NCSC-FI News followup

Daily NCSC-FI news followup 2019-07-15

Lahdessa toivotaan kyberhyökkääjän jäävän kiinni”Tällainen toiminta ei ole mitään askartelua ja puuhastelua, vaan raakaa ammattimaista rikollisuutta” Tietoturva-asiantuntijat antavat Lahdelle kiitosta ripeästä toiminnasta kesäkuisen kyberhyökkäyksen alettua. “Toiminta oli erittäin asiantuntevaa”, sanoo Kyberturvallisuuskeskuksen Kauto Huopio.

Turla renews its arsenal with Topinambour 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but theyre creating new tools. Here well tell you about several of them, namely Topinambour (aka Sunchoke the Jerusalem artichoke) and its related modules. We didnt choose to name it after a vegetable; the .NET malware developers named it Topinambour themselves.

250 million Email addresses harvested and counting Recent findings from a currently active and ongoing TrickBot campaign, which features extensive use of signed malware binaries, indicate that it now has a new variant. Alongside its recent addition of a cookie stealing module it has gained a new partner in crime a malicious email based infection and distribution module that shares its code signing certificates (details in IOC section below).

Malicious code ousted from PureScript’s npm installer but who put it there in the first place? “@shinnn claims that the malicious code was published by an attacker who gained access to his npm account,” explained Garrood. “As far as we are aware, the only purpose of the malicious code was to sabotage the PureScript npm installer to prevent it from running successfully.”

2019 Global Developer Report: DevSecOps finds security roadblocks divide teams Nearly 70% of developers said they are expected to write secure code, but its clear from the comments below that in most organizations, the mechanisms to make that happen remain elusive.. Report at

Is REvil the New GandCrab Ransomware? The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as REvil, Sodin, and Sodinokibi.

How I Could Have Hacked Any Instagram Account In a real attack scenario, the attacker needs 5000 IPs to hack an account. It sounds big but thats actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.. The Facebook security team was convinced after providing the above video of sending 200k valid requests. They were also quick in addressing and fixing the issue.

Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantecs Modern OS Security team, focused on the protection of mobile endpoints and operating systems. The security flaw, dubbed Media File Jacking, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps . Files saved to an external storage public directory are world-readable/writeable, so they can be modified by other apps or users beyond the app’s control. … By default, WhatsApp stores media files received by a device in external storage …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.