Daily NCSC-FI news followup 2021-08-12

Microsoft confirms another Windows print spooler zero-day bug

www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/ Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as ‘PrintNightmare, ‘ which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.

PrintNightmare vulnerability weaponized by Magniber ransomware gang

therecord.media/printnightmare-vulnerability-weaponized-by-magniber-ransomware-gang/ The operators of the Magniber ransomware have weaponized the infamous PrintNightmare vulnerability and are now attempting to breach Windows systems in South Korea. In a report published today by security firm CrowdStrike, the company said the attacks have been taking place since at least July 13. While several different vulnerabilities in the Windows Print Spooler service are collectively referred to as PrintNightmare, CrowdStrike said the attackers weaponized CVE-2021-34527 (remote code execution in Print Spooler server). While several security experts anticipated that PrintNightmare would be exploited in the wild, especially the RCE variant, for now, the attacks have been limited to South Korea.

Microsoft warning: This unusual malware attack has just added some new tricks

www.zdnet.com/article/microsoft-warning-this-unusual-malware-attack-has-just-added-some-new-tricks/ Microsoft’s Security Intelligence team is once again raising an alarm about the call center phishing and malware group behind what it calls BazaCall. . The ‘Stolen Images’ Bazarloader campaign uses fake copyright infingement contact form emails and malicious files pretending to contain “stolen images” to trick users into downloading the malware.

Haittaohjelmien top 10: Trickbot yhä ykkönen maailmalla Flubot kalastelee suomalaisten tietoja tekstiviesteissä

www.epressi.com/tiedotteet/tietotekniikka/haittaohjelmien-top-10-trickbot-yha-ykkonen-maailmalla-flubot-kalastelee-suomalaisten-tietoja-tekstiviesteissa.html Tietoturvayhtiö Check Pointin tutkijat kertovat, että Trickbot oli heinäkuussa maailman yleisin haittaohjelma jo kolmatta kuukautta peräkkäin. Toiseksi yleisin, Snake Keylogger, ylsi globaaliin kärkikymmenikköön ensimmäistä kertaa. Suomalaisia piinasi logistiikkayritykseksi naamioituva Flubot. Suomen yleisimmät haittaohjelmat heinäkuussa 2021: 1. Flubot 2. REvil 3. Darkside 4. Formbook 5. Guloader. Flubot on Android-haittaohjelma, jota levitetään tietojenkalastelutekstiviestien välityksellä ja joka esiintyy useimmiten logistiikkayrityksenä (kuten viime aikoina DHL). Kun käyttäjä klikkaa viestissä olevaa linkkiä, FluBot asennetaan ja hakkeri saa pääsyn puhelimen arkaluonteisiin tietoihin. Esiintyvyys 1, 8 %.

Configuring Office 365’s ‘Report Phishing’ add-in for Outlook to use SERS

www.ncsc.gov.uk/guidance/configuring-o365-outlook-report-phishing-for-sers This guidance describes how to configure the Office 365 ‘Report Phishing’ add-in for Outlook, so that users can report suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS).

CobaltSpam tool can flood Cobalt Strike malware servers

therecord.media/cobaltspam-tool-can-flood-cobalt-strike-malware-servers/ A security researcher has published this week a tool to flood Cobalt Strike serversoften used by malware gangswith fake beacons in order to corrupt their internal databases of infected systems. Named CobaltSpam, the tool was developed by security researcher Mario Henkel. The idea behind CobaltSpam is to provide defenders with a way to fight back. Once they identify a Cobalt Strike server, they can flood it with fake data in order to prevent the attacker from distinguishing between the real and fake infections.

FireEye is announcing the Eighth Annual Flare-On Challenge

www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html The FLARE team is once again hosting its annual Flare-On challenge, now in its eighth year. Take this opportunity to enjoy some extreme social distancing by solving fun puzzles to test your mettle and learn new tricks on your path to reverse engineering excellence. The contest will begin at 8:00 p.m. ET on Sept. 10, 2021. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 22, 2021.

Twitter says it out loud: Removing anonymity will not stop online abuse

blog.malwarebytes.com/malwarebytes-news/2021/08/twitter-says-it-out-loud-removing-anonymity-will-not-stop-online-abuse/ An investigation by Twitter into racist tweets levied against three Black players on the English football team following the national hopefuls’ loss against Italy last month revealed that anonymity played almost no role in whether users posted abusive comments from their accounts. The analysis, which revealed that 99 percent of the accounts that Twitter suspended were not anonymous, provides the latest evidence that requiring real identities on social media platforms will not lead to any measurable decrease in online abuse. Now, after decades of this dynamic being recognized by online privacy experts, it appears that Twitterarmed with its own datahas joined the crowd that says that, thankfully, anonymity is not worth destroying.

Apple releases massive mystery bug fix update for Macs

www.zdnet.com/article/apple-releases-massive-mystery-bug-fix-update-for-macs/ macOS Big Sur 11.5.2 is out, and it’s a huge update. But we have no idea what it fixes. Clocking in at over 2.5GB, Apple describes Big Sur 11.5.2 as “bug fixes for your Mac.”. On the “how much of a hurry should I be to install this?” front, according to Apple “, this update has no published CVE entries, ” which means that unless you’re being plagued by some bug or other that you’re awaiting a fix on, you could hold off updating for a while (as long as you’re up to date on Big Sur 11.5.1, which contained some pretty important security updates).

You might be interested in …

Daily NCSC-FI news followup 2021-10-15

European Cybersecurity Month: Test your Skills with a Quiz www.enisa.europa.eu/news/enisa-news/cybersecurity-month-test-your-skills-with-a-quiz The second theme of the European Cybersecurity Month (ECSM): “Cyber First Aid” is launched today and introduces guidelines in case one falls victim of a cyberattacks. Critical infrastructure security dubbed ‘abysmal’ by researchers www.zdnet.com/article/critical-infrastructure-security-dubbed-abysmal-by-researchers/ The “abysmal” state of security for industrial control systems (ICSs) is […]

Read More

Daily NCSC-FI news followup 2020-02-08

Dangerous Domain Corp.com Goes Up for Sale krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in […]

Read More

Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.