Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour

www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB experts discovered that Silence have significantly expanded their geography and increased the frequency of their attacks.. Additionally, the total confirmed amount of funds stolen by Silence has increased fivefold since the publication of Group-IBs original report, and is now estimated at USD 4.2 million. . full report


Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks

www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.. Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.. MSPs are a convenient solution for entities that cannot manage the IT infrastructure themselves. This would not be unusual with smaller local governments that may lack qualified staff for this type of task.

Cybersecurity: This trojan malware being offered for free could cause hacking spike

www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/ NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.. A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

Adult Content Site Exposed Personal Data of 1M Users

threatpost.com/adult-content-site-exposed-personal-data-of-1m-users/147572/ The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database.

Cisco Patches Six Critical Bugs in UCS Gear and Switches

threatpost.com/cisco-patches-six-critical-bugs/147585/ Six bugs found in Ciscos Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.

Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program

www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/ A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

Google, Mozilla, Apple Block Kazakhstan’s Root CA Certificate to Prevent Spying

thehackernews.com/2019/08/kazakhstan-root-certificate.html In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan’s government-issued root CA certificate within their respective web browsing software.

PokerTracker.com Hacked to Inject Payment Card Stealing Script

www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/ A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers.

Fortnite Ransomware Masquerades as an Aimbot Game Hack

threatpost.com/fortnite-ransomware-masquerades-as-an-aimbot-game-hack/147549/ Attackers are taking aim at Fortnites global community of 250 million gamers.

Phishing Attacks Scrape Branded Microsoft 365 Login Pages

www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/ An unusual new phishing campaign is probing email inboxes via attacks using the targets’ company-branded Microsoft 365 tenant login pages to add more legitimacy to the scam.

Forced Password Reset? Check Your Assumptions

krebsonsecurity.com/2019/08/forced-password-reset-check-your-assumptions/ Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the sites efforts to identify customers who are reusing passwords from other sites that have already been hacked.

Securing the Industrial Internet of Things in the Utilities Sector


A look at the Windows 10 exploit Google Zero disclosed this week

arstechnica.com/information-technology/2019/08/a-look-at-the-windows-10-exploit-google-zero-disclosed-this-week/ This privilege escalation vulnerability has lurked within Windows for 20 years.

BEC scams generate $301 million a month

www.pandasecurity.com/mediacenter/security/bec-million-dollar-scam/ According to the Financial Crimes Enforcement Network (FinCEN), this cybercrime, along with the amount of money that it generates, increases every year. In fact, in its latest report, it reveals that, last year, the amount of money generated by this scam reached $301 million a month, or $3.6 billion per year.

KAPE: Kroll Artifact Parser and Extractor


You might be interested in …

[NCSC-FI News] Tractor giant AGCO hit by ransomware, halts production and sends home staff

A ransomware attack which hit agricultural equipment manufacturer AGCO has caused it to shut down some of its manufacturing facilities and send staff home The firm acknowledged last week that its systems had been hit by ransomware, and that some of its production facilities had been impacted Employees at its plant in Marktoberforf, Germany, were […]

Read More

Daily NCSC-FI news followup 2021-04-17

Major BGP leak disrupts thousands of networks globally www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources. […]

Read More

Daily NCSC-FI news followup 2021-06-14

Ransomware is the biggest threat, says GCHQ cybersecurity chief www.tripwire.com/state-of-security/security-data-protection/ransomware-biggest-threat-says-gchq-cybersecurity-chief/ The head of the UKs National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.