Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour

www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB experts discovered that Silence have significantly expanded their geography and increased the frequency of their attacks.. Additionally, the total confirmed amount of funds stolen by Silence has increased fivefold since the publication of Group-IBs original report, and is now estimated at USD 4.2 million. . full report


Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks

www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/ The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.. Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.. MSPs are a convenient solution for entities that cannot manage the IT infrastructure themselves. This would not be unusual with smaller local governments that may lack qualified staff for this type of task.

Cybersecurity: This trojan malware being offered for free could cause hacking spike

www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/ NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users.. A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

Adult Content Site Exposed Personal Data of 1M Users

threatpost.com/adult-content-site-exposed-personal-data-of-1m-users/147572/ The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database.

Cisco Patches Six Critical Bugs in UCS Gear and Switches

threatpost.com/cisco-patches-six-critical-bugs/147585/ Six bugs found in Ciscos Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.

Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program

www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/ A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

Google, Mozilla, Apple Block Kazakhstan’s Root CA Certificate to Prevent Spying

thehackernews.com/2019/08/kazakhstan-root-certificate.html In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan’s government-issued root CA certificate within their respective web browsing software.

PokerTracker.com Hacked to Inject Payment Card Stealing Script

www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/ A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers.

Fortnite Ransomware Masquerades as an Aimbot Game Hack

threatpost.com/fortnite-ransomware-masquerades-as-an-aimbot-game-hack/147549/ Attackers are taking aim at Fortnites global community of 250 million gamers.

Phishing Attacks Scrape Branded Microsoft 365 Login Pages

www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/ An unusual new phishing campaign is probing email inboxes via attacks using the targets’ company-branded Microsoft 365 tenant login pages to add more legitimacy to the scam.

Forced Password Reset? Check Your Assumptions

krebsonsecurity.com/2019/08/forced-password-reset-check-your-assumptions/ Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the sites efforts to identify customers who are reusing passwords from other sites that have already been hacked.

Securing the Industrial Internet of Things in the Utilities Sector


A look at the Windows 10 exploit Google Zero disclosed this week

arstechnica.com/information-technology/2019/08/a-look-at-the-windows-10-exploit-google-zero-disclosed-this-week/ This privilege escalation vulnerability has lurked within Windows for 20 years.

BEC scams generate $301 million a month

www.pandasecurity.com/mediacenter/security/bec-million-dollar-scam/ According to the Financial Crimes Enforcement Network (FinCEN), this cybercrime, along with the amount of money that it generates, increases every year. In fact, in its latest report, it reveals that, last year, the amount of money generated by this scam reached $301 million a month, or $3.6 billion per year.

KAPE: Kroll Artifact Parser and Extractor


You might be interested in …

Daily NCSC-FI news followup 2019-08-26

Poliisi varoittaa ihmisiä yhä yleisemmiksi käyvistä verkkorikoksista. Esimerkiksi niin sanottuja pomohuijauksia yritetään yllättäviinkin kohteisiin. www.tivi.fi/uutiset/tv/dd810717-424e-4651-b482-e5c5014dcdd5 Tänä vuonna on tehty jo 196 rikosilmoitusta epäillystä toimitusjohtajapetoksesta ja poliisin arvion mukaan yritykset ja muut rikosten kohteeksi joutuneet toimijat ovat menettäneet rikosten takia rahaa arviolta 4,2 miljoonaa euroa. Valtio aikoo fuusioida edellisen hallituksen sote- ja maakuntayhdistyksen yhteydessä perustamat it-yhtiöt […]

Read More

Daily NCSC-FI news followup 2020-10-21

Useat tahot tutkivat psykoterapiakeskus Vastaamon tietomurtoa ja kiristystä Kyberturvallisuuskeskus pitää tapausta poikkeuksellisena yle.fi/uutiset/3-11605223 Psykoterapiakeskus Vastaamoon on tehty tietomurto. Yritys kertoo tiedotteessaan, että ulkopuolinen henkilö on ollut heihin yhteydessä ja kertonut saaneensa asiakkaiden luottamuksellisia tietoja.. Tiedoista on myös yritetty kiristää rahaa.. katso myös www.is.fi/digitoday/tietoturva/art-2000006677282.html Kelan nimissä kalastellaan verkkopankkitunnuksia ja luottokorttitietoja yle.fi/uutiset/3-11606389 Kelan nimissä lähetetyissä huijausviesteissä väitetään, […]

Read More

Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.