Cyber alerts - NHS England Digital

Published Wednesday 15 November 2017 (12:00) (updated 17 February 2020)

AV Gate abuses Anti-Virus Quarantine

A new technique known as AV Gate has been discovered that allows a physical user to restore quarantined files and move them to privileged areas. This technique can be used without administrator rights and can be used for privilege escalation.

CC-1719 Medium

Published Monday 23 October 2017 (12:00) (updated 17 February 2020)

Microsoft DDE Works in Outlook Too

CareCERT has previously written about Advanced Persistent Threat (APT ) groups abusing Microsoft's Dynamic Data Exchange (DDE) feature through malicious attachments

CC-1714 Medium

Published Friday 20 October 2017 (12:00) (updated 17 February 2020)

New Intel CPU Exploit BoundHook

A new post-intrusion technique, named BoundHook, has been developed targeting all Intel Central Processing Units (CPUs) with the Skylake processor or newer.

CC-1707 Medium

Published Wednesday 18 October 2017 (12:00) (updated 17 February 2020)

APT Group Abuse Microsoft Word Dynamic Data Exchange - Macro-less Code Execution

A new technique has been discovered that allows an attacker to send malicious documents that can execute code on a user's system without the use of Macros or OLE (Object Linked Embedding).

CC-1703 Medium

Published Monday 16 October 2017 (12:00) (updated 17 February 2020)

KRACK Key Re-installation Attack - WPA2 Attack

KRACK (Keyless Re-installation Attack) is a vulnerability in WPA2 (Wireless Protected Access 2) that could allow an attacker to eavesdrop on Wi-Fi traffic, reading encrypted network traffic, and in some cases, sending traffic back to the network

CC-1690 Medium

Published Monday 9 October 2017 (12:00) (updated 17 February 2020)

New Rowhammer Attack Bypassing Countermeasures

A new variation of the Rowhammer attack has been identified by the same researchers who discovered the original Rowhammer attack.

CC-1671 Low

Published Friday 29 September 2017 (12:00) (updated 17 February 2020)

Illusion Gap Attack Used to Bypass Windows Defender

Illusion Gap can allow malware to bypass Windows Defender. Windows Defender is the antivirus software included and enabled by default on all recent Windows operating systems.

CC-1637 Low

Published Wednesday 13 September 2017 (12:00) (updated 17 February 2020)

Android Toast Overlay Attack

A new method of cyber attack, known as an overlay attack has been detailed. A successful overlay attack would allow a UI (user interface) to be placed over the top of the existing UI, masking what the user is actually interacting with.

CC-1601 Medium

Published Thursday 24 August 2017 (12:00) (updated 17 February 2020)

New Disdain Exploit Kit Sold on Underground Hacking Forums

A new exploit kit called Disdain is been sold on underground hacking forums. The exploit kit is been advertised for rent on daily, weekly or monthly subscriptions.

CC-1530 Low

Published Wednesday 19 July 2017 (12:00) (updated 17 February 2020)

VimProducts DDoS-for-hire-service on the Dark Web

VimProducts continues to provide a DDoS-for-hire-Service on Dark Web marketplaces