Daily NCSC-FI news followup 2021-11-21

Windows 10 Zero-Click Security Exploit Wanted. Reward: $3 Million

www.forbes.com/sites/daveywinder/2021/11/21/windows-10-zero-click-security-exploit-wanted-reward-3-million/ Million-dollar security exploits, the one-click and zero-day vulnerabilities that can cause so much harm, pretty much used to be the sole territory of state-sponsored actors. However, the ransomware pandemic has changed all that. This is very bad news for everyone, including Windows 10 users, as new research reveals. The report, ‘Vulnerability Intelligence: Do you know where your flaws are?’ found that the ceiling for such zero-day pricing has now hit $10 million. Not that there is evidence, as of yet, that these sums have been realized, but the chatter is there, and that’s worrying. As is the $3 million that has been put on the table by one threat actor looking for a working zero-click remote code execution exploit for Windows 10.

US SEC warns investors of ongoing govt impersonation attacks

www.bleepingcomputer.com/news/security/us-sec-warns-investors-of-ongoing-govt-impersonation-attacks/ The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC’s Office of Investor Education and Advocacy (OIEA), which regularly issues warnings to inform investors about the latest developments in investment frauds and scams. “We are aware that several individuals recently received phone calls or voicemail messages that appeared to be from an SEC phone number, ” OIEA said. “The calls and messages raised purported concerns about unauthorized transactions or other suspicious activity in the recipients’ checking or cryptocurrency accounts.”

You might be interested in …

Daily NCSC-FI news followup 2021-10-03

Sandhills online machinery markets shut down by ransomware attack www.bleepingcomputer.com/news/security/sandhills-online-machinery-markets-shut-down-by-ransomware-attack/ Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations. Sandhills Global is a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries. Numerous sources have […]

Read More

Daily NCSC-FI news followup 2020-09-24

#InstaHack: how researchers were able to take over the Instagram App using a malicious image blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/ Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to […]

Read More

Daily NCSC-FI news followup 2020-08-29

Emotet malware’s new ‘Red Dawn’ attachment is just as dangerous www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever. After a five-month “vacation, ” the Emotet malware returned in July 2020 and began to spew massive amounts of malicious spam worldwide. […]

Read More