Daily NCSC-FI news followup 2021-10-23

Popular NPM library hijacked to install password-stealers, miners

www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/ Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. The UA-Parser-JS library is used to parse a browser’s user agent to identify a visitor’s browser, engine, OS, CPU, and Device type/model.

Hacker sells the data for millions of Moscow drivers for $800

www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/ Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019.

Ransom DDoS attacks hit multiple email providers

therecord.media/ddos-attacks-hit-multiple-email-providers/ At least three email service providers have been hit by large distributed denial of service (DDoS) attacks on Friday, resulting in prolonged outages, The Record has learned. The attacks have hit Runbox (a privacy email provider based in Norway), Posteo (a secure email provider based in Germany), and Fastmail (a privacy-first email provider based in Australia).

How to analyze a suspicious e-mail

www.kaspersky.com/blog/analyzing-mail-header/42665/ If you receive an e-mail of dubious authenticity, analyze it yourself. Here’s how. The technique is fairly uncommon in cases of mass phishing, but we see it quite a bit more in targeted messaging. If a message looks real, but you doubt the sender’s authenticity, try digging a little deeper and checking the Received header. This post describes how.

You might be interested in …

Daily NCSC-FI news followup 2020-09-06

Ransomware attack halts Argentinian border crossing for four hours www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/ Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. The ransomware demanded $4 million and leaked data from the breach online. Visa warns of new Baka credit card JavaScript skimmer […]

Read More

Daily NCSC-FI news followup 2020-10-01

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week. MAR-10303705-1.v1 Remote Access Trojan: SLOTHFULMEDIA us-cert.cisa.gov/ncas/analysis-reports/ar20-275a The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named mediaplayer.exe”, […]

Read More

Daily NCSC-FI news followup 2020-03-22

Remote working safety and security www.kaspersky.com/blog/remote-work-security/34258/?utm_source=rss&utm_medium=rss&utm_campaign=remote-work-security That makes sense: If companies are to continue functioning, and if your job is location-neutral, staying home reduces the likelihood of catching and transmitting the coronavirus while letting you continue doing your job. Honeypot – Scanning and Targeting Devices & Services isc.sans.edu/forums/diary/Honeypot+Scanning+and+Targeting+Devices+Services/25928/ I was curious this week to see […]

Read More