Daily NCSC-FI news followup 2019-06-28

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources

www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.. The malware, called Regin, is known to be used by the Five Eyes intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada, the sources said. Intelligence agencies in those countries declined to comment.. Western cyberattacks against Russia are seldom acknowledged or spoken about in public. It could not be determined which of the five countries was behind the attack on Yandex, said sources in Russia and elsewhere, three of whom had direct knowledge of the hack. The breach took place between October and November 2018.

[Maksumuurin takana] Haittaohjelmia, virheitä, huonoa onnea, tökkiviä ohjelmistoja… Tietotekniikka elänyt Lahden seudulla täyttä kaaosta

www.ess.fi/uutiset/art2549748 Julkisen puolen tietoliikenne on Lahden seudulla törmännyt ongelmasta toiseen. Osittain kyse on taitamattomuudesta, osittain taas pelkästä huonosta onnesta.

Shadowgate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit

blog.trendmicro.com/trendlabs-security-intelligence/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit/ After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit. The campaign has been spotted targeting global victims, after operating mainly in Asia.

Brazil leads in ransomware attacks

www.zdnet.com/article/brazil-leads-in-ransomware-attacks/ Brazil is the world’s second most threatened country by ransomware attacks, according to a new study by security firm Trend Micro.

Ads on popular YouTube to MP3 converter service poisoned with exploit kit, ransomware

www.zdnet.com/article/ad-servers-poisoned-with-greenflash-exploit-kit/ Servers used to show adverts on a popular YouTube to MP3 conversion website have been compromised in order to spread the GreenFlash exploit kit and Seon ransomware. Malvertising is a technique used by hackers and scammers to reach a wide audience, often on legitimate domains and services. Malicious code or links will be embedded within an advertisement which is then displayed to unwitting website visitors, and should they click the link, they may be directed to a fraudulent website or be issued a malicious payload.

Breach at Cloud Solution Provider PCM Inc.

krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/ A digital intrusion at PCM Inc., a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the companys clients, KrebsOnSecurity has learned.. Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.. In that respect, the motivations of the attackers seem similar to the goals of intruders who breached Indian IT outsourcing giant Wipro Ltd. earlier this year. In April, KrebsOnSecurity broke the news that the Wipro intruders appeared to be after anything they could quickly turn into cash, and used their access to harvest gift card information from a number of the companys customers.

How Hackers Infiltrate Open Source Projects

www.darkreading.com/application-security/how-hackers-infiltrate-open-source-projects-/d/d-id/1335072 The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code. The open source software that the vast majority of organizations include in their critical applications is vulnerable to exploitation from threat actors taking part in its creation. That’s the message from security professionals who point to the nature of open source projects and the ubiquity of the code as a real threat to enterprises. Once insinuated into an open source project, criminals have a wide range of options, but within a narrow window: “Whether it’s a backdoor keylogger, or Trojan of some sort, it needs to net them something valuable quickly, or they need to do it in a really slick way so they don’t get found out for a while,” says Brad Causey, owner of Zero Day Consulting. The combination of flexibility and availability makes open source project hacking an opportunity that criminals are willing to sieze. “It’s a pretty well-known attack vector. And I would I would expect that it’s probably happening more than we’re aware of,” says Chris Eng, chief research officer at Veracode. Other experts agree. “It’s not only heard of, it’s happening all the time around us. We know of such actions from history and there’s no reason to believe that it’s not still going on,” says Eran Yalon, head of security research for Checkmarx.

FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps

threatpost.com/fda-warns-of-potentially-fatal-flaws-in-medtronic-insulin-pumps/146109/ The Food and Drug Administration (FDA) has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are vulnerable to potentially life-threatening cyberattacks. Attackers with adjacent access to one of the affected products could modify or interfere with the wireless communications, allowing them to read sensitive data, change pump settings, or control insulin delivery.. See also:

www.cnbc.com/2019/06/27/medtronic-recalls-some-insulin-pumps-as-fda-warns-they-can-be-hacked.html and

www.fda.gov/medical-devices/safety-communications/certain-medtronic-minimed-insulin-pumps-have-potential-cybersecurity-risks-fda-safety-communication

Firefox taistelee huonoja salasanoja vastaan ja kuorii nahkansa Androidissa

www.is.fi/digitoday/art-2000006157020.html Voittoa tavoittelemattoman Mozillan Firefox-selaimeen kehitetään toimintoa, joka auttaa osaltaan hävittämään huonoja salasanoja. ZDNetin mukaan Firefoxin testiversiossa kokeillaan jo satunnaisten salasanojen automaattista luontia käyttäjän puolesta.

AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank

www.zdnet.com/article/aws-s3-server-leaks-data-from-fortune-100-companies-ford-netflix-td-bank/ Exposed data includes passwords and private keys for production systems, employee details, sales information.

New Dridex malware strain avoids antivirus software detection

www.zdnet.com/article/new-dridex-malware-strain-avoids-antivirus-software-detection/ A new variant of the Dridex banking Trojan has been shaken up with the ability to avoid detection by traditional antivirus products. Dridex is a well-known Trojan which specializes in the theft of online banking credentials. First spotted in 2014, the malware’s developers appear to be very active and are constantly evolving the software’s capabilities and attack vectors.

Germany and the Netherlands to build the first ever joint military internet

www.zdnet.com/article/germany-and-the-netherlands-to-build-the-first-ever-joint-military-internet/ Government officials from Germany and the Netherlands have signed an agreement this week to build the first-ever joint military internet.. The name of this new Dutch-German military internet is the Tactical Edge Networking, or TEN, for short.. Troops operating on top of the TEN network will use identical computers, radios, tablets, and telephones, regardless of the country of origin.

Encrypted cities

www.kaspersky.com/blog/encrypted-city-administrations/27452/ The number of cyberattacks on US city administrations is on the rise. In less than two months, a third city suffers from the same threat ransomware.. Baltimore, Maryland, was attacked on May 7. The citys administration decided not to give in to the extortionists and suffered damages of more than $18 million, according to preliminary estimates. A few weeks later, Riviera Beach, Florida, was next. The citys computers were encrypted, and officials decided to pay the extortionists 65 bitcoins, or about $600,000.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.