Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day

www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also

securelist.com/sodin-ransomware/91473/

Sodin ransomware enters through MSPs

www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab ransomware attack on an MSPs clients, we figured it was unlikely to be an isolated case. Managed service providers are just too tempting a target for cybercriminals to ignore.. It appears we were right. In April, ransomware dubbed Sodin captured our experts attention. It differed from the others in that in addition to using gaps in MSPs security systems, it also exploited a vulnerability in the Oracle WebLogic platform.

DDoS Attacker Who Ruined Gamers’ Christmas Gets 27 Months in Prison

thehackernews.com/2019/07/christmas-ddos-attacks.html A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison.

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/ Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.. This blog post covers the updates from TA505s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June.

Elisalla laaja häiriö 100 yrityksen yhteyksissä vikaa

www.is.fi/digitoday/art-2000006163043.html Epäonnistunut palomuuripäivitys on häirinnyt Elisan yritysasiakkaiden verkkojen toimintaa.

PGP SKS key network poisoned by unknown hackers

www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.

Seriously? Cisco put Huawei X.509 certificates and keys into its own switches

www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/ Cisco has disclosed a bunch of vulnerabilities in its networking equipment, including one embarrassing bug that put the West’s tech boogeyman inside the US firm’s kit.

YouTube no longer allows instructional hacking and phishing videos [Update]

9to5google.com/2019/07/03/youtube-hacking-videos/ Yesterday, YouTube updated its list of what it considers harmful or dangerous content. One notable addition is of instructional hacking and phishing videos, with the Google company reportedly already pulling existing content and issuing strikes to creators.

New Golang malware plays the Linux field in quest for cryptocurrency

www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/ A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

You might be interested in …

Daily NCSC-FI news followup 2020-10-18

New Windows 10 Remote Hacking Threat ConfirmedHomeland Security Says Update Now www.forbes.com/sites/daveywinder/2020/10/18/new-windows-10-remote-hacking-threat-confirmed-homeland-security-says-update-now/ CVE-2020-5135 – Buffer Overflow in SonicWall VPNs – Patch Now isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device. […]

Read More

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Daily NCSC-FI news followup 2020-06-20

Cyberbullying: Adults can be victims too www.welivesecurity.com/2020/06/19/cyberbullying-adults-can-be-victims-too/ Whenever cyberbullying is mentioned, our minds usually associate the topic with children or teenagers. Much has been said about cyberbullying by psychologists, organizations, public figures, as well as other concerned parties. However, we often fail to realize that adults can be the victims of cyberbullying too. Former DIA […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.