Daily NCSC-FI news followup 2021-07-24

Internet Futures

www.ofcom.org.uk/__data/assets/pdf_file/0013/222205/internet-futures.pdf This report should not be seen as an exhaustive list of every innovative technology being developed. Indeed, it can be no more than a sample of the high-quality ongoing research work being conducted in industry and academia. Further, the omission or inclusion of any technology shouldnt be taken as a signal of our view of its importance. Nor are these our predictions for the future: this report . is a summary of the technologies that have been flagged to us by worldwide experts.

Google is finally doing something about Google Drive spam

arstechnica.com/gadgets/2021/07/google-is-finally-doing-something-about-google-drive-spam/ As with regular email spam, some people get tons of it and some get very little, depending on who has your email address. For people who have been hit by Google Drive spammers, it has been very frustrating to have almost no way to stop it. This feature will give at least some control.

Active Directory Certificate Services (ADCS – PKI) domain admin vulnerability

isc.sans.edu/diary/rss/27668 “Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the SAM hive was over, a new vulnerability popped up, which is much, much more dangerous unfortunately it allows a user to completely take over a Windows domain that has the ADCS service running. And those are probably running in majority of enterprises.”. “So, depending on how your enterprise uses ADCS, you could disable NTLM authentication on the IIS server and this particular attack will not be possible any more. Of course, if you do not need this particular service (web based certificate enroll) remove it completely!”. Also

www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/. Also

www.specterops.io/assets/resources/Certified_Pre-Owned.pdf

Tech support scams remain a threat globally and in Asia Pacific despite drop in encounters: Microsoft survey

news.microsoft.com/apac/2021/07/22/tech-support-scams-remain-a-threat-globally-and-in-asia-pacific-despite-drop-in-encounters-microsoft-survey/ Globally, three out of five consumers encountered a tech support scam in the last 12 months, a five-point drop since 2018. Gen Zers and Millennials most likely to continue interactions when targeted with tech support scams

Malware increasingly targets Discord for abuse

news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse/ Discord operates its own content delivery network, or CDN, where users can upload files to share with others. The service also publishes an API, enabling developers to create new ways to interact with Discord other than through its client application. We observed significant volumes of malware hosted in Discords own CDN, as well as malware interacting with Discord APIs to send and receive data.

You might be interested in …

Daily NCSC-FI news followup 2021-08-31

Attracting flies with Honey(gain): Adversarial abuse of proxyware blog.talosintelligence.com/2021/08/proxyware-abuse.html With internet-sharing applications, or “proxyware,” users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between. As proxyware has grown in popularity, attackers have taken notice […]

Read More

Daily NCSC-FI news followup 2021-08-28

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/ On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability […]

Read More

Daily NCSC-FI news followup 2021-04-01

www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm/ BazarCall malware uses malicious call centers to infect victims www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.