Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign. A recent spear-phishing campaign has been spotted spreading a weaponized NetSupport Manager remote access tool (RAT), which is a legitimate tool used for troubleshooting and tech support. Attackers use the ongoing coronavirus pandemic as a lure, as well as…

A new backdoor malware called BlackWater pretending to be COVID-19 information while abusing Cloudflare Workers as an interface to the malware’s command and control (C2) server. Cloudflare Workers are JavaScript programs that run directly on Cloudflare’s edge so that they can interact with connections from remote web clients.  These Workers can be used to modify the output…

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation came into force, and the number of breaches and other security incidents being reported is on the rise. Analysis by law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into force…

Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families. Researchers have disclosed how an EFS attack launched by ransomware leaves systems relying on signature-based antivirus solutions open to attack, with major vendors pushing fixes left, right, and center as a result. On Tuesday, Amit Klein, the VP of Security…

Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between Dec.r 5 and Dec. 31. The database was spotted and reported to…

Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do everything from setting a special search wallpaper…

A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally. An unusual cryptocurrency miner, dubbed LoudMiner, is spreading via pirated copies of Virtual Studio Technology. It uses virtualization software to mine Monero on a Tiny Core Linux virtual machine – a unique approach,…

A new Dharma ransomware strain is using ESET AV Remover installations as a “smoke screen” technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. The ransomware is pushed by the attackers on their targets’ computers using a spam campaign which delivers email attachments containing a Dharma…

Facebook on Friday disclosed a bug in its platform that it said enabled third-party apps to access unpublished photos of 6.8 million users. Facebook stores copies of photo drafts, so if someone uploads the photo but doesn’t finish posting it, the photo will still be stored in the platform’s database. The bug gave third-party apps…

The “Kitten of Doom” denial-of-service attack is easy to carry out. A denial of service (DoS) vulnerability in the Skype for Business unified communications platform has been uncovered, which can be triggered by sending large numbers of emojis to the instant messaging client. According to the SEC Consult Vulnerability Lab, which discovered the flaw (CVE-2018-8546),…

© 2021 - NCA CERT

For emergency cases         0800-977-977