Daily NCSC-FI news followup 2019-08-01

Ransomware: Cyberattack forces Houston County schools to postpone opening day


Ransomware: Syracuse, NY and Watertown, NY City School Districts have been targeted in a ransomware attack


Ransomware: Steps to Safeguard Against Ransomware Attacks

www.us-cert.gov/ncas/current-activity/2019/07/30/steps-safeguard-against-ransomware-attacks 1. Back up systems – now (and daily). Store one copy offline.. 2. Reinforce basic cybersecurity awareness and education. . 3. Revisit and refine cyber incident response plans.

Pearson, the London-based educational software maker, said today that thousands of school and university accounts, mostly in the United States, were affected by a data breach

techcrunch.com/2019/07/31/education-software-maker-pearson-says-data-breach-affected-thousands-of-accounts-in-the-u-s/ According to Pearson, unauthorized access was gained to 13,000 school and university accounts

QR code scam can clean out your bank account

blog.malwarebytes.com/scams/2019/07/qr-code-scam-can-clean-out-your-bank-account/ A week ago, one of the Netherlands local police departments issued a warning that this type of scam was making the rounds. Meanwhile, two suspects have been apprehended after robbing dozens of people and amassing tens of thousands of Euros.

Unit 42 spent six months researching the China-based cybercrime group Rocke

unit42.paloaltonetworks.com/rockein-the-netflow/ The group has also released a new tool called Godlua, which could function as an agent, allowing the groups actors to perform additional scripted operations, including denial of service (DoS) attacks, network proxying, and two shell capabilities. . See also: Org’s network connect to GitHub and Pastebin much? It’s a Rocke road to cryptojacking country –


Chile’s Electoral Service confirms the data’s authenticity, but denies it owns the leaky server.

www.zdnet.com/article/voter-records-for-80-of-chiles-population-left-exposed-online/ The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country’s entire population, was left exposed and leaking on the internet inside an Elasticsearch database.

FTC Releases Alert on the Capital One Data Breach

www.us-cert.gov/ncas/current-activity/2019/08/01/ftc-releases-alert-capital-one-data-breach FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware of potential phishing scams related to the breach.

Capital One breach also hit other major companies, say researchers

techcrunch.com/2019/07/31/capital-one-breach-vodafone-ford-researchers/ Israeli security firm CyberInt said Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may have also fallen victim to the same data breach

Development stops on PowerShell Empire framework after project reaches its goal

www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/ “The original objective of the Empire project was to demonstrate the post-exploitation capabilities of PowerShell and bring awareness to PowerShell attacks used by (at the time) more advanced adversaries,” said Chris Ross, one of Empire’s lead developers.

Gartner Releases 2019 Market Guide for security orchestration, automation and response (SOAR) Solutions

securityintelligence.com/posts/gartner-releases-2019-market-guide-for-soar-solutions/ Gartner predicted that, “By year-end 2022, 30 percent of organizations with a security team larger than five people will leverage SOAR tools in their security operations, up from less than 5 percent today.”

Facebook announces first takedown of influence campaign with ties to Saudi government

edition.cnn.com/2019/08/01/tech/facebook-saudi-arabia-pages-removed/ Facebook said Thursday it had found evidence of something cyber security and national security experts have long suspected: people tied to the government of Saudi Arabia have been running covert campaigns on Facebook and Instagram in a bid to prop up support for the kingdom and attack its enemies.

Apples AirDrop and password sharing features can leak iPhone numbers

arstechnica.com/information-technology/2019/08/apples-airdrop-and-password-sharing-features-can-leak-iphone-numbers/ Partial hashes broadcast in Bluetooth can be converted to phone numbers, researchers say.

Vendor Blocks 65,000 Magecart Data Theft Attempts in July

www.infosecurity-magazine.com/news/vendor-blocks-65000-magecart-data/ Magecart groups appear to be having a busy summer so far, with one security vendor blocking 65,000 attempts to steal card details from online stores in July alone.. Malwarebytes revealed the findings in a new blog post: it shows that US shoppers account for the vast majority of those targeted, nearly 54% in total. Canadians came in second with nearly 16% and then theres a long tail of countries including Germany (7%), the Netherlands (6%), France and the UK (5%) and Australia (3%).

Cisco to pay $8.6 million for selling vulnerable software to US government

www.zdnet.com/article/cisco-to-pay-8-6-million-for-selling-vulnerable-software-to-us-government/ In the lawsuit, filed in May 2011 but kept under seal until today, James Glenn, who worked in Denmark at Cisco subcontractor NetDesign, claimed he found security flaws in Cisco’s Video Surveillance Manager (VSM) — a multi-software package that could be used to control video surveillance cameras, to store recorded video feeds, and allow operators to manipulate camera-recorded videos.

You might be interested in …

Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses. Stantinko botnet adds cryptomining to its pool of criminal activities www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators […]

Read More

Daily NCSC-FI news followup 2019-11-15

Clampdown on US border device searches not such a big deal www.zdnet.com/article/clampdown-on-us-border-device-searches-not-such-a-big-deal/#ftag=RSSbaffb68 Alasaad v. Mcaleenan acknowledges the intrusiveness of digital searches, but it’s only about “contraband” and falls short of requiring a warrant. It’s time for SCOTUS and Congress to dig deeper, say experts. New Emotet Report Details Threats From One of the Worlds Most […]

Read More

Daily NCSC-FI news followup 2021-07-09

Banking Trojans in a business wrapper www.kaspersky.com/blog/icedid-qbot-banking-trojans-in-spam/40552/ Spammers are using malicious macros to distribute IcedID and Qbot banking malware in seemingly important documents. For employees facing hundreds of e-mails, the temptation to speed-read and download attachments on autopilot can be great. Cybercriminals, of course, take advantage, sending out seemingly important documents that might contain just […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.