Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, files, and calls. No ifs, no buts.

What is Zero Trust Security? And Why Should You Care

blog.checkpoint.com/2019/07/24/what-is-zero-trust-security-and-why-should-you-care/ An ever-evolving IT environment and cyber-threat landscape have made legacy security infrastructures ineffective. Based on the outdated assumption that anything within the security perimeter can be trusted, they leave organizations exposed to cyber-attacks. Across the industry, security professionals are designing and rebuilding their strategies around a Zero Trust approach, one that trusts no user, device or system, neither inside nor outside the perimeter

Attorney General William Barr on Encryption Policy

www.schneier.com/blog/archives/2019/07/attorney_genera_1.html Yesterday, Attorney General William Barr gave a major speech on encryption policy — what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Advanced mobile surveillanceware, made in Russia, found in the wild

arstechnica.com/information-technology/2019/07/advanced-mobile-surveillanceware-made-in-russia-found-in-the-wild/ Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that countrys Main Intelligence Directorate meddle in the 2016 US presidential election.

Data breaches can haunt firms for years

www.welivesecurity.com/2019/07/24/data-breach-cost-fallout/ The compromised company may bear the financial brunt of the breach within the first year after the incident occurs, but the price tag is still far from final. The average cost of a data breach has risen 12% over the past five years to US$3.92 million globally, according to IBMs 2019 Cost of a Data Breach study, which drew on input from more than 500 companies around the world that suffered a breach over the past year. The rising financial impact was attributed to a trio of factors the multi-year financial fallout from breaches, increased regulation, and the complexity of resolving criminal attacks.

Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years

thehackernews.com/2019/07/ftc-facebook-privacy-program.html The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal. Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices and policies.

May People Be Considered as IOC?

isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/ Thats a tricky question! May we manage a list of people like regular IOCs? An IOC (Indicator of Compromise) is a piece of information, usually technical, that helps to detect malicious (or at least suspicious) activities. Classic types of IOC are IP addresses, domains, hashes, filenames, registry keys, processes, mutexes,

Citrix Confirms Password-Spraying Heist of Reams of Internal IP

threatpost.com/citrix-confirms-password-spraying-heist/146641/ Security experts say the attack stemmed from weak cybersecurity controls. Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network.

www.zdnet.com/article/apt-doxing-group-expose-apt17-as-jinan-bureau-of-chinas-security-ministry/ ntrusion Truth’s previous two exposes — for APT3 and APT10 — resulted in DOJ charges. Will this one as well?. Intrusion Truth, an online group of anonymous cyber-security analysts, have doxed another cyber-espionage hacking group linked to the Chinese government. This is the third Chinese cyber-espionage group (also known as an APT, or advanced persistent threat) that Intusion Truth has doxed in as many years.

Satoja miljoonia euroja maksaneesta Apotti-järjestelmästä paljastui potilaiden tiedot vaarantava ongelma Tietosuojavaltuutettu estäisi käyttöönoton Helsingissä

www.hs.fi/kaupunki/art-2000006182751.html Sosiaali- ja terveydenhuollon tietojärjestelmä Apotti antaa ammattilaisille lainvastaisen laajat mahdollisuudet tutkia potilas- ja asiakastietoja. Järjestelmä laajenee kattamaan 1,6 miljoonan ihmisen tiedot. VALTAVAAN sosiaali- ja terveydenhuollon asiakas- ja potilastietojärjestelmään Apottiin siirtyminen on vaarantanut yksityisyyden suojan. Uudessa yhteisessä tietojärjestelmässä olevien puutteiden takia alan työntekijät pääsevät laajasti tutkimaan salassa pidettäviä potilastietoja ja sosiaalihuollon asiakastietoja.

Sodinokibi Ransomware Distributed by Hackers Posing as German BSI

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-distributed-by-hackers-posing-as-german-bsi/ BSI, the German national cybersecurity authority, has issued a warning about a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages. The mails are sent from the [email protected] email address and, according to the BSI, the individuals targeted by this attack should not “open mails, links and attachments from this sender!” The official BSI email domain is bsi.bund.de according to CERT-Bund.

Ransomware: Why cities have become such a big target for cyberattacks – – and why it’ll get worse

www.zdnet.com/article/ransomware-why-cities-have-become-such-a-big-target-for-cyberattacks-and-why-itll-get-worse-before-it-gets-better/ A number of US cities have paid ransoms of hundreds of thousands of dollars after getting caught out by hackers — and if the business model is working, cybercriminals will keep exploiting it

Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack

www.darkreading.com/attacks-breaches/mirai-like-botnet-wages-massive-application-layer-ddos-attack/d/d-id/1335331 IoT botnet-made up mainly of routers-hit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data. A collection of more than 400,000 connected devices – mainly home routers – for 13 days leveled a powerful application-layer attack on a online entertainment-service provider.. The attack used packets designed to appear as valid requests to the targeted application with the aim of chewing up bandwidth and server resources and reached a peak rate of 292,000 requests per second, according to a report released on July 24 by security firm Imperva, which blocked the attack.

BEC Scammers Trick Employees Into Giving Away Customer Info

www.bleepingcomputer.com/news/security/bec-scammers-trick-employees-into-giving-away-customer-info/ Business email compromise (BEC) scammers are now targeting a company’s customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel. Aging reports, also known as a schedule of accounts receivable, are sets of outstanding invoices which allow a company’s financial department to keep track of customers who haven’t yet paid services or goods they were allowed to buy on credit.

BlueKeep Scanner Discovered in Watchbog Cryptomining Malware

www.bleepingcomputer.com/news/security/bluekeep-scanner-discovered-in-watchbog-cryptomining-malware/ A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.

How cyber criminals are still snaring victims using seven-year-old malware

www.zdnet.com/article/how-cyber-criminals-are-still-snaring-victims-using-seven-year-old-malware/ Researchers analysed millions of posts made on dark web forums across a 12 month period — here’s what they found out and what it means for your security. Some of the most popular malware on underground forums are open source or cracked versions of malicious software that use exploits that are years old but still effective. Cybersecurity researchers at Recorded Future analysed almost four million posts made on dark web forums in several languages between May 2018 and May 2019, correlating their findings in a new report: Bestsellers in the Underground Economy.

You might be interested in …

Daily NCSC-FI news followup 2021-04-09

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. Critical Zoom vulnerability […]

Read More

Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack […]

Read More

Daily NCSC-FI news followup 2020-12-27

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. Koei Tecmo discloses data breach after hacker leaks stolen data www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/ Japanese game developer Koei Tecmo has disclosed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.