by CIRT Team
Information disclosure vulnerability in Microsoft Media Foundation [talosintelligence]
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation contains an information disclosure vulnerability that could allow an attacker to eventually remotely execute code on the victim machine. Media Foundation is a COM-based multimedia framework on most versions of Microsoft Windows that assists with many audio and video operations. An attacker must convince the user to open a...
Read More
by CIRT Team
FBI warns of ongoing COVID-19 scams targeting govt, health care [bleepingcomputer]
The U.S. Federal Bureau of Investigation (FBI) warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers. Govt and health care industry buyers were alerted of multiple incidents where fraudsters scammed state government agencies trying to buy personal protective equipment (PPE) and medical equipment from both domestic and foreign entities....
Read More
by CIRT Team
The Power of Community to Fight COVID-19 Cyber Threats [cybersecurity.att]
Cybercriminals are taking advantage of the fear and uncertainty surrounding the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch COVID-19 related attack campaigns. The bad guys are moving full-steam ahead in their efforts to lure victims by playing on their fears. Fortunately, the security community is banding together to take on these cyber attackers by...
Read More
by CIRT Team
How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones [vice]
On Friday, Apple and Google announced they were working on a system that would make it easier for apps from country’s health departments to trace the spread of coronavirus while aiming to preserve privacy. The system is designed to use bluetooth low energy to inform a user when they’ve been in close contact with someone who has self identified as having tested positive for the coronavirus. This...
Read More
by CIRT Team
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [vice]
Hackers are selling two critical vulnerabilities for the video conferencing software Zoom that would allow someone to hack users and spy on their calls, Motherboard has learned. The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code...
Read More
by CIRT Team
Protecting against coronavirus themed phishing attacks [microsoft]
The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in some. Cybercriminals use people’s fear and need for information in phishing attacks to steal sensitive information or spread malware for profit. Even as some criminal...
Read More
by CIRT Team
Fake Corona Antivirus Software Used to Install Backdoor Malware [bleepingcomputer]
Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target’s computer with the BlackNET RAT and add it to a botnet. The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively. While the former was...
Read More
by CIRT Team
COVID-19 Themes Are Being Utilized by Threat Actors of Varying Sophistication [anomali]
Threat actors are utilizing the global spread of COVID-19 (Coronavirus) to conduct malicious activity. As the world responds to this threat in various ways, actors are attempting to use the chaos to their advantage. COVID-19 is being weaponized for scare tactics by threat actors for conducting malicious activity utilizing different Tactics, Techniques, and Procedures (TTPs). While the majority of observations made by Anomali Threat Research...
Read More
by CIRT Team
COVID-19 Complication: Ransomware Keeps Hitting Healthcare [bankinfosecurity]
As governments attempt to marshal the right response to the COVID-19 outbreak, their efforts are being complicated by malware – including ransomware – attacks continuing to hit healthcare organizations. Some of those facilities are not only treating patients with the disease but also serving as frontline virus-testing labs. See Also: Role of Deception in the ‘New Normal’ With COVID-19 declared a pandemic by the World Health Organization, healthcare...
Read More
by CIRT Team
Banking Malware Spreading via COVID-19 Relief Payment Phishing [bleepingcomputer]
The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic. Zeus Sphinx (also known as Zloader and Terdot) is a malware strain that was initially spotted back in August 2015 when its operators used it to attack several British financial targets and it is...
Read More
