Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware

securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February and April, allegedly state-sponsored hackers have launched a spear-phishing campaign against government agencies.. The attack was discovered by researchers at Positive Technologies while hunting for new and cyber threats, the attackers used excel weaponized documents.

British Airways faces record £183m fine for data breach

www.bbc.com/news/business-48905907 British Airways is facing a record fine of £183m for last year’s breach of its security systems.

Backdoor found in Ruby library for checking for strong passwords

www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/ Cookie-accepting, eval-running backdoor found in popular Ruby library.. A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.

Malicious campaign targets South Korean users with backdoor-laced torrents

www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/ ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. GoBotKR was built on the basis of a backdoor named GoBot2, the source code of which has been publicly available since March 2017.

Spotting RATs: Tales from a Criminal Attack

blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/ Recently, our monitoring operations discovered an interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company.

Whos Behind the GandCrab Ransomware?

krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/ The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Robocall ban should target texts and foreign calls, FCC chief says


More than 1,000 Android apps harvest data even after you deny permissions

www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/ The apps gather information such as location, even after owners explicitly say no. Google says a fix wont come until Android Q.

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

threatpost.com/ge-aviation-passwords-jenkins-server/146302/ A DNS misconfiguration resulted in an open Jenkins server being available to all.

2~Microsoft Discovers Fileless Astaroth Trojan Campaign

www.bleepingcomputer.com/news/security/microsoft-discovers-fileless-astaroth-trojan-campaign/ The Astaroth Trojan and information stealer is a malware strain capable of stealing sensitive information such as user credentials from its victims using a key logger module, operating system calls interception, and clipboard monitoring.

Kyberhyökkäyksen siivoamistyöt kestävät syksyyn Päijät-Hämeen terveyspalvelut kärsivät edelleen


Over 90 Million Records Leaked by Chinese Public Security Department

www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/ A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.

You might be interested in …

Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known […]

Read More

Daily NCSC-FI news followup 2019-11-30

How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if youve never used Disney+ or NordVPN. medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 New Chrome Password Stealer Sends Stolen Data to a MongoDB Database www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/ A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, […]

Read More

Daily NCSC-FI news followup 2019-10-01

Yritysten kybervarautumisen tilanne ei juurikaan ole muuttunut uhat ovat yleistyneet www.kauppakamarilehti.fi/index.php/ajankohtaista/yritysten-kybervarautumisen-tilanne-ei-juurikaan-ole-muuttunut-uhat-ovat-yleistyneet/ Selvitys tehtiin syksyllä 2019 yhteistyössä CyVantage LLC:n kanssa. Yrityksiin kohdistuvat kyberuhat 2019 -selvitys osoittaa että niin yritysten kuin viranomaisten toiminnassa torjua kyberuhkia on paljon kehitettävää. Selvitys on kolmas, mikä aiheesta on tehty. Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.