Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware

securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February and April, allegedly state-sponsored hackers have launched a spear-phishing campaign against government agencies.. The attack was discovered by researchers at Positive Technologies while hunting for new and cyber threats, the attackers used excel weaponized documents.

British Airways faces record £183m fine for data breach

www.bbc.com/news/business-48905907 British Airways is facing a record fine of £183m for last year’s breach of its security systems.

Backdoor found in Ruby library for checking for strong passwords

www.zdnet.com/article/backdoor-found-in-ruby-library-for-checking-for-strong-passwords/ Cookie-accepting, eval-running backdoor found in popular Ruby library.. A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.

Malicious campaign targets South Korean users with backdoor-laced torrents

www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/ ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. GoBotKR was built on the basis of a backdoor named GoBot2, the source code of which has been publicly available since March 2017.

Spotting RATs: Tales from a Criminal Attack

blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/ Recently, our monitoring operations discovered an interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company.

Whos Behind the GandCrab Ransomware?

krebsonsecurity.com/2019/07/whos-behind-the-gandcrab-ransomware/ The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Robocall ban should target texts and foreign calls, FCC chief says


More than 1,000 Android apps harvest data even after you deny permissions

www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/ The apps gather information such as location, even after owners explicitly say no. Google says a fix wont come until Android Q.

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

threatpost.com/ge-aviation-passwords-jenkins-server/146302/ A DNS misconfiguration resulted in an open Jenkins server being available to all.

2~Microsoft Discovers Fileless Astaroth Trojan Campaign

www.bleepingcomputer.com/news/security/microsoft-discovers-fileless-astaroth-trojan-campaign/ The Astaroth Trojan and information stealer is a malware strain capable of stealing sensitive information such as user credentials from its victims using a key logger module, operating system calls interception, and clipboard monitoring.

Kyberhyökkäyksen siivoamistyöt kestävät syksyyn Päijät-Hämeen terveyspalvelut kärsivät edelleen


Over 90 Million Records Leaked by Chinese Public Security Department

www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/ A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.

You might be interested in …

Daily NCSC-FI news followup 2020-02-15

Edes puhelimen nollaus ei auta näin toimii häijy haittaohjelma www.is.fi/digitoday/tietoturva/art-2000006407633.html Erittäin sitkeä xHelper-haittaohjelma on ihmetyttänyt tietoturvatutkijoita kuukausien ajan, mutta nyt sen salaisuudet ovat vihdoin selvinneet ainakin osittain. Unknown number of Bluetooth LE devices impacted by SweynTooth vulnerabilities www.zdnet.com/article/unknown-number-of-bluetooth-le-devices-impacted-by-sweyntooth-vulnerabilities/ BLE software kits from six chipset vendors impacted. More vendor names to be revealed soon. Suomalaisille soitettu […]

Read More

Daily NCSC-FI news followup 2020-07-19

WSJ: Yhdysvaltalaistutkijat jäljittivät matkapuhelinten signaaleja lähellä venäläisiä sotilaskohteita yle.fi/uutiset/3-11455540 Kaupallisesti saatavilla olevaa paikannustietoa käytetään yhä enemmän myös valtiollisessa tiedustelussa. Amerikkalainen tutkijaryhmä Mississippin yliopistosta seurasi viime vuonna matkapuhelinten signaaleja lähellä Venäjän sotilasalueita, Wall Street Journal uutisoi. Lue myös: www.wsj.com/articles/academic-project-used-marketing-data-to-monitor-russian-military-sites-11595073601 iOS 13.6: Apple Just Gave iPhone Users 29 Security Reasons To Update Now www.forbes.com/sites/kateoflahertyuk/2020/07/19/ios-136-apple-just-gave-iphone-users-29-security-reasons-to-update-now/ Apple’s iOS 13.6 […]

Read More

Daily NCSC-FI news followup 2020-07-05

CVE-2020-5902 F5 BIG-IP Exploitation Attempt isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310 A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability CVE-2020-5902. Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data www.forbes.com/sites/daveywinder/2020/07/05/reddit-latest-to-get-caught-by-apple-ios-14-clipboard-data-copying-alerts-iphone-privacy/ Yesterday it was LinkedIn that was making the news after being exposed by Apple’s iOS 14 new privacy notification feature. The same developer that […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.