The fileless attack uses a phishing campaign that lures victims with information about a workers’ compensation claim. A campaign that injects malware into the Windows Error Reporting (WER) service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence…

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom. Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say…

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Thursday, not naming the agency but providing technical details of…

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via Xcode developer projects, researchers noted; the cybercriminals behind the campaign…

Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign. A recent spear-phishing campaign has been spotted spreading a weaponized NetSupport Manager remote access tool (RAT), which is a legitimate tool used for troubleshooting and tech support. Attackers use the ongoing coronavirus pandemic as a lure, as well as…

A new backdoor malware called BlackWater pretending to be COVID-19 information while abusing Cloudflare Workers as an interface to the malware’s command and control (C2) server. Cloudflare Workers are JavaScript programs that run directly on Cloudflare’s edge so that they can interact with connections from remote web clients.  These Workers can be used to modify the output…

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation came into force, and the number of breaches and other security incidents being reported is on the rise. Analysis by law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into force…

Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families. Researchers have disclosed how an EFS attack launched by ransomware leaves systems relying on signature-based antivirus solutions open to attack, with major vendors pushing fixes left, right, and center as a result. On Tuesday, Amit Klein, the VP of Security…

Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between Dec.r 5 and Dec. 31. The database was spotted and reported to…

Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do everything from setting a special search wallpaper…

© 2020 - NCA CERT

For emergency cases         0800-977-977