Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security

blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security with development. The best way to get this done is to implement a shift-left security strategy.

Five tips to keep your data secure while traveling

www.pandasecurity.com/mediacenter/panda-security/data-secure-traveling/ People are on the move as the northern hemisphere is steaming through the summer season. The summer started more than a month ago, and almost every third American is expected to embark on a family vacation during the summer of 2019. Seeing more than 100 million people travel does not only add up to the already crowded airports, but it also increases the interstate traffic and brings a whole lot of risks. While there is no harm in people being on the lookout for the next big summer adventure, very often travelers overlook the best ways to keep data safe and secure while traveling.

Whats New in the 2019 Cost of a Data Breach Report

securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/ Its always exciting to announce the results of our annual Cost of a Data Breach Report, and this year, the 14th report conducted by the Ponemon Institute, the 2019 Cost of a Data Breach Report offers new and innovative ways to analyze the financial impacts, root causes and mitigating factors of data breaches on a global scale. In this years report, we studied the costs associated with breaches that occurred between July 2018 and April 2019 at 507 organizations in 16 countries and regions and across 17 industry sectors.

Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet Zombies

blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/ Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this years first quarter saw a surge of attacks whether by exploiting vulnerabilities or taking advantage of security gaps leveled against Elasticsearch servers. These attacks mostly delivered cryptocurrency-mining malware, as in the case of one attack we saw last year.

P2P Worm Spreads Crypto-Miners in the Wild

blog.yoroi.company/research/p2p-worm-spreads-crypto-miners-in-the-wild/ In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware along with the desired content. Recently, our threat monitoring operations pointed us to an interesting file named Lucio Dalla Discografia Completa: this file pretends to be a collection of the discography of a famous

Verifying SSL/TLS configuration (part 1)

isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/ One of very important steps when performing penetration tests is to verify configuration of any SSL/TLS services. Specifically, the goal of this step is to check which protocols and ciphers are supported. This might sound easier than it is so this will be a series of diaries where I will try to explain how to verify configuration but also how to assess risk.

Malware-Loader Brushaloader Grows More Menacing

threatpost.com/malware-brushaloader-more-menacing/146631/ Dropper malware become more popular as hackers turn to more quiet attack techniques to avoid detection. The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. First identified in June 2018, the Brushaloader malware is now more pervasive, stealthy and growing in popularity faster than ever before.

Critical flaw in Palo Alto VPN solution impacts Uber, other enterprises may be at risk

www.zdnet.com/article/uber-hit-by-critical-vulnerability-in-palo-alto-vpn-solution/ Updated: The critical vulnerability exists in old, vulnerable versions of the software still in use by companies including Uber. A critical vulnerability has been found in Palo Alto GlobalProtect SSL VPN software used by enterprise companies across the globe, including ride-hailing platform Uber. The bug, however, is somewhat unusual as it has been fixed in recent releases of the solution, used to create secure channels and Virtual Private Network (VPN) tunnels for remote workers — but was quietly existing in older versions.

Chances of destructive BlueKeep exploit rise with new explainer posted online

arstechnica.com/information-technology/2019/07/explainer-for-exploiting-wormable-bluekeep-flaw-posted-on-github/ A security researcher has published a detailed guide that shows how to execute malicious code on Windows computers still vulnerable to the critical BlueKeep vulnerability. The move significantly lowers the bar for writing exploits that wreak the kinds of destructive attacks not seen since the WannaCry and NotPetya attacks of 2017, researchers said. As of three weeks ago, more than 800,000 computers exposed to the Internet were vulnerable to the exploit, researchers from security firm BitSight said last week. Microsoft and a chorus of security professionals have warned of the potential for exploits to sow worldwide disruptions. . Myös:

www.tivi.fi/uutiset/tv/3d244d75-4b32-4543-bf7a-92d139ed5b87. sekä: www.is.fi/digitoday/tietoturva/art-2000006182001.html

LooCipher Ransomware Decryptor Gets Your Files Back for Free

www.bleepingcomputer.com/news/security/loocipher-ransomware-decryptor-gets-your-files-back-for-free/ A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with LooCipher, do not pay the ransom and instead follow the instructions below. LooCipher is installed through malicious Word documents that download the executable and execute it. Once executed, the ransomware will encrypt a victim’s data and append the .lcphr extension to encrypted file’s names.

Lancaster Uni data breach hits at least 12,500 wannabe students

www.theregister.co.uk/2019/07/23/lancaster_university_data_breach/ Lancaster University – which offers a GCHQ-accredited degree in security – has been struck by a “sophisticated and malicious phishing attack” that resulted in the leak of around 12,500 wannabe students’ personal data. In a statement published yesterday evening, the university admitted that undergraduate applicant records for the years 2019 and 2020 had been accessed, along with the data of some current students.

How Cybercriminals Break into the Microsoft Cloud

www.darkreading.com/cloud/how-cybercriminals-break-into-the-microsoft-cloud/d/d-id/1335314 Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation. Even companies that previously said “no” to cloud are migrating their services and resources to cloud-based infrastructure. As they do, many are concerned about maintaining the cloud’s rapid update pace and how the new paradigm exposes them to new types of security threats.

NSA to establish a defense-minded division named the Cybersecurity Directorate

www.zdnet.com/article/nsa-to-establish-a-defense-minded-division-named-the-cybersecurity-directorate/ The National Security Agency announced today plans to establish a new defense-minded cyber-security division that will focus on defending the US against foreign cyber-threats. This new division, which will be named the Cybersecurity Directorate, will become operational on October 1, later this year.

RSA and Cisco released the first ever Findings Report from the RSA Conference 2019 Security Operations Center (SOC)

blogs.cisco.com/security/rsa-conference-2019-security-operations-center-findings-report-released The RSA® Conference SOC analyzes the Moscone Center wireless traffic, which is an open network during the week of the Conference. The SOC began collecting traffic on Monday, March 4, 2019 and through 4:00PM Thursday, March 7, 2019. There were 70,440,988 sessions throughout this period.

FinCEN: BEC far worse than previously believed

garwarner.blogspot.com/2019/07/fincen-bec-far-worse-than-previously.html Last week FinCEN, the Financial Crimes Enforcement Network, put out a new advisory with information about Business Email Compromise and it is far worse than has been previously disclosed. The FBI’s Internet Crimes Complaint Center (IC3.gov) has previously called BEC a $12 Billion Scam. As we shared in April in our post IC3.gov: BEC Compromises and Romance Fraud 2018, IC3.gov documented that during calendar 2018 $1.2 Billion was stolen from 19,140 companies just in the United States.

You might be interested in …

Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a […]

Read More

Daily NCSC-FI news followup 2021-09-23

KRP varoittaa ovelasta Omakanta-huijauksesta toimi näin suojautuaksesi www.is.fi/digitoday/tietoturva/art-2000008285667.html Poliisi kehottaa noudattamaan varovaisuutta pankkitunnuksilla sähköiseen palveluun kirjauduttaessa. VoIP company battles massive ransom DDoS attack www.zdnet.com/article/voip-company-battles-massive-ransom-ddos-attack/ VoIP company battles massive ransom DDoS attack. katso myös www.is.fi/digitoday/art-2000008284709.html FamousSparrow: A suspicious hotel guest www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/ ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. […]

Read More

Daily NCSC-FI news followup 2020-12-06

Running in Circles – Uncovering the Clients of Cyberespionage Firm Circles citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ The public discussion around surveillance and tracking largely focuses on well known technical means, such as targeted hacking and network interception. However, other forms of surveillance are regularly and extensively used by governments and third parties to engage in cross-border surveillance and monitoring. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.