Latest News Articles

-- TLP:WHITE ---
(https://first.org/tlp/)

########################################################
#### CSIRT-IE End of Day Report ####
########################################################

Date   : Friday 12-07-2019 10:00 ; Friday 19-07-2019 10:00

=====================================
= News =
=====================================
− Attacks in Turkey Used Excel Formula Injection
Malicious spam attacks on Turkish organizations flew under the radar.

https://www.infosecurity-magazine.com/news/attacks-in-turkey-used-excel/

− A proactive approach to more secure code
What if we could eliminate an entire class of vulnerabilities before 
they ever happened? Since 2004, the Microsoft Security Response Centre 
(MSRC) has triaged every reported Microsoft security vulnerability. From 
all that triage one astonishing fact sticks out: as Matt Miller 
discussed in his....

https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-more-
secure-code/

− NCSC Releases 2019 Active Cyber Defence Report
The United Kingdom’s National Cyber Security Centre (NCSC) has released 
their 2019 Active Cyber Defence (ACD) report, which provides an analysis 
of program outcomes throughout 2018. NCSC’s ACD program—stood up in 
2016—seeks to reduce harm from commodity cyberattacks against the United 
Kingdom.

https://www.ncsc.gov.uk/report/active-cyber-defence-report-2019

− 7 Spyware Apps with Over 130,000 Installation Found on Google Play
Google has removed 7 Stalkerware Apps from Google play that secretly spy 
on other users. The commercial versions of spyware apps known as 
stalkerware. These stalkerware apps allow users to spy on employees, 
romantic partners, kids, and other users. This can be done by simply 
installing those apps on....

https://gbhackers.com/stalkerware-apps-google-play/

− NCSC Issues Alert About Active DNS Hijacking Attacks
Following recent reports about mass-scale attacks aimed at modifying 
Domain Name System records, UK's National Cyber Security Centre (NCSC) 
released an advisory with mitigation options for organizations to defend
against this type of threat. [...]

https://www.bleepingcomputer.com/news/security/ncsc-issues-alert-about-
active-dns-hijacking-attacks/

=====================================
= Vulnerabilites =
=====================================

− Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets
The Magecart hackers have managed to infect over 17,000 domains by 
targeting improperly secured Amazon S3 buckets, RiskIQ reports.  read 
more

https://www.securityweek.com/magecart-hackers-infect-17000-domains-
insecure-s3-buckets

− WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" 
vulnerable to cross-site request forgery
WordPress Plugin "WordPress Ultra Simple Paypal Shopping Cart" provided 
by Mike Castro Demaria contains a cross-site request forgery 
vulnerability (CWE-352). Yuta Kikuchi of Cryptography Laboratory,
Department of Information and Communication Engineering,Tokyo Denki 
University reported this vulnerability to IPA. JPCERT/CC coordinated 
with the developer under Information Security Early Warning Partnership.

https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000048.html

− Twitter Can be Tricked Into Showing Misleading Embedded Links
A long standing Twitter issue allows bad actors to manipulate tweets so 
that they appear to contain content from one site, but actually link to 
a completely different one. This enables creating tweets that look like 
legitimate articles from well-respected sites, but actually link to 
pages serving phishing, malware, or scams.

https://www.bleepingcomputer.com/news/security/twitter-can-be-tricked-
into-showing-misleading-embedded-links/

− Targeted Ransomware: Proliferating Menace Threatens Organizations
With several new targeted ransomware groups emerging over the past two 
years, the number of organizations being hit by targeted ransomware 
attacks has multiplied. Targeted ransomware has quickly become one of 
the most dangerous cyber crime threats facing organizations.

https://brica.de/alerts/alert/public/1268077/targeted-ransomware-
proliferating-menace-threatens-organizations/


=====================================
= Community News =
=====================================
− US Coast Guard Issued Cyber-Safety Alert
After a vessel was struck by a ransomware attack, the US Coast Guard 
warned ships to update their cybersecurity.

https://www.infosecurity-magazine.com/news/us-coast-guard-issued-cyber-
safety/

− It's never good when 'Magecart' and 'bulletproof' appear in the same 
sentence, but here we are
A growing crop of so-called bulletproof hosting companies are using the 
ongoing civil war in Ukraine to host Magecart malware without fear of 
the police coming knocking. Researchers with security shop Malwarebytes 
say that the data-exfiltration and hosting servers used by Magecart 
operations to....

https://www.theregister.co.uk/2019/07/18/magecart_ukraine_hosting/

− Russia, Iran, North Korea target Microsoft customers with Cyber 
Attacks
Tom Burt, the Corporate Vice President of Microsoft has confirmed the 
news in a statement released yesterday and said that 85% of the observed 
targets were from the company’s enterprise customers, while 16% of them 
were individuals. Burt specified in the statement that the attacks were 
not released....

https://www.cybersecurity-insiders.com/russia-iran-north-korea-target-
microsoft-customers-with-cyber-attacks/

− Nation-Backed Hackers Targeted 10,000 Microsoft Customers
Microsoft says that it notified roughly 10,000 of its customers in the 
past year of being either targeted or compromised by nation-state 
sponsored threat groups. "About 84% of these attacks targeted our 
enterprise customers, and about 16% targeted consumer personal email 
accounts," says Microsoft....

https://www.bleepingcomputer.com/news/security/nation-backed-hackers-
targeted-10-000-microsoft-customers/

− RDP password attacks are a major threat
Cybercriminals are relentlessly targeting organisations worldwide with 
remote desktop protocol (RDP) attacks, and are able to detect devices 
with the protocol enabled almost as soon as they appear on the internet. 
These are among the key findings of a by Sophos into the scale of the 
RDP threat and....

https://www.technologydecisions.com.au/content/information-technology-
professionals-association/article/rdp-password-attacks-are-a-major-
threat-1471575107   

--- TLP:WHITE ---



 

 

−