BU-CERT – Bournemouth University Computer Emergency Response Team

US Military families targeted by Phishing Cyber Attacks

Posted on 3 December 2021

From cybersecurity-insiders.com

Some military personnel and their families(say about 23) in United States are being constantly targeted by phishing campaigns launched by a notorious online criminal gang from Nigeria that is habituated to ignore the Digital Millennium Copyrights Act and such.

Reports are now in that they have gained monetary benefits from the attacks to a certain extent.

Threat Researchers from LookOut where the first to discover these cyber incidents and warned the military personnel and agencies to improve their cybersecurity posture and follow a better cyber hygiene to avoid falling prey to phishing attacks.

New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers

Posted on 3 December 2021

From thehackernews.com

E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions.

“This novel code injects itself into a host Nginx application and is nearly invisible,” Sansec Threat Research team said in a new report. “The parasite is used to steal data from eCommerce servers, also known as ‘server-side Magecart.'”

Widespread Threats Target Automotive Companies

Posted on 3 December 2021

From securityboulevard.com

automotive risks Transportation and Security Software Glitches

The technology footprint of today’s automobiles surpasses that of our laptops and other devices: The typical personal computer operating system runs on 20 million to 50 million lines of code. But each car requires an estimated 100 million lines of code to support the more than 125 electronic control units (ECUs) in every vehicle, and that number is expected to need to rise to 500 million in the near future. By 2025, 470 million connected vehicles driven worldwide will each produce 25 gigabytes of data per hour.

Watch out for Omicron COVID-19-themed phishing messages!

Posted on 3 December 2021

From securityaffairs.co

Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks.

People are interested in the spreading of the new variant, the efficiency of the vaccines and the measures that will adopt the states to prevent its spreading, and threat actors are attempting to take advantage of this situation.

An Omicron COVID-19 campaign was spotted by UK authorities and the National Health Service (NHS) is warning about the Omicron COVID-19-themed phishing attacks.

What is Lukchit.com ads?

Posted on 3 December 2021

From 2-spyware.com

Lukchit.com ads can appear out of nowhere and mainly show related content, but redirects and push notifications cause users to call the program a potentially unwanted app. Pop-ups, banners, redirects to other sites and commercial material delivery are the main symptoms of this intruder, but there are additional issues caused by the PUP. Once the program finds its way on the computer, it can cause speed issues and diminish the performance significantly due to the constant redirects, pop-ups, advertisements, and similar content related to online browsing.

SMS firewall revenue to reach $4.1 billion in 2026

Posted on 3 December 2021

From helpnetsecurity.com

Total SMS firewall revenue will increase from $911 million in 2021 to $4.1 billion in 2026; representing an absolute growth of 346%, a Juniper Research study has found.

SMS firewalls are third-party solutions that sit within operator networks; enabling the real-time monitoring of network traffic, enhancing operator capabilities to block fraudulent traffic and minimise revenue loss.

Mozilla properly fuzzed NSS and still ended up with a simple memory corruption hole

Posted on 2 December 2021

From zdnet.com

When it comes to fuzzing, Mozilla has plenty of cred, and has been doing so for some time, and yet, its prized Network Security Services (NSS) library was busted by Google Project Zero’s Tavis Ormandy quite easily.

In a blog post well worth your time, entitled This shouldn’t have happened, Ormandy found that if NSS was made to create an ASN.1 signature bigger than the maximum 16384 bits it expected, overwriting of memory would occur.

“What happens if you just … make a signature that’s bigger than that? Well, it turns out the answer is memory corruption. Yes, really,” Ormandy wrote.

“The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data. The bug is simple to reproduce and affects multiple algorithms.”