Business E-Mail Compromised

Posted on: June 01, 2016

Business E-Mail Compromise is an international fraud targeting businesses and agencies usually interacting with
foreign suppliers. This type of attack is usually carried out by intercepting e-mail communications, where the
attackers manipulate invoices and change the banking information for wire transfer payments. Unsuspecting
employees conducting business with long established suppliers are deceived out of large sums of money/funds.

Ransomware Threat

Posted on: December 11, 2015

The ransomware was able to gain entry to the organisation’s network via spam email. Malicious emails were delivered to multiple users with subjects relating to “Payments and Invoices”. Users are tricked into opening these emails because of the subject captions. Examples of email headers are:

From: Dionne Hall [HallDionne2079 at myvzw.com]
Sent: Thursday, December10, 2015 4:53 AM
To: John Dow
Subject: copy_invoice_4181711 from DataCorp Inc
Attachment: copy_invoice_41818711.zip

Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

Posted on: October 23, 2015

GNCIRT has been advised by OAS/CICTE Cyber Security Technical Specialists of a serious vulnerability affecting Joomla 3.0 to 3.4.4 platforms.
This exploit allows unauthorized users to remotely gain administrator access to websites running on the above mentioned versions of Joomla. This is carried out by malicious actors using SQL Injection and Session hijacking attacks on targeted websites.

Superfish VisualDiscovery Vulnerable to HTTPS Spoofing

Posted on: February 20, 2015

GNCIRT is aware of open source reporting concerning Lenovo consumer products pre-installed with Superfish VirtualDiscovery software, which introduces a vulnerability that could potentially be leveraged for malicious purposes.

Critical Adobe Flash Vulnerability Being Actively Exploited

Posted on: February 02, 2015

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Network Time Protocol (NTP) Vulnerabilities

Posted on: December 20, 2014

Recently disclosed vulnerabilities in the Network Time Protocol (NTP) allow for remote attackers to defeat cryptographic protections, as well as potentially execute arbitrary code.

OpenSSL 'Heartbleed' Vulnerability

Posted on: April 09, 2014

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data due to incorrect memory handling in the TLS heartbeat extension. This flaw results in remote attackers being able to retrieve private contents of memory, in chunks of 64Kb at a time.