Daily NCSC-FI news followup 2019-08-01

Ransomware: Cyberattack forces Houston County schools to postpone opening day


Ransomware: Syracuse, NY and Watertown, NY City School Districts have been targeted in a ransomware attack


Ransomware: Steps to Safeguard Against Ransomware Attacks

www.us-cert.gov/ncas/current-activity/2019/07/30/steps-safeguard-against-ransomware-attacks 1. Back up systems – now (and daily). Store one copy offline.. 2. Reinforce basic cybersecurity awareness and education. . 3. Revisit and refine cyber incident response plans.

Pearson, the London-based educational software maker, said today that thousands of school and university accounts, mostly in the United States, were affected by a data breach

techcrunch.com/2019/07/31/education-software-maker-pearson-says-data-breach-affected-thousands-of-accounts-in-the-u-s/ According to Pearson, unauthorized access was gained to 13,000 school and university accounts

QR code scam can clean out your bank account

blog.malwarebytes.com/scams/2019/07/qr-code-scam-can-clean-out-your-bank-account/ A week ago, one of the Netherlands local police departments issued a warning that this type of scam was making the rounds. Meanwhile, two suspects have been apprehended after robbing dozens of people and amassing tens of thousands of Euros.

Unit 42 spent six months researching the China-based cybercrime group Rocke

unit42.paloaltonetworks.com/rockein-the-netflow/ The group has also released a new tool called Godlua, which could function as an agent, allowing the groups actors to perform additional scripted operations, including denial of service (DoS) attacks, network proxying, and two shell capabilities. . See also: Org’s network connect to GitHub and Pastebin much? It’s a Rocke road to cryptojacking country –


Chile’s Electoral Service confirms the data’s authenticity, but denies it owns the leaky server.

www.zdnet.com/article/voter-records-for-80-of-chiles-population-left-exposed-online/ The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country’s entire population, was left exposed and leaking on the internet inside an Elasticsearch database.

FTC Releases Alert on the Capital One Data Breach

www.us-cert.gov/ncas/current-activity/2019/08/01/ftc-releases-alert-capital-one-data-breach FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware of potential phishing scams related to the breach.

Capital One breach also hit other major companies, say researchers

techcrunch.com/2019/07/31/capital-one-breach-vodafone-ford-researchers/ Israeli security firm CyberInt said Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may have also fallen victim to the same data breach

Development stops on PowerShell Empire framework after project reaches its goal

www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/ “The original objective of the Empire project was to demonstrate the post-exploitation capabilities of PowerShell and bring awareness to PowerShell attacks used by (at the time) more advanced adversaries,” said Chris Ross, one of Empire’s lead developers.

Gartner Releases 2019 Market Guide for security orchestration, automation and response (SOAR) Solutions

securityintelligence.com/posts/gartner-releases-2019-market-guide-for-soar-solutions/ Gartner predicted that, “By year-end 2022, 30 percent of organizations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5 percent today.”

Facebook announces first takedown of influence campaign with ties to Saudi government

edition.cnn.com/2019/08/01/tech/facebook-saudi-arabia-pages-removed/ Facebook said Thursday it had found evidence of something cyber security and national security experts have long suspected: people tied to the government of Saudi Arabia have been running covert campaigns on Facebook and Instagram in a bid to prop up support for the kingdom and attack its enemies.

Apples AirDrop and password sharing features can leak iPhone numbers

arstechnica.com/information-technology/2019/08/apples-airdrop-and-password-sharing-features-can-leak-iphone-numbers/ Partial hashes broadcast in Bluetooth can be converted to phone numbers, researchers say.

Vendor Blocks 65,000 Magecart Data Theft Attempts in July

www.infosecurity-magazine.com/news/vendor-blocks-65000-magecart-data/ Magecart groups appear to be having a busy summer so far, with one security vendor blocking 65,000 attempts to steal card details from online stores in July alone.. Malwarebytes revealed the findings in a new blog post: it shows that US shoppers account for the vast majority of those targeted, nearly 54% in total. Canadians came in second with nearly 16% and then theres a long tail of countries including Germany (7%), the Netherlands (6%), France and the UK (5%) and Australia (3%).

Cisco to pay $8.6 million for selling vulnerable software to US government

www.zdnet.com/article/cisco-to-pay-8-6-million-for-selling-vulnerable-software-to-us-government/ In the lawsuit, filed in May 2011 but kept under seal until today, James Glenn, who worked in Denmark at Cisco subcontractor NetDesign, claimed he found security flaws in Cisco’s Video Surveillance Manager (VSM) — a multi-software package that could be used to control video surveillance cameras, to store recorded video feeds, and allow operators to manipulate camera-recorded videos.

You might be interested in …

Daily NCSC-FI news followup 2020-12-29

Kyberisku plastiikkakirurgiseen sairaalaan kiristäjät uhkaavat julkaista intiimikuvat www.is.fi/digitoday/tietoturva/art-2000007709054.html Britanniassa paljastunut hyökkäys on uusi esimerkki siitä, miten ihmisten arkaluonteiset tiedot voivat päätyä kiristysmateriaaliksi. Asiasta kertoo BBC. Japanese Aerospace Firm Kawasaki Warns of Data Breach threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/ The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. US […]

Read More

Daily NCSC-FI news followup 2019-07-29

Video: Analyzing Compressed PowerShell Scripts isc.sans.edu/diary/Video%3A+Analyzing+Compressed+PowerShell+Scripts/25178 In diary entry “Analyzing Compressed PowerShell Scripts”, we took a look at a malicious Word document with compressed PowerShell script.. See also: isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/ DMARC’s Abysmal Adoption Explains Why Email Spoofing is Still a Thing www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/ Around 79.7% don’t use DMARC, according to a report that surveyed the DMARC policies […]

Read More

Daily NCSC-FI news followup 2021-05-13

April 2021s Most Wanted Malware: Dridex Remains in Top Position Amidst Global Surge in Ransomware Attacks blog.checkpoint.com/2021/05/13/april-2021s-most-wanted-malware-dridex-remains-in-top-position-amidst-global-surge-in-ransomware-attacks/ Our latest Global Threat Index for April 2021 has revealed that for the first time, AgentTesla has ranked second in the Index, while the established Dridex trojan is still the most prevalent malware, having risen to the top […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.