Daily NCSC-FI news followup 2019-07-15

Lahdessa toivotaan kyberhyökkääjän jäävän kiinni”Tällainen toiminta ei ole mitään askartelua ja puuhastelua, vaan raakaa ammattimaista rikollisuutta”

www.ess.fi/uutiset/paijathame/art2554035 Tietoturva-asiantuntijat antavat Lahdelle kiitosta ripeästä toiminnasta kesäkuisen kyberhyökkäyksen alettua. “Toiminta oli erittäin asiantuntevaa”, sanoo Kyberturvallisuuskeskuksen Kauto Huopio.

Turla renews its arsenal with Topinambour

securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but theyre creating new tools. Here well tell you about several of them, namely Topinambour (aka Sunchoke the Jerusalem artichoke) and its related modules. We didnt choose to name it after a vegetable; the .NET malware developers named it Topinambour themselves.

250 million Email addresses harvested and counting

www.deepinstinct.com/2019/07/12/trickbooster-trickbots-email-based-infection-module/ Recent findings from a currently active and ongoing TrickBot campaign, which features extensive use of signed malware binaries, indicate that it now has a new variant. Alongside its recent addition of a cookie stealing module it has gained a new partner in crime a malicious email based infection and distribution module that shares its code signing certificates (details in IOC section below).

Malicious code ousted from PureScript’s npm installer but who put it there in the first place?

www.theregister.co.uk/2019/07/15/purescripts_npm_installer/ “@shinnn claims that the malicious code was published by an attacker who gained access to his npm account,” explained Garrood. “As far as we are aware, the only purpose of the malicious code was to sabotage the PureScript npm installer to prevent it from running successfully.”

2019 Global Developer Report: DevSecOps finds security roadblocks divide teams

about.gitlab.com/2019/07/15/global-developer-report/ Nearly 70% of developers said they are expected to write secure code, but its clear from the comments below that in most organizations, the mechanisms to make that happen remain elusive.. Report at

about.gitlab.com/resources/downloads/2019-global-developer-report.pdf

Is REvil the New GandCrab Ransomware?

krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as REvil, Sodin, and Sodinokibi.

How I Could Have Hacked Any Instagram Account

thezerohack.com/hack-any-instagram#articlescroll In a real attack scenario, the attacker needs 5000 IPs to hack an account. It sounds big but thats actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.. The Facebook security team was convinced after providing the above video of sending 200k valid requests. They were also quick in addressing and fixing the issue.

Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files

www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantecs Modern OS Security team, focused on the protection of mobile endpoints and operating systems. The security flaw, dubbed Media File Jacking, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps . Files saved to an external storage public directory are world-readable/writeable, so they can be modified by other apps or users beyond the app’s control. … By default, WhatsApp stores media files received by a device in external storage …

You might be interested in …

Daily NCSC-FI news followup 2019-08-18

Over 20 Texas local governments hit in ‘coordinated ransomware attack’ www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/ Infection blamed on a strain of ransomware known only as the “.JSE ransomware.” Steam Accounts Being Stolen Through Elaborate Free Game Scam www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/ An elaborate scam is underway that pretends to be a free game giveaway site, but instead hacks a user’s Steam account, […]

Read More

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Daily NCSC-FI news followup 2020-04-23

Twitter will remove dubious 5G tweets that could potentially cause harm’ techcrunch.com/2020/04/22/twitter-will-remove-dubious-5g-tweets-that-could-potentially-cause-harm/ “We’re prioritizing the removal of COVID-19 content when it has a call to action that could potentially cause harm, “ First version of Apple and Google’s contact tracing API should be available to developers next week techcrunch.com/2020/04/23/first-version-of-apple-and-googles-contact-tracing-api-should-be-available-to-developers-next-week/ The first version of Apple and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.