Daily NCSC-FI news followup 2019-07-15

Lahdessa toivotaan kyberhyökkääjän jäävän kiinni”Tällainen toiminta ei ole mitään askartelua ja puuhastelua, vaan raakaa ammattimaista rikollisuutta”

www.ess.fi/uutiset/paijathame/art2554035 Tietoturva-asiantuntijat antavat Lahdelle kiitosta ripeästä toiminnasta kesäkuisen kyberhyökkäyksen alettua. “Toiminta oli erittäin asiantuntevaa”, sanoo Kyberturvallisuuskeskuksen Kauto Huopio.

Turla renews its arsenal with Topinambour

securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but theyre creating new tools. Here well tell you about several of them, namely Topinambour (aka Sunchoke the Jerusalem artichoke) and its related modules. We didnt choose to name it after a vegetable; the .NET malware developers named it Topinambour themselves.

250 million Email addresses harvested and counting

www.deepinstinct.com/2019/07/12/trickbooster-trickbots-email-based-infection-module/ Recent findings from a currently active and ongoing TrickBot campaign, which features extensive use of signed malware binaries, indicate that it now has a new variant. Alongside its recent addition of a cookie stealing module it has gained a new partner in crime a malicious email based infection and distribution module that shares its code signing certificates (details in IOC section below).

Malicious code ousted from PureScript’s npm installer but who put it there in the first place?

www.theregister.co.uk/2019/07/15/purescripts_npm_installer/ “@shinnn claims that the malicious code was published by an attacker who gained access to his npm account,” explained Garrood. “As far as we are aware, the only purpose of the malicious code was to sabotage the PureScript npm installer to prevent it from running successfully.”

2019 Global Developer Report: DevSecOps finds security roadblocks divide teams

about.gitlab.com/2019/07/15/global-developer-report/ Nearly 70% of developers said they are expected to write secure code, but its clear from the comments below that in most organizations, the mechanisms to make that happen remain elusive.. Report at

about.gitlab.com/resources/downloads/2019-global-developer-report.pdf

Is REvil the New GandCrab Ransomware?

krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as REvil, Sodin, and Sodinokibi.

How I Could Have Hacked Any Instagram Account

thezerohack.com/hack-any-instagram#articlescroll In a real attack scenario, the attacker needs 5000 IPs to hack an account. It sounds big but thats actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.. The Facebook security team was convinced after providing the above video of sending 200k valid requests. They were also quick in addressing and fixing the issue.

Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files

www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantecs Modern OS Security team, focused on the protection of mobile endpoints and operating systems. The security flaw, dubbed Media File Jacking, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps . Files saved to an external storage public directory are world-readable/writeable, so they can be modified by other apps or users beyond the app’s control. … By default, WhatsApp stores media files received by a device in external storage …

You might be interested in …

Daily NCSC-FI news followup 2020-09-04

FBI: Thousands of orgs targeted by RDoS extortion campaign www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/ The FBI recommended US companies that received such ransom notes from the criminal gang behind this ongoing RDoS campaign not to pay the criminals’ ransom. Warner Music Group finds hackers compromised its online stores www.bleepingcomputer.com/news/security/warner-music-group-finds-hackers-compromised-its-online-stores/ Warner Music Group (WMG), the third-largest global music recording company, […]

Read More

Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated […]

Read More

Daily NCSC-FI news followup 2020-06-01

Postin nimissä käynnissä kolme huijausta, yksi on erityisen häijy – numerostasi lähetetään viestejä www.is.fi/digitoday/tietoturva/art-2000006523529.html Oikeissa Postin viesteissä ei pääsääntöisesti ole linkkejä. Jos seuraat linkkiä verkkosivulle, tarkista sen osoite osoiteriviltä. Väärien sivujen osoitteet eivät usein muistuta juuri lainkaan aitoa osoitetta. Suhtaudu varauksella kaikkiin viesteihin, joissa sinulta pyydetään maksua tai sinun halutaan kirjautuvan jonnekin pankkitunnuksillasi. Katso myös: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.