Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, files, and calls. No ifs, no buts.

What is Zero Trust Security? And Why Should You Care

blog.checkpoint.com/2019/07/24/what-is-zero-trust-security-and-why-should-you-care/ An ever-evolving IT environment and cyber-threat landscape have made legacy security infrastructures ineffective. Based on the outdated assumption that anything within the security perimeter can be trusted, they leave organizations exposed to cyber-attacks. Across the industry, security professionals are designing and rebuilding their strategies around a Zero Trust approach, one that trusts no user, device or system, neither inside nor outside the perimeter

Attorney General William Barr on Encryption Policy

www.schneier.com/blog/archives/2019/07/attorney_genera_1.html Yesterday, Attorney General William Barr gave a major speech on encryption policy — what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Advanced mobile surveillanceware, made in Russia, found in the wild

arstechnica.com/information-technology/2019/07/advanced-mobile-surveillanceware-made-in-russia-found-in-the-wild/ Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that countrys Main Intelligence Directorate meddle in the 2016 US presidential election.

Data breaches can haunt firms for years

www.welivesecurity.com/2019/07/24/data-breach-cost-fallout/ The compromised company may bear the financial brunt of the breach within the first year after the incident occurs, but the price tag is still far from final. The average cost of a data breach has risen 12% over the past five years to US$3.92 million globally, according to IBMs 2019 Cost of a Data Breach study, which drew on input from more than 500 companies around the world that suffered a breach over the past year. The rising financial impact was attributed to a trio of factors the multi-year financial fallout from breaches, increased regulation, and the complexity of resolving criminal attacks.

Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years

thehackernews.com/2019/07/ftc-facebook-privacy-program.html The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal. Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices and policies.

May People Be Considered as IOC?

isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/ Thats a tricky question! May we manage a list of people like regular IOCs? An IOC (Indicator of Compromise) is a piece of information, usually technical, that helps to detect malicious (or at least suspicious) activities. Classic types of IOC are IP addresses, domains, hashes, filenames, registry keys, processes, mutexes,

Citrix Confirms Password-Spraying Heist of Reams of Internal IP

threatpost.com/citrix-confirms-password-spraying-heist/146641/ Security experts say the attack stemmed from weak cybersecurity controls. Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network.

www.zdnet.com/article/apt-doxing-group-expose-apt17-as-jinan-bureau-of-chinas-security-ministry/ ntrusion Truth’s previous two exposes — for APT3 and APT10 — resulted in DOJ charges. Will this one as well?. Intrusion Truth, an online group of anonymous cyber-security analysts, have doxed another cyber-espionage hacking group linked to the Chinese government. This is the third Chinese cyber-espionage group (also known as an APT, or advanced persistent threat) that Intusion Truth has doxed in as many years.

Satoja miljoonia euroja maksaneesta Apotti-järjestelmästä paljastui potilaiden tiedot vaarantava ongelma Tietosuojavaltuutettu estäisi käyttöönoton Helsingissä

www.hs.fi/kaupunki/art-2000006182751.html Sosiaali- ja terveydenhuollon tietojärjestelmä Apotti antaa ammattilaisille lainvastaisen laajat mahdollisuudet tutkia potilas- ja asiakastietoja. Järjestelmä laajenee kattamaan 1,6 miljoonan ihmisen tiedot. VALTAVAAN sosiaali- ja terveydenhuollon asiakas- ja potilastietojärjestelmään Apottiin siirtyminen on vaarantanut yksityisyyden suojan. Uudessa yhteisessä tietojärjestelmässä olevien puutteiden takia alan työntekijät pääsevät laajasti tutkimaan salassa pidettäviä potilastietoja ja sosiaalihuollon asiakastietoja.

Sodinokibi Ransomware Distributed by Hackers Posing as German BSI

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-distributed-by-hackers-posing-as-german-bsi/ BSI, the German national cybersecurity authority, has issued a warning about a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages. The mails are sent from the [email protected] email address and, according to the BSI, the individuals targeted by this attack should not “open mails, links and attachments from this sender!” The official BSI email domain is bsi.bund.de according to CERT-Bund.

Ransomware: Why cities have become such a big target for cyberattacks – – and why it’ll get worse

www.zdnet.com/article/ransomware-why-cities-have-become-such-a-big-target-for-cyberattacks-and-why-itll-get-worse-before-it-gets-better/ A number of US cities have paid ransoms of hundreds of thousands of dollars after getting caught out by hackers — and if the business model is working, cybercriminals will keep exploiting it

Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack

www.darkreading.com/attacks-breaches/mirai-like-botnet-wages-massive-application-layer-ddos-attack/d/d-id/1335331 IoT botnet-made up mainly of routers-hit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data. A collection of more than 400,000 connected devices – mainly home routers – for 13 days leveled a powerful application-layer attack on a online entertainment-service provider.. The attack used packets designed to appear as valid requests to the targeted application with the aim of chewing up bandwidth and server resources and reached a peak rate of 292,000 requests per second, according to a report released on July 24 by security firm Imperva, which blocked the attack.

BEC Scammers Trick Employees Into Giving Away Customer Info

www.bleepingcomputer.com/news/security/bec-scammers-trick-employees-into-giving-away-customer-info/ Business email compromise (BEC) scammers are now targeting a company’s customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel. Aging reports, also known as a schedule of accounts receivable, are sets of outstanding invoices which allow a company’s financial department to keep track of customers who haven’t yet paid services or goods they were allowed to buy on credit.

BlueKeep Scanner Discovered in Watchbog Cryptomining Malware

www.bleepingcomputer.com/news/security/bluekeep-scanner-discovered-in-watchbog-cryptomining-malware/ A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.

How cyber criminals are still snaring victims using seven-year-old malware

www.zdnet.com/article/how-cyber-criminals-are-still-snaring-victims-using-seven-year-old-malware/ Researchers analysed millions of posts made on dark web forums across a 12 month period — here’s what they found out and what it means for your security. Some of the most popular malware on underground forums are open source or cracked versions of malicious software that use exploits that are years old but still effective. Cybersecurity researchers at Recorded Future analysed almost four million posts made on dark web forums in several languages between May 2018 and May 2019, correlating their findings in a new report: Bestsellers in the Underground Economy.

You might be interested in …

Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa? yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja. Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona […]

Read More

Daily NCSC-FI news followup 2020-03-30

Revealed: Saudis suspected of phone spying campaign in US www.theguardian.com/world/2020/mar/29/revealed-saudis-suspected-of-phone-spying-campaign-in-us Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US, according to a whistleblower who has shown the Guardian millions of alleged secret tracking requests. Emotet: Dangerous Malware Keeps on Evolving medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de […]

Read More

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.