:
Everything you ever wanted to know about DNS and more!
isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ It’s not DNS. There’s no way it’s DNS. It was DNS. New video series from SANS ISC describes in the inner workings of DNS and walks you through some of the DNS problems.