Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran

www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on Iranian targets like radar and missile batteries. But the online operation was allowed to go forward because it was intended to be below the threshold of armed conflict using the same shadow tactics that Iran has deployed. The online attacks, which had been planned for several weeks, were ultimately meant to be a direct response to both the tanker attacks this month and the downing of an American drone this week, according to the people briefed on the operations. Multiple computer systems were targeted, according to people briefed on the operations, including those believed to have been used by an Iranian intelligence group that helped plan the tanker attacks. A: See also:



www.kauppalehti.fi/uutiset/washington-post-yhdysvallat-teki-kyberiskun-iranin-ohjusjarjestelmiin/10dd83a3-5f1a-4282-b1e7-06e0cdc29294, http. www.is.fi/ulkomaat/art-2000006151539.html,


www.kaleva.fi/uutiset/ulkomaat/mediatiedot-yhdysvallat-teki-kyberiskun-iranin-sotilastietojarjestelmiin/822392/ ja


DHS warns of spike in cyberattacks from Iran

www.washingtontimes.com/news/2019/jun/22/dhs-warns-spike-cyberattacks-iran/ Iranian computer hackers are ramping up attacks against U.S. targets, a top Department of Homeland Security official said Saturday. Christopher C. Krebs, the head of the DHS Cybersecurity and Infrastructure Security Agency, or CISA, issued a statement confirming recent reporting about Iranian hackers increasingly setting their sight on the U.S. as tensions flare between countries. CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies, said Mr. Krebs. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity share information, and take steps to keep America and our allies safe, he said. Iranian hackers are increasingly using wiper attacks to erase data stored on infected computers as opposed to just stealing it, Mr. Krebs added. These efforts are often enabled through common tactics like spear phishing, password spraying and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where youve lost your whole network, he warned. Individuals should defend themselves by exercising cybersecurity best practices and alert authorities of any suspected compromises, he said. CrowdStrike and FireEye, two private U.S. cybersecurity firms, both said Friday that they have witnessed an uptick in malicious activity in recent weeks traced to suspected Iranian government hackers. See also:


www.bleepingcomputer.com/news/security/us-government-warns-of-data-wipers-used-in-iranian-cyberattacks/, https://twitter.com/CISAKrebs/status/1142520000135278594 ja

www.zdnet.com/article/dhs-cisa-warns-of-iranian-hackers-habit-of-deploying-data-wiping-malware/. Vinkit: www.us-cert.gov/ncas/tips

Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox

www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sandbox-escape-vulnerability-in-firefox/ Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.. When starting Tor Browser, it should alert you if a new version is available. If you would like to perform a manual check, you can do so by going to Tor Browser menu -> Help -> About Tor Browser.

You might be interested in …

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Read More

Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were […]

Read More

Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Discord […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.