Daily NCSC-FI news followup 2019-08-18

Over 20 Texas local governments hit in ‘coordinated ransomware attack’ www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/ Infection blamed on a strain of ransomware known only as the “.JSE ransomware.” Steam Accounts Being Stolen Through Elaborate Free Game Scam www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/ An elaborate scam is underway that pretends to be a free game giveaway site, but instead hacks a user’s Steam account, […]

Read More

Daily NCSC-FI news followup 2019-08-17

Apples Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market www.vice.com/en_us/article/d3a8jq/apple-corellium-lawsuit Apple sued Corellium, a company that makes virtual copies of iOS for researchers to practice hacking the iPhone on. NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down www.theregister.co.uk/2019/08/16/spying_reauthorization_coats/ In […]

Read More

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More

Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. Microsoft warns of new BlueKeeplike flaws www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in […]

Read More

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Daily NCSC-FI news followup 2019-08-13

Attackers could use this coding bug to turn BIG-IP load balancers against organizations blog.f-secure.com/command-injection-in-f5-irules/ During a routine security assessment, F-Secure Senior Security Consultant Christoffer Jerkeby discovered that an obscure coding bug could allow attackers to exploit F5 Networks popular BIG-IP load balancer. Further research found that, following a successful exploit, an adversary could turn the […]

Read More

Daily NCSC-FI news followup 2019-08-12

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording www.forbes.com/sites/zakdoffman/2019/08/11/nasty-new-malware-waits-until-you-visit-a-pornsite-then-starts-recording/#120b21d7568d At the end of last week, ESET’s security researchers disclosed the discovery of a new strain of malware that takes the trend for sextortion to a new level. Varenyky, as the malware was named by its finders, monitors the activity on infected […]

Read More

Daily NCSC-FI news followup 2019-08-11

Over 40 Windows Hardware Drivers Vulnerable To Privilege Escalation www.bleepingcomputer.com/news/security/over-40-windows-hardware-drivers-vulnerable-to-privilege-escalation/ Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, […]

Read More

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and […]

Read More