Fortinet SSH Backdoor Shenanigans

Good morning campers, if you have a Fortinet device running an elderly version of FortiOS you will really want to read to the end of this post. In Short There is an interactive SSH backdoor built into a large spread … Continue reading

Posted in Uncategorized | Comments Off on Fortinet SSH Backdoor Shenanigans

Major Dridex Banking Malware Outbreak

Beginning Friday and continuing through the weekend, OxCERT’s network security monitoring has picked up an extreme number of PCs infected with the ‘Dridex’ family of banking malware. This malware is a specialised form of computer virus, tailored specifically to Windows-based … Continue reading

Posted in Current Threats, Email, General Security, Information Security, Microsoft | 2 Comments

Financial Fraud Targeting University Departments

OxCERT have received an escalating number of reports of highly convincing financial fraud emails directed at University Finance Officers and others responsible for issuing large financial payments. This threat goes beyond simple ‘phishing’ campaigns, this is clearly a direct and … Continue reading

Posted in Current Threats, Email, General Security | Comments Off on Financial Fraud Targeting University Departments

CVE-2015-3456 ‘VENOM’ – And it was all going so well…

After a relatively long period without a potentially-catastrophic vulnerability to report, we must again break out the hard hats as the numerically-improbable ‘CVE-2015-3456‘ is here and it wants to kill your datacentre. It’s called VENOM, in case you were wondering. … Continue reading

Posted in Current Threats, General Security, Information Security, Web Security | 1 Comment

‘CTB-Locker’ Ransomware Campaign

Over the last several days, Oxford users have reported a growing number of suspicious emails to the OxCERT team; this has coincided with the discovery of a number of personal and University machines afflicted by a new ‘ransomware’ variant known … Continue reading

Posted in Current Threats, Email, Microsoft | Comments Off on ‘CTB-Locker’ Ransomware Campaign

GHOST in the Shell – CVE2015-0235

Continuing the trend set by Heartbleed, Shellshock and POODLE comes another named vulnerability, welcoming us into the new year with the promise of remote code execution and buffer overflows against all the servers we’ve locked in cupboards and forgotten about. … Continue reading

Posted in Uncategorized | 2 Comments

New Malware Campaign – ‘Dyre’ Banking Trojan

In recent days OxCERT have witnessed a sharp rise in the incidence of emails associated with the ‘Dyre’ banking malware family. This strain of malware concerns itself with the theft of financial data including credit card details, logins to payment … Continue reading

Posted in Current Threats, Email | 1 Comment

Bash ‘Shellshock’ Bug – Now You Can Panic

UPDATE: The initial round of patches to fix CVE-2014-6271 have proven ineffective at fully resolving the issue; a new CVE code has been issued, “CVE-2014-7169“, use this to track news and updates regarding this bug and patch status. Remember Heartbleed? Get ready to … Continue reading

Posted in Apple, Current Threats, General Security, Web Security | Comments Off on Bash ‘Shellshock’ Bug – Now You Can Panic

5 Million Google Accounts Leaked

Details are emerging of a very recent large-scale leak of Google’s account database, centring around their flagship email service Gmail. Google’s official word on the subject can be read here. The credentials were posted to a Russian BitCoin mining forum earlier … Continue reading

Posted in Current Threats, General Security, Google | Comments Off on 5 Million Google Accounts Leaked

New e-Mail Malware Campaign, “Order Number…”

OxCERT have received a large number of reports regarding a large-scale malware distribution campaign currently targeting University staff and users. This campaign operates by email, with the distinctive subject line ‘Order Number 86514719983’; the number seems to be random and many … Continue reading

Posted in Current Threats, Email, General Security | Comments Off on New e-Mail Malware Campaign, “Order Number…”