Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware

securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February and April, allegedly state-sponsored hackers have launched a spear-phishing campaign against government agencies.. The attack was discovered by researchers at Positive Technologies while hunting for new and cyber threats, the attackers used excel weaponized documents.

British Airways faces record £183m fine for data breach

www.bbc.com/news/business-48905907 British Airways is facing a record fine of £183m for last year’s breach of its security systems.

Backdoor found in Ruby library for checking for strong passwords

www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/ Cookie-accepting, eval-running backdoor found in popular Ruby library.. A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.

Malicious campaign targets South Korean users with backdoor-laced torrents

www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/ ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. GoBotKR was built on the basis of a backdoor named GoBot2, the source code of which has been publicly available since March 2017.

Spotting RATs: Tales from a Criminal Attack

blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/ Recently, our monitoring operations discovered an interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company.

Whos Behind the GandCrab Ransomware?

krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/ The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Robocall ban should target texts and foreign calls, FCC chief says

www.cnet.com/news/fccs-ajit-pai-targets-robocall-ban-for-texts-and-foreign-calls/

More than 1,000 Android apps harvest data even after you deny permissions

www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/ The apps gather information such as location, even after owners explicitly say no. Google says a fix wont come until Android Q.

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

threatpost.com/ge-aviation-passwords-jenkins-server/146302/ A DNS misconfiguration resulted in an open Jenkins server being available to all.

2~Microsoft Discovers Fileless Astaroth Trojan Campaign

www.bleepingcomputer.com/news/security/microsoft-discovers-fileless-astaroth-trojan-campaign/ The Astaroth Trojan and information stealer is a malware strain capable of stealing sensitive information such as user credentials from its victims using a key logger module, operating system calls interception, and clipboard monitoring.

Kyberhyökkäyksen siivoamistyöt kestävät syksyyn Päijät-Hämeen terveyspalvelut kärsivät edelleen

www.tivi.fi/uutiset/tv/d5956ced-2c9b-4e83-9e5c-302b03ed2b15

Over 90 Million Records Leaked by Chinese Public Security Department

www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/ A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.