Daily NCSC-FI news followup 2019-07-15

Lahdessa toivotaan kyberhyökkääjän jäävän kiinni”Tällainen toiminta ei ole mitään askartelua ja puuhastelua, vaan raakaa ammattimaista rikollisuutta”

www.ess.fi/uutiset/paijathame/art2554035 Tietoturva-asiantuntijat antavat Lahdelle kiitosta ripeästä toiminnasta kesäkuisen kyberhyökkäyksen alettua. “Toiminta oli erittäin asiantuntevaa”, sanoo Kyberturvallisuuskeskuksen Kauto Huopio.

Turla renews its arsenal with Topinambour

securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ 2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but theyre creating new tools. Here well tell you about several of them, namely Topinambour (aka Sunchoke the Jerusalem artichoke) and its related modules. We didnt choose to name it after a vegetable; the .NET malware developers named it Topinambour themselves.

250 million Email addresses harvested and counting

www.deepinstinct.com/2019/07/12/trickbooster-trickbots-email-based-infection-module/ Recent findings from a currently active and ongoing TrickBot campaign, which features extensive use of signed malware binaries, indicate that it now has a new variant. Alongside its recent addition of a cookie stealing module it has gained a new partner in crime a malicious email based infection and distribution module that shares its code signing certificates (details in IOC section below).

Malicious code ousted from PureScript’s npm installer but who put it there in the first place?

www.theregister.co.uk/2019/07/15/purescripts_npm_installer/ “@shinnn claims that the malicious code was published by an attacker who gained access to his npm account,” explained Garrood. “As far as we are aware, the only purpose of the malicious code was to sabotage the PureScript npm installer to prevent it from running successfully.”

2019 Global Developer Report: DevSecOps finds security roadblocks divide teams

about.gitlab.com/2019/07/15/global-developer-report/ Nearly 70% of developers said they are expected to write secure code, but its clear from the comments below that in most organizations, the mechanisms to make that happen remain elusive.. Report at

about.gitlab.com/resources/downloads/2019-global-developer-report.pdf

Is REvil the New GandCrab Ransomware?

krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as REvil, Sodin, and Sodinokibi.

How I Could Have Hacked Any Instagram Account

thezerohack.com/hack-any-instagram#articlescroll In a real attack scenario, the attacker needs 5000 IPs to hack an account. It sounds big but thats actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.. The Facebook security team was convinced after providing the above video of sending 200k valid requests. They were also quick in addressing and fixing the issue.

Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files

www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantecs Modern OS Security team, focused on the protection of mobile endpoints and operating systems. The security flaw, dubbed Media File Jacking, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps . Files saved to an external storage public directory are world-readable/writeable, so they can be modified by other apps or users beyond the app’s control. … By default, WhatsApp stores media files received by a device in external storage …

You might be interested in …

Daily NCSC-FI news followup 2021-05-10

DDoS attacks in Q1 2021 securelist.com/ddos-attacks-in-q1-2021/102166/ Q1 2021 saw the appearance of two new botnets. News broke in January of the FreakOut malware, which attacks Linux devices. Cybercriminals exploited several critical vulnerabilities in programs installed on victim devices, including the newly discovered CVE-2021-3007. Botnet operators use infected devices to carry out DDoS attacks or mine […]

Read More

Daily NCSC-FI news followup 2021-02-11

Vastaamon palvelimen portti 3306 oli auki nettiin 1, 5 vuotta ja kiristys alkoi jo 2018 julkisuuskatastrofia viivytettiin viimeiseen asti www.is.fi/digitoday/tietoturva/art-2000007794906.html Vastaamon ensimmäisessä kiristysyrityksessä on saattanut olla kyse “roiskaisusta”, jossa tietomurtaja ei tiennyt, mitä hänellä oli käsissään. Vastaamon asiakastietokannan varastaminen johtui palvelimelle auki jätetystä tietoliikenneportista, joka oli auki 1, 5 vuoden ajan. Lookout Discovers Novel Confucius […]

Read More

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.