Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day

www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also

securelist.com/sodin-ransomware/91473/

Sodin ransomware enters through MSPs

www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab ransomware attack on an MSPs clients, we figured it was unlikely to be an isolated case. Managed service providers are just too tempting a target for cybercriminals to ignore.. It appears we were right. In April, ransomware dubbed Sodin captured our experts attention. It differed from the others in that in addition to using gaps in MSPs security systems, it also exploited a vulnerability in the Oracle WebLogic platform.

DDoS Attacker Who Ruined Gamers’ Christmas Gets 27 Months in Prison

thehackernews.com/2019/07/christmas-ddos-attacks.html A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison.

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/ Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.. This blog post covers the updates from TA505s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June.

Elisalla laaja häiriö 100 yrityksen yhteyksissä vikaa

www.is.fi/digitoday/art-2000006163043.html Epäonnistunut palomuuripäivitys on häirinnyt Elisan yritysasiakkaiden verkkojen toimintaa.

PGP SKS key network poisoned by unknown hackers

www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.

Seriously? Cisco put Huawei X.509 certificates and keys into its own switches

www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/ Cisco has disclosed a bunch of vulnerabilities in its networking equipment, including one embarrassing bug that put the West’s tech boogeyman inside the US firm’s kit.

YouTube no longer allows instructional hacking and phishing videos [Update]

9to5google.com/2019/07/03/youtube-hacking-videos/ Yesterday, YouTube updated its list of what it considers harmful or dangerous content. One notable addition is of instructional hacking and phishing videos, with the Google company reportedly already pulling existing content and issuing strikes to creators.

New Golang malware plays the Linux field in quest for cryptocurrency

www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/ A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

You might be interested in …

Daily NCSC-FI news followup 2019-10-17

Security researcher publishes proof-of-concept code for recent Android zero-day www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/ Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day. Operation Ghost: The Dukes arent back they never left www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families. We believe Operation Ghost started in 2013 […]

Read More

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Daily NCSC-FI news followup 2020-12-31

Adobe Flash Player is officially dead tomorrow www.bleepingcomputer.com/news/security/adobe-flash-player-is-officially-dead-tomorrow/ Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Lisäksi www.bleepingcomputer.com/news/software/adobe-now-shows-alerts-in-windows-10-to-uninstall-flash-player/ What’s Next for Ransomware in 2021? threatpost.com/ransomware-getting-ahead-inevitable-attack/162655/ Ransomware response demands a whole-of-business plan before the next attack, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.