Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day

www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also

securelist.com/sodin-ransomware/91473/

Sodin ransomware enters through MSPs

www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab ransomware attack on an MSPs clients, we figured it was unlikely to be an isolated case. Managed service providers are just too tempting a target for cybercriminals to ignore.. It appears we were right. In April, ransomware dubbed Sodin captured our experts attention. It differed from the others in that in addition to using gaps in MSPs security systems, it also exploited a vulnerability in the Oracle WebLogic platform.

DDoS Attacker Who Ruined Gamers’ Christmas Gets 27 Months in Prison

thehackernews.com/2019/07/christmas-ddos-attacks.html A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison.

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/ Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.. This blog post covers the updates from TA505s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June.

Elisalla laaja häiriö 100 yrityksen yhteyksissä vikaa

www.is.fi/digitoday/art-2000006163043.html Epäonnistunut palomuuripäivitys on häirinnyt Elisan yritysasiakkaiden verkkojen toimintaa.

PGP SKS key network poisoned by unknown hackers

www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.

Seriously? Cisco put Huawei X.509 certificates and keys into its own switches

www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/ Cisco has disclosed a bunch of vulnerabilities in its networking equipment, including one embarrassing bug that put the West’s tech boogeyman inside the US firm’s kit.

YouTube no longer allows instructional hacking and phishing videos [Update]

9to5google.com/2019/07/03/youtube-hacking-videos/ Yesterday, YouTube updated its list of what it considers harmful or dangerous content. One notable addition is of instructional hacking and phishing videos, with the Google company reportedly already pulling existing content and issuing strikes to creators.

New Golang malware plays the Linux field in quest for cryptocurrency

www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/ A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

You might be interested in …

Daily NCSC-FI news followup 2019-09-02

Google White Hat Hackers Say Thousands of iPhones Have Been Hacked for Years www.pandasecurity.com/mediacenter/news/google-iphones-hacked/ Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Googles Project Zero team, a division of […]

Read More

Daily NCSC-FI news followup 2021-05-19

Email attachment believed to have opened door to cyber-attack on Waikato hospitals www.stuff.co.nz/national/125175283/email-attachment-believed-to-have-opened-door-to-cyberattack-on-waikato-hospitals This crashed phone lines and computers on Tuesday morning, blocking all information technology (IT) services except email in Waikato, Thames, Tokoroa, Te Kiti and Taumarunui hospitals. Evil Logitech – erm I ment USB cable luemmelsec.github.io/Building-An-Evil-USB-Cable/ I already heared about something like this […]

Read More

Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.