Author: Pulse Assent

New SMB protocol exploit effective against most windows operating systems 

An EternalSynergy based exploit has now been developed which can compromise newer (unpatched) versions of Windows. The original ETERNALSYNERGY exploit released by The Shadow Brokers in April exploited an SMB protocol vulnerability, CVE-2017-0143, to allow attackers to inject code onto Windows machines but only worked on versions up to Windows 8.

A security researcher has now modified and upgraded ETERNALSYNERGY…

Link: Weekly Threat Report 21st July 2017
Source: NCSC Reports

China to ban personal VPNs

The Chinese government has told state-owned telecoms companies to block individuals’ access to virtual private networks (VPNs) by 1 February 2018, according to media reports. The ban will greatly restrict individuals’ unfettered access to the Internet. VPNs have often been used to circumvent China’s Great Firewall and communicate securely with servers outside of China. The Chinese government has increasingly cracked down on them in pursuit of…

Link: Weekly Threat Report 14th July 2017
Source: NCSC Reports

Following reported attempts by hackers to compromise parliamentary email accounts in June, scammers have recently attempted to gain information by cold-calling (or vishing) MPs and their staff. Posing as staff from the Houses of Parliament’s IT department, the scammers have reportedly been requesting the usernames and passwords of MPs. Vishing, like its online equivalent, phishing, attempts to illicit sensitive information, such as passwords, or encourage victims to visit particular (…

Link: Weekly threat report 7th July 2017
Source: NCSC Reports

Password challenges

Passwords have been in the news again recently. Most notably, on Friday 23 June accounts with weak passwords on the UK Parliamentary network were compromised; however less than 1% of the system’s 9,000 accounts were directly affected. Attention was also drawn this week to router password vulnerabilities, as Virgin Media advised customers with Virgin Super Hub 2 home routers to reset their passwords. This followed concerns that the routers had a relatively weak eight-…

Link: Weekly Threat Report 30th June 2017
Source: NCSC Reports

Fake airline websites distributed by social media

Scammers are using the brands of major global airlines to lure users to fake websites and then encourage them to share links to the sites with friends. When a user clicks through to the sites they are prompted to answer a few simple questions and provide personal information to get free flights. Once they give away their name, email, phone, date of birth and address they are then told they will receive the flights, only once they ‘like…

Link: Weekly Threat Report 23rd June 2017
Source: NCSC Reports

Mouseover malware masquerading in Powerpoint files

According to media reports, a new method of delivering malware has surfaced. ‘Zusy’ malware, according to IT company ExtremeTech, is a banking trojan whose intention is to steal credentials. The reports suggest that simply hovering your mouse over a link will lead to infection without requiring you to click on anything. However, several stages are required to successfully infect a user.

What is interesting about this malware is that the…

Link: Weekly Threat Report 16th June 2017
Source: NCSC Reports

Fireball malware

More than 250 million computers worldwide have been infected with malicious adware called Fireball, according to recent reporting.  Produced by Rafotec, a Beijing-based digital marketing firm, the malware is spread mostly via bundling. That is, when a user downloads a product they want, the Fireball malware is ‘bundled’ in without the user’s knowledge or consent.

Once infected, Fireball hijacks the user’s browser, installs extra plug-ins and…

Link: Weekly Threat Report 9th June 2017
Source: NCSC Reports

Android app malware

According to IT security company Check Point, as many as 36 million Android devices may have been infected with ad-click malware. The malware, dubbed Judy, is reported to have been present in approximately 50 apps in Google’s play store, but the total number of infections cannot be accurately determined as it is not known for how long the apps have been malicious.

Those responsible generate money through ad-clicks – in this instance Judy silently imitated a…

Link: Weekly Threat Report 2nd June 2017
Source: NCSC Reports

Russian government reaction to cyber criminals

This week Russia revealed it had arrested a cyber crime gang in November last year for a campaign that raised nearly USD900, 000. The gang was nicknamed ‘Cron’ after the malware it used, which infected over a million Android mobile devices of Russian bank customers. Users unwittingly downloaded the malware via fake mobile banking apps, pornography and e-commerce programmes. The ‘Cron’ gang exploited a Russian bank service…

Link: Weekly Threat Report 26th May 2017
Source: NCSC Reports

WannaCry ransomware attack illustrates risk of using unlicensed software

The WannaCry international ransomware attack has highlighted the risks of relying on unpatched software. The scale of the outbreak has been blamed in part on the widespread use of unlicensed software. Pirated software is often insecure as it does not benefit from manufacturers’ updates to fix vulnerabilities.

Several of the countries reported by cyber security companies to be worst affected are also amongst the…

Link: Weekly Threat Report 19th May 2017
Source: NCSC Reports