Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour

www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB experts discovered that Silence have significantly expanded their geography and increased the frequency of their attacks.. Additionally, the total confirmed amount of funds stolen by Silence has increased fivefold since the publication of Group-IBs original report, and is now estimated at USD 4.2 million. . full report


Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks

www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.. Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.. MSPs are a convenient solution for entities that cannot manage the IT infrastructure themselves. This would not be unusual with smaller local governments that may lack qualified staff for this type of task.

Cybersecurity: This trojan malware being offered for free could cause hacking spike

www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/ NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.. A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

Adult Content Site Exposed Personal Data of 1M Users

threatpost.com/adult-content-site-exposed-personal-data-of-1m-users/147572/ The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database.

Cisco Patches Six Critical Bugs in UCS Gear and Switches

threatpost.com/cisco-patches-six-critical-bugs/147585/ Six bugs found in Ciscos Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.

Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program

www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/ A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

Google, Mozilla, Apple Block Kazakhstan’s Root CA Certificate to Prevent Spying

thehackernews.com/2019/08/kazakhstan-root-certificate.html In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan’s government-issued root CA certificate within their respective web browsing software.

PokerTracker.com Hacked to Inject Payment Card Stealing Script

www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/ A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers.

Fortnite Ransomware Masquerades as an Aimbot Game Hack

threatpost.com/fortnite-ransomware-masquerades-as-an-aimbot-game-hack/147549/ Attackers are taking aim at Fortnites global community of 250 million gamers.

Phishing Attacks Scrape Branded Microsoft 365 Login Pages

www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/ An unusual new phishing campaign is probing email inboxes via attacks using the targets’ company-branded Microsoft 365 tenant login pages to add more legitimacy to the scam.

Forced Password Reset? Check Your Assumptions

krebsonsecurity.com/2019/08/forced-password-reset-check-your-assumptions/ Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the sites efforts to identify customers who are reusing passwords from other sites that have already been hacked.

Securing the Industrial Internet of Things in the Utilities Sector


A look at the Windows 10 exploit Google Zero disclosed this week

arstechnica.com/information-technology/2019/08/a-look-at-the-windows-10-exploit-google-zero-disclosed-this-week/ This privilege escalation vulnerability has lurked within Windows for 20 years.

BEC scams generate $301 million a month

www.pandasecurity.com/mediacenter/security/bec-million-dollar-scam/ According to the Financial Crimes Enforcement Network (FinCEN), this cybercrime, along with the amount of money that it generates, increases every year. In fact, in its latest report, it reveals that, last year, the amount of money generated by this scam reached $301 million a month, or $3.6 billion per year.

KAPE: Kroll Artifact Parser and Extractor


You might be interested in …

Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also: www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/, www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack Microsoft details the most clever phishing techniques it saw in 2019 www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this […]

Read More

Daily NCSC-FI news followup 2019-11-24

CNAME Cloaking, the dangerous disguise of third-party trackers medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a What has started to happen in the last few months in the world of third-party tracking is having a major impact on peoples privacy, and it all stayed pretty much under the radar. How to Avoid Black Friday Scams Online www.wired.com/story/how-to-avoid-black-friday-scams-online/ Black Friday attracts crowds, and […]

Read More

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.