Daily NCSC-FI news followup 2021-10-17

Do Not Exchange! It has a Shell Inside

www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside Threat Researchers recently discovered several new Microsoft Exchange vulnerabilities in ProxyShell that allow attackers to gain remote-code execution capabilities. While these vulnerabilities were disclosed to Microsoft and mostly patched prior to the technical details of the vulnerabilities becoming public, many Exchange servers were left unpatched and have since been compromised.

Windows 10, iOS 15, Ubuntu, Chrome fall at China’s Tianfu hacking contest

therecord.media/windows-10-ios-15-ubuntu-chrome-fall-at-chinas-tianfu-hacking-contest/ Chinese security researchers took home $1.88 million after hacking some of the world’s most popular software at the Tianfu Cup, the country’s largest and most prestigious hacking competition. The contest, which took place over the weekend of October 16 and 17 in the city of Chengdu, was won by researchers from Chinese security firm Kunlun Lab, who took home $654, 500, a third of the total purse.

Welcome to Britain, the bank scam capital of the world

www.reuters.com/world/uk/welcome-britain-bank-scam-capital-world-2021-10-14/ A British record of 754 million pounds ($1 billion)was stolen in the first six months of this year, up 30% from the same period in 2020, according to data from banking industry body UK Finance, and up more than 60% from 2017, when it began compiling the figures.

Brazilian insurance giant Porto Seguro hit by cyberattack

www.zdnet.com/article/brazilian-insurance-giant-porto-seguro-hit-by-cyberattack/#ftag=RSSbaffb68 One of Brazil’s largest insurance groups, Porto Seguro has reported it suffered a cyberattack that resulted in instability to its service channels and some of its systems.

Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes

unit42.paloaltonetworks.com/exploits-interactsh/ Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers but also by attackers to validate vulnerabilities via real-time monitoring on the trace path for the domain.

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

www.mandiant.com/resources/defining-cobalt-strike-components Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs).

Virus Bulletin: Old malware never dies it just gets more targeted

www.welivesecurity.com/2021/10/15/virus-bulletin-old-malware-never-dies-gets-more-targeted/ Virus Bulletin this year brought a fresh batch of amped-up, refreshed malware with lots more horsepower and devilish amounts of custom-tailored targeting. From singled-out political activist individual targets to regionalized targets, malware’s aim is getting better

Twitter suspends two accounts used by DPRK hackers to catfish security researchers

therecord.media/twitter-suspends-two-accounts-used-by-dprk-hackers-to-catfish-security-researchers/ Twitter has suspended today two accounts operated by North Korean government hackers and used as part of a clever plot to attract security researchers to malicious sites and infect their systems with malware.

Talvi­renkaista oli tulla iso lasku: Tori.fi:n myyjiä huijataan uudella tavalla

www.is.fi/digitoday/tietoturva/art-2000008332890.html Suomalaisten paljon käyttämä verkon kauppapaikka Tori.fi on myös rikollisten suosiossa. Vanhastaan tunnettu vitsaus ostajien petkuttamisesta on saanut rinnalleen huijauksia, joissa kohteena ovat nimenomaan myyjät.

You might be interested in …

Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/ Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target […]

Read More

Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of […]

Read More

Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and […]

Read More