Daily NCSC-FI news followup 2019-07-25

The Unsexy Threat to Election Security

krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/ Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.

Two Weapons to Help U.S. Govt Combat Cyberthreats

blog.paloaltonetworks.com/2019/07/cloud-wildfire-fedramp/ Federal agencies face a conundrum: They are the targets of relentless cyberattacks yet lack enough skilled personnel to combat them. State-affiliated actors, responsible for more than half of public administration data breaches1 combine never-before-seen malware with other techniques to infiltrate agencies and steal data or disrupt operations. With many thousands of new threats created every day,2 agencies have a hard time keeping up.

The Path to Passwordless Authentication Is Shorter Than We Thought

securityintelligence.com/posts/the-path-to-passwordless-authentication-is-shorter-than-we-thought/ Passwords are a problem, and relying on them for user authentication is problematic. This has been an accepted truth in the infosec community for some time, yet credential-based methods are still ubiquitous. The average person now has dozens of personal and business username/password combinations to keep track of and recycles those same passwords across multiple accounts, creating endless opportunities for exploitation and compromise.

Streaming service withstands 13day DDoS siege

www.welivesecurity.com/2019/07/25/streaming-service-ddos/ The attack, unleashed by a 400,000-strong Mirai-style botnet, may be the largest of its kind on record. A botnet made up of 402,000 enslaved Internet-of-Things (IoT) devices has staged a 13-day distributed denial-of-service (DDoS) attack against an undisclosed streaming service, according to a blog post by cybersecurity firm Imperva. The company said it successfully counteracted the onslaught and the target suffered no downtime.


thehackernews.com/2019/07/linux-malware-windows-bluekeep.html Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List. Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw. BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote attacker to take full control over vulnerable systems just by sending specially crafted requests over RDP protocol.

When Users Attack! Users (and Admins) Thwarting Security Controls

isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/ Today, I’d like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs ). First, lets talk about admin folks. In this first situation, we’ve got helpdesk and IT folks, that all require elevated privileges. This client did the right thing, and created “admin accounts” for each of those folks – not all Domain Admin, but accounts with the correct, elevated rights for each of those users.

New Loader Variant Behind Widespread Malware Attacks

threatpost.com/new-loader-variant-behind-widespread-malware-attacks/146683/ Malware infection technique called TxHollower gets updated with stealthy features. Behind a recent wave of cyberattacks, pelting PCs with FormBook, LokiBot, SmokeLoader malware, is an updated version of a malware-loading technique called TxHollower. It is described as a new significant threat, according to researchers, who added, attacks using TxHollower have spread like wildfire over the past year.

Louisiana governor declares state emergency after local ransomware outbreak

www.zdnet.com/article/louisiana-governor-declares-state-emergency-after-local-ransomware-outbreak/ Three school districts have been hit by ransomware in North Louisiana this week. Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multple school districts. The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes — Sabine, Morehouse, and Ouachita.

Phishing Campaign Bypasses Email Gateways via WeTransfer Alerts

www.bleepingcomputer.com/news/security/phishing-campaign-bypasses-email-gateways-via-wetransfer-alerts/ A phishing campaign using WeTransfer notifications as surrogates for the run-of-the-mill malicious URLs usually employed in these type of attacks was recently detected while successfully bypassing email gateways developed by Microsoft, Proofpoint, and Symantec. WeTransfer is a cloud-based file hosting and transferring service, with support for hosting and sharing files of up to 2 GB for the free tier and up to 20 GB for the paid Plus service.

Android Malware ‘Triada’ Most Active on Telco Networks

www.darkreading.com/mobile/android-malware-triada-most-active-on-telco-networks/d/d-id/1335337 Google in May disclosed that several Android devices had been shipped pre-installed with the RAT. New research into the impact of Triada, a sophisticated remote access Trojan that was recently found pre-installed on numerous Android devices, has shown that more than 15% of telecom companies globally have infected devices running on their network.

Unpatched vulnerabilities lurk in Comodo Antivirus

www.zdnet.com/article/comodo-antivirus-subject-to-serious-unpatched-vulnerabilities/ Updates to resolve the security flaws are expected to land on Monday. Comodo Antivirus software contains a swathe of severe vulnerabilities which may place users at risk, researchers say. According to a security advisory published by Tenable Research, version of Comodo Antivirus and Comodo Antivirus Advanced contain multiple vulnerabilities.

Ransomware Attack Cripples Power Companys Entire Network

www.bleepingcomputer.com/news/security/ransomware-attack-cripples-power-company-s-entire-network/ A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications. The incident affects one of the largest power suppliers in Johannesburg, owned by the city municipality. At the same time, customers reported multiple power outages on Twitter [1, 2, 3] but it has not been confirmed if they are related.

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerating kernel modules?. Or even worse, had to face the C-Suite and let them know you couldnt find any evil? Well fear no more FLARE has you covered. We’ve analyzed Windows 10 and integrated our research into Volatility and Rekall tools for your immediate consumption!

You might be interested in …

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2021-05-10

DDoS attacks in Q1 2021 securelist.com/ddos-attacks-in-q1-2021/102166/ Q1 2021 saw the appearance of two new botnets. News broke in January of the FreakOut malware, which attacks Linux devices. Cybercriminals exploited several critical vulnerabilities in programs installed on victim devices, including the newly discovered CVE-2021-3007. Botnet operators use infected devices to carry out DDoS attacks or mine […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.