Daily NCSC-FI news followup 2019-07-22

Fuzz rising

www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security issues that fuzzing will find. This is the backdrop of increasing complaints about unfixed CVEs in Docker containers, where these tend to me more visible due to wider use of scanning tools.. My view is that we are just at the beginning of this spike, and we will not just find all the issues and move on. Rather we will end up with the Linux distributions, which have this code will end up as toxic industrial waste areas, the Agbogbloshie of the C era. As the incumbents, no they will not rewrite it in Rust, instead smaller more nimble different types of competitor will outmanouvre the dinosaurs.

A Deep Dive Into IcedID Malware: Part III – Analysis of Child Processes

www.fortinet.com/blog/threat-research/deep-dive-icedid-malware-analysis-of-child-processes.html In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III below, well provide a deep analysis of those child processes.

How to Help SOC Analysts Fight Alert Fatigue

blog.paloaltonetworks.com/2019/07/help-soc-analysts-fight-alert-fatigue/ Palo Alto Networks survey data shows that SOC analysts are only able to handle 14% of alerts generated by security tools. When you consider IDC data showing that most alerts are false positives,[1] the results are predictable: Alerts get ignored, analysts waste time chasing false leads, and actual threats get missed. Beyond initial prevention, most security tools are designed to perform one key function: create and respond to alerts. Servers create alerts. Routers create alerts. Firewalls create alerts. Antivirus tools create alerts. Security teams will often set up alert-only policies rather than block policies for potentially risky processes the business uses regularly.

How to Remove ReimagePlus

www.pandasecurity.com/mediacenter/malware/how-to-remove-reimageplus/ Experiencing suspicious web browser activity? It could be possible you clicked on a fake software download link or fictitious software was bundled with a legitimate download. The Internet is crowded with viruses that consumers often fall victim to because they can be hard to identify from the start. However, some viruses are easy to spot due to their aggressive browser manipulations. One example is ReimagePlus.

Why a disjointed work-life balance is a cybersecurity problem

www.kaspersky.com/blog/disjointed-work-life-balance/27692/ The lines between personal and professional are becoming increasingly blurred. People are often now spending more hours in the office than they do at home. Yet, as many as a quarter do corporate tasks outside of the office. Hints persist that the ideal work-life balance may simply not be achievable in modern society.

VLC player has a critical flaw and theres no patch yet

www.welivesecurity.com/2019/07/22/critical-vulnerability-vlc-no-patch/ Germanys national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software. A remote, anonymous attacker can exploit the vulnerability in VLC to execute arbitrary code, cause a denial-of-service condition, exfiltrate information, or manipulate files, said CERT-Bund, which also discovered the security loophole.

What You Should Know About the Equifax Data Breach Settlement

krebsonsecurity.com/2019/07/what-you-should-know-about-the-equifax-data-breach-settlement/ Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Heres a brief primer that attempts to break down what this settlement means for you, and what it says about the value of your identity.. Also:

www.zdnet.com/article/equifax-regulators-sign-700m-deal-to-settle-data-breach-lawsuits/. Also: www.wired.com/story/equifax-fine-not-enough/

Large-Scale Government Hacks Hit Russia, Bulgaria

threatpost.com/government-hacks-russia-bulgaria/146587/ A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russias main security agency (FSB) that represents the largest data heist ever experienced there. In Bulgaria, cybercriminals were able to infiltrate the countrys tax revenue office, lifting personal data of 5 million Bulgarians. Bulgaria has just 7 million people, meaning that almost every adult is impacted. The compromised information includes retirement pension information, addresses, incomes and names, all of which was made available on the internet, according to reports.

Siemens contractor pleads guilty to planting logic bomb in company spreadsheets

www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/ Logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs. A former Siemens contractor has pled guilty last week to planting logic bombs inside spreadsheets he created for the company. For his crimes, David Tinley, 62, from a city near Pittsburgh, now faces up to 10 years in prison, a fine of $250,000, or both. According to court documents, Tinley provided software services for Siemens’ Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. According to court documents, Tinley provided software services for Siemens’ Monroevil

WhatsApp-vakoilijasta tuli entistä vaarallisempi: Miljardien käyttäjien palvelut nyt uhattuna

www.is.fi/digitoday/tietoturva/art-2000006180819.html Verkkopalvelut voivat joutua tekemään merkittäviä muutoksia, jos israelilaisen vakoiluohjelmien kehittäjän uudet väitteet pitävät paikkansa. Israelilainen vakoiluohjelmia kehittävä NSO Group on laajentanut pahamaineista Pegasus-haittaohjelmaansa uusilla ominaisuuksilla, joilla ohjelma pystyy murtautumaan myös muihin verkkopalveluihin, kertoo sanomalehti The Financial Times.

Varo tätä Office 365 -ansaa: palkkioksi saat vain haittaohjelman

www.tivi.fi/uutiset/tv/55e3b11c-0a10-4460-93c6-bcdb5dfda6f9 Aidon näköinen huijaussivusto pyrkii houkuttelemaan käyttäjiä asentamaan koneelleen haittaohjelman. Huijarit käyttävät Microsoftin Office 365:tä houkuttimena, jolla käyttäjät pyritään saamaan asentamaan laitteelleen salasanoja ja muuta arkaluontoista tietoa varastava TrickBot-troijalainen. Huijaus toimii siten, että väärennetylle Officen lataussivulle eksyvää kehotetaan asentamaan selainpäivitys, jotta sivu toimisi oikein. Firefoxin käyttäjät saavat Firefox-selaimelle muotoillun huijausviestin, Chrome-käyttäjät puolestaan Googlen selaimelle räätälöidyn houkuttimen.

Hackers Exploit Jira, Exim Linux Servers to “Keep the Internet Safe’

www.bleepingcomputer.com/news/security/hackers-exploit-jira-exim-linux-servers-to-keep-the-internet-safe/ Hackers are exploiting vulnerable Jira and Exim servers with the end goal of infecting them with a new Watchbog Linux Trojan variant and using the resulting botnet as part of a Monero cryptomining operation. Watchbog is a malware strain used to infect Linux servers by exploiting vulnerable software such as Jenkins during a campaign from May, as well as Nexus Repository Manager 3, ThinkPHP, and Linux Supervisord as part of an operation from March as discovered by Alibaba Cloud Security researchers.

Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure the two Ukrainian presidential elections in April

blog.talosintelligence.com/2019/07/lets-destroy-democracy.html Experiences like these, along with discussions with state and local elections officials and other parties, have helped us better understand the election security space. These discussions are especially important to us because combining their expertise with our experience in the security space and specifically our understanding of some of the actors that may be involved is a powerful model to achieve the ultimate goal of providing free and fair election

Phishers Target Office 365 Admins with Fake Admin Alerts

www.bleepingcomputer.com/news/security/phishers-target-office-365-admins-with-fake-admin-alerts/ Compromising an employee’s email account can be profitable for BEC scammers and for distributing malware, but being able to gain access to an email domain’s administrator account is a jackpot. For this reason, it is important to be aware of phishing scams that are not targeting an organization’s users, but rather their administrators. Phishers targeting admins are becoming more popular due to the greater range of attacks than can be conducted through an admin account. With admin credentials, attackers can potentially create new accounts under an organizations domain, send mail as other users, and read others user’s email.

Why Rust for safe systems programming

msrc-blog.microsoft.com/2019/07/22/why-rust-for-safe-systems-programming/ In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues weve found in Microsoft code that could have been avoided with a different language. Now well peek at why we think that Rust represents the best alternative to C and C++ currently available.

You might be interested in …

Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/ Cisco Webex bug allowed anyone to join a password-protected meeting www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation […]

Read More

Daily NCSC-FI news followup 2020-03-29

Source code of Dharma ransomware pops up for sale on hacking forums www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/ The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend.. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative […]

Read More

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.