Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day

www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also

securelist.com/sodin-ransomware/91473/

Sodin ransomware enters through MSPs

www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab ransomware attack on an MSPs clients, we figured it was unlikely to be an isolated case. Managed service providers are just too tempting a target for cybercriminals to ignore.. It appears we were right. In April, ransomware dubbed Sodin captured our experts attention. It differed from the others in that in addition to using gaps in MSPs security systems, it also exploited a vulnerability in the Oracle WebLogic platform.

DDoS Attacker Who Ruined Gamers’ Christmas Gets 27 Months in Prison

thehackernews.com/2019/07/christmas-ddos-attacks.html A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison.

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/ Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.. This blog post covers the updates from TA505s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June.

Elisalla laaja häiriö 100 yrityksen yhteyksissä vikaa

www.is.fi/digitoday/art-2000006163043.html Epäonnistunut palomuuripäivitys on häirinnyt Elisan yritysasiakkaiden verkkojen toimintaa.

PGP SKS key network poisoned by unknown hackers

www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.

Seriously? Cisco put Huawei X.509 certificates and keys into its own switches

www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/ Cisco has disclosed a bunch of vulnerabilities in its networking equipment, including one embarrassing bug that put the West’s tech boogeyman inside the US firm’s kit.

YouTube no longer allows instructional hacking and phishing videos [Update]

9to5google.com/2019/07/03/youtube-hacking-videos/ Yesterday, YouTube updated its list of what it considers harmful or dangerous content. One notable addition is of instructional hacking and phishing videos, with the Google company reportedly already pulling existing content and issuing strikes to creators.

New Golang malware plays the Linux field in quest for cryptocurrency

www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/ A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

You might be interested in …

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Daily NCSC-FI news followup 2019-06-12

Kyberhyökkääjä iski Lahden kaupungin verkkoon haittaohjelma ehti saastuttaa tietokoneita yle.fi/uutiset/3-10827423 Lahden kaupungin verkkoon ja työasemiin kohdistui kyberhyökkäys tiistaina iltapäivällä. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Haittaohjelma on tunnistettu, ja virustorjuntaohjelmisto eristää sen tartunnan saaneissa koneissa, , kertoo kaupunki tiedotteessaan. Operaattorin palomuureissa on havaittu haittaohjelmaan liittyviä yhteysavauksia ja verkkoliikennettä, joka on estetty.. Myös: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.