Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware

securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February and April, allegedly state-sponsored hackers have launched a spear-phishing campaign against government agencies.. The attack was discovered by researchers at Positive Technologies while hunting for new and cyber threats, the attackers used excel weaponized documents.

British Airways faces record £183m fine for data breach

www.bbc.com/news/business-48905907 British Airways is facing a record fine of £183m for last year’s breach of its security systems.

Backdoor found in Ruby library for checking for strong passwords

www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/ Cookie-accepting, eval-running backdoor found in popular Ruby library.. A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.

Malicious campaign targets South Korean users with backdoor-laced torrents

www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/ ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. GoBotKR was built on the basis of a backdoor named GoBot2, the source code of which has been publicly available since March 2017.

Spotting RATs: Tales from a Criminal Attack

blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/ Recently, our monitoring operations discovered an interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company.

Whos Behind the GandCrab Ransomware?

krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/ The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Robocall ban should target texts and foreign calls, FCC chief says


More than 1,000 Android apps harvest data even after you deny permissions

www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/ The apps gather information such as location, even after owners explicitly say no. Google says a fix wont come until Android Q.

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

threatpost.com/ge-aviation-passwords-jenkins-server/146302/ A DNS misconfiguration resulted in an open Jenkins server being available to all.

2~Microsoft Discovers Fileless Astaroth Trojan Campaign

www.bleepingcomputer.com/news/security/microsoft-discovers-fileless-astaroth-trojan-campaign/ The Astaroth Trojan and information stealer is a malware strain capable of stealing sensitive information such as user credentials from its victims using a key logger module, operating system calls interception, and clipboard monitoring.

Kyberhyökkäyksen siivoamistyöt kestävät syksyyn Päijät-Hämeen terveyspalvelut kärsivät edelleen


Over 90 Million Records Leaked by Chinese Public Security Department

www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/ A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.

You might be interested in …

Daily NCSC-FI news followup 2020-03-19

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Hackers […]

Read More

Daily NCSC-FI news followup 2019-08-23

Fortinet SSL VPN vulnerability from May 2019 being exploited in wild opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it’s a bad vulnerability.. Also: https://twitter.com/GossiTheDog/status/1164536461665996800. Original security advisory (2019-05-24) fortiguard.com/psirt/FG-IR-18-384 Cisco Warns of Public Exploit Code for Critical Switch Flaws www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/ Cisco […]

Read More

Daily NCSC-FI news followup 2020-02-27

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now www.theregister.co.uk/2020/02/26/zyxel_security_hole/ Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right? www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/ Encryption keys forced to zero by chip-level KrØØk flaw Credit Card Skimmer Uses Fake CDNs To Evade Detection www.bleepingcomputer.com/news/security/credit-card-skimmer-uses-fake-cdns-to-evade-detection/ Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.