Daily NCSC-FI news followup 2019-07-29

Video: Analyzing Compressed PowerShell Scripts

isc.sans.edu/diary/Video%3A+Analyzing+Compressed+PowerShell+Scripts/25178 In diary entry “Analyzing Compressed PowerShell Scripts”, we took a look at a malicious Word document with compressed PowerShell script.. See also:


DMARC’s Abysmal Adoption Explains Why Email Spoofing is Still a Thing

www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/ Around 79.7% don’t use DMARC, according to a report that surveyed the DMARC policies deployed with 21,075 business and government domains. The survey looked specifically at DMARC adoption because of the protocol’s importance.. The survey, carried out by email security and analytics firm 250ok, analyzed domains from sectors such as Fortune 500, US government, the China Hot 100, the top 100 law firms, international nonprofits, the SaaS 1000, education, e-commerce, financial services, and travel sectors.

Malware Cited As Problem Most Seen By SOC Teams

www.infosecurity-magazine.com/news/malware-cited-as-exploit-most-seen/ Working in the security operations center (SOC) is growing increasingly more painful because of an increasing workload and alert fatigue, according to new research, Improving the Effectiveness of the Security Operations Center, published by the Ponemon Institute and sponsored by Devo Security.. Respondents cited malware (98%), known vulnerabilities (80%), spear-phishing (69%) and insider threats (68%) as the most identified exploits in the SOC. . “Most respondents rate their SOCs effectiveness as low and almost half say it is not fully aligned with business needs. Problems such as a lack of visibility into the network and IT infrastructure, a lack of confidence in the ability to find threats and workplace stress on the SOC team are diminishing its effectiveness,” the report said.

Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices

www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/ The vulnerabilities affect VxWorks, a real-time operating system created by Wind River. Security updates are out, but patching will most likely take months, if not years.. Security researchers have disclosed details today about 11 vulnerabilities known collectively as “Urgent11” that impact a wide range of devices, from routers to medical systems, and from printers to industrial equipment.. Armis researchers Ben Seri and Dor Zusman will present URGENT/11 at Black Hat 2019 and demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor. Armis will be at Booth #166 at Black Hat.. See also


Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep

threatpost.com/fearing-wannacry-level-danger-enterprises-wrestle-with-bluekeep/146727/ Patches for CVE-2019-0708 appeared in May. The BlueKeep concern is big enough that Microsoft even took the unusual step of deploying patches to Windows XP and Windows 2003, which are end-of-life and no longer supported by the computing giant. . As of July 2, approximately 805,665 systems remain online that are vulnerable to BlueKeep, according to a recent status update from the firm down from 1 million in May.. The number of susceptible systems represents a decrease of 17.18 percent (167,164 systems) compared to May 31, including 92,082 systems which remain externally exposed that have been patched. . This translates to an average decrease of 5,224 exposed vulnerable exposed systems per day, between patching, taking them offline and replacing them.

Attacking the Heart of the German Industry

web.br.de/interaktiv/winnti/english/ For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.

Windows 7 support timebomb: 76% of UK’s NHS PCs not on Windows 10 despite looming deadline

www.zdnet.com/article/windows-7-timebomb-with-less-than-six-months-until-support-ends-76-of-nhs-computers-not-yet-on-windows-10/#ftag=RSSbaffb68 Just over one million computers in the NHS are still using Windows 7.. The government also faced further criticism for a minority of NHS machines still running Windows XP, Microsoft’s 2001 operating system that went out of support five years ago.. Despite the risk of running these Windows XP machines, Doyle-Price said it was not “not possible to set a timeframe for complete removal of Windows XP from all NHS machines”.

Most parents never check their children’s devices

www.zdnet.com/article/most-parents-never-check-their-childrens-devices/#ftag=RSSbaffb68 In these digital times, it is almost impossible to raise a child without exposing them to technology at a very early age. So how do 21st century parents manage the limits on technology usage for their kids?. Although parents often do not know this, children are spending, on average, three-and-a-half hours on their smartphones every day. But when asked, parents think that their children only spend an average of 1 hour 18 minutes — a difference of over 2 hours.. Katso myös


Dark Web drug kingpin charged, forfeits $4 million in Bitcoin

www.zdnet.com/article/dark-web-drug-kingpin-charged-forced-to-forfeit-4-million-in-bitcoin/#ftag=RSSbaffb68 A prolific seller of drugs on the Dark Web caught in a sting operation has been charged and ordered to forfeit over $4 million in cryptocurrency.

Android ransomware is back

www.welivesecurity.com/2019/07/29/android-ransomware-back/ ESET researchers discover a new Android ransomware family that attempts to spread to victims contacts and deploys some unusual tricks

National Australia Bank (NAB) reveals 13,000-person data breach at 6PM Friday

www.itnews.com.au/news/nab-reveals-13000-person-data-breach-at-6pm-friday-528757 NAB disclosed a data breach late Friday after a dataset containing the personal details of approximately 13,000 customers was uploaded to the servers of two data service companies.. The just-after-6PM announcement of is suspicious: late on Friday is a time often used to take-out-the-trash in the hope that bad news dissappears amid the weekends sport and other frippery.

You might be interested in …

Daily NCSC-FI news followup 2020-10-24

Vastaamon asiakkaat ovat saaneet henkilökohtaisia kiristysviestejä, viesteissä vaaditaan 200-500 euron arvosta bitcoineja Poliisi: “Kiristysviestin vaatimuksiin ei tule suostua” www.hs.fi/kotimaa/art-2000006698803.html Jos uhri ei maksa, kiristäjä uhkaa julkaista hänen tietonsa sisältäen henkilötietojen lisäksi tarkan potilaskertomuksen, joka sisältää litteroituna terapeutin kanssa käydyt keskustelut. Myös: Vastaamon asiakkaat saavat nyt kiristysviestejä sähköposteihinsa viesteissä vaaditaan 200-500 euron arvosta bitcoineja – yle.fi/uutiset/3-11612183 […]

Read More

Daily NCSC-FI news followup 2019-08-24

Kyberhyökkäykset ravistelevat suomalaiskuntia Tampere: “Harjoittelemme säännöllisesti” www.tivi.fi/uutiset/tv/d884768a-4cba-4abb-b990-64620669935d Sähköpostihuijareiden toimintatapoja tarkemmin – eiliseen 80 huijarin kiinniottoon liittyvä analyysi garwarner.blogspot.com/2019/08/los-angeles-court-charges-80-nigerians.html Fortnite-pelin huijausohjelma sisältääkin haittaohjelman ja vaatii lunnaat www.kaspersky.com/blog/ransomware-in-fortnite-cheats/28104/ FireEyen tuore raportti sote-sektorin toistuvasta kohdennuksesta ja altistumisesta tietovuodoille www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Facebook jakoi vuosittaisen Internet Defence Prize -palkintonsa saksalaisille tutkijoille: 100’000 USD uudesta suojausmekanismista. www.zdnet.com/article/facebook-awards-100000-prize-for-new-code-isolation-technique/ Esineiden internet: älyuunit päälle keskellä […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.