Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day

www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also

securelist.com/sodin-ransomware/91473/

Sodin ransomware enters through MSPs

www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab ransomware attack on an MSPs clients, we figured it was unlikely to be an isolated case. Managed service providers are just too tempting a target for cybercriminals to ignore.. It appears we were right. In April, ransomware dubbed Sodin captured our experts attention. It differed from the others in that in addition to using gaps in MSPs security systems, it also exploited a vulnerability in the Oracle WebLogic platform.

DDoS Attacker Who Ruined Gamers’ Christmas Gets 27 Months in Prison

thehackernews.com/2019/07/christmas-ddos-attacks.html A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison.

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/ Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.. This blog post covers the updates from TA505s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June.

Elisalla laaja häiriö 100 yrityksen yhteyksissä vikaa

www.is.fi/digitoday/art-2000006163043.html Epäonnistunut palomuuripäivitys on häirinnyt Elisan yritysasiakkaiden verkkojen toimintaa.

PGP SKS key network poisoned by unknown hackers

www.zdnet.com/article/openpgp-flooded-with-spam-by-unknown-hackers/ Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.

Seriously? Cisco put Huawei X.509 certificates and keys into its own switches

www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/ Cisco has disclosed a bunch of vulnerabilities in its networking equipment, including one embarrassing bug that put the West’s tech boogeyman inside the US firm’s kit.

YouTube no longer allows instructional hacking and phishing videos [Update]

9to5google.com/2019/07/03/youtube-hacking-videos/ Yesterday, YouTube updated its list of what it considers harmful or dangerous content. One notable addition is of instructional hacking and phishing videos, with the Google company reportedly already pulling existing content and issuing strikes to creators.

New Golang malware plays the Linux field in quest for cryptocurrency

www.zdnet.com/article/new-golang-malware-plays-the-field-in-quest-for-cryptocurrency/ A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.