Daily NCSC-FI news followup 2019-08-30

Phishers are Angling for Your Cloud Providers

krebsonsecurity.com/2019/08/phishers-are-angling-for-your-cloud-providers/ Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the clients brand and their customers. Heres a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Cibes Lift and cybersecurity in the manufacturing industry

www.pandasecurity.com/mediacenter/case-study/cibes-lift/ Before 2017, cybersecurity wasnt a major concern for the CEOs of companies in the manufacturing industry. They assumed that it was something that only affected financial organizations and other industries that managed large quantities of data. However, when the WannaCry and NotPetya attacks hit, affecting many manufacturing companies, this changed.

Attacking the Intel Secure Enclave

www.schneier.com/blog/archives/2019/08/attacking_the_i.html Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that’s not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn’t imagine that they would be necessary. The results are predictable.

Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years

www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years In what may be one of the largest attacks against iPhone users ever, researchers at Google say they uncovered a series of hacked websites that were delivering attacks designed to hack iPhones. The websites delivered their malware indiscriminately, were visited thousands of times a week, and were operational for years, Google said.. Also:


What Is Conditional Access, and Why Does It Matter to You?

securityintelligence.com/posts/what-is-conditional-access-and-why-does-it-matter-to-you/ Implementing conditional access procedures is a crucial part of a zero-trust strategy. But its fair to ask yourself, isnt access always conditional? Isnt access to systems and data always granted on the condition that, at a minimum, users enter a username and password?. True enough. But the term conditional access refers to a specific approach to managing network security. Lets talk about what it means and why its important.

Definitive Dossier of Devilish Debug Details Part One: PDB Paths and Malware

www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html Have you ever wondered what goes through the mind of a malware author? How they build their tools? How they organize their development projects? What kind of computers and software they use? We took a stab and answering some of those questions by exploring malware debug information.

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/ Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the scripting capabilities of build steps. As of writing, there are over 1,600 community-contributed plugins in Jenkins Plugins Index. Some of these plugins store unencrypted plain text credentials. In case of a data breach, these can be accessed by cybercriminals without the organizations knowledge.

Scalable infrastructure for investigations and incident response

msrc-blog.microsoft.com/2019/08/30/scalable-infrastructure-for-investigations-and-incident-response/ Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using Azure functionality. The PowerShell files referred to in this blog are available in the Scalable Infrastructure for Investigation and Incident Response GitHub repo, including a readme.md containing a step-by-step on how to set up the environment.

Foxit PDF Software Company Suffers Data BreachAsks Users to Reset Password

thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html If you have an online account with Foxit Software, you need to reset your account password immediatelyas an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of ‘My Account’ service users.

TGI Fridays Delivers Customer Indigestion Over Data Exposure

threatpost.com/tgi-fridays-data-exposure/147849/ TGI Fridays Australia restaurant chain warns loyalty reward program member of exposed data incident. Customers of TGI Fridays Australia were strongly recommended to change their MyFridays membership rewards program passwords. According to an email sent to customers this week, the company had inadvertently left sensitive loyalty program data exposed on the internet.. News of the leaky server spread via social media, but on Thursday TGI Fridays Australia confirmed to Threatpost that there was a potential leak of data.

Some of Russia’s surveillance tech leaked data for more than a year

www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/ Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data. A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet. The leaky equipment were SORM devices. These are hardware wiretaps that all Russian internet service providers and mobile telecoms must install in their data centers to comply with local legislation.

Vastenmielinen huijausilmiö rantautui Suomeen yksinkertainen tapa suojautua

www.is.fi/digitoday/art-2000006220686.html Myös suomalaisten rahoja yritetään tavoitella puhelimeen kalenteriin lähetettävillä huijauksilla. Kalenterispämmi-ilmiö on levinnyt Suomeen asti. IS:n toimitukseen yhteyttä ottaneet lukijat kertovat saaneensa puhelimensa kalenteriin mainoksia, jotka näkyvät kalenteritapahtumina.

Verkossa liikkuu uhkaavia kiristys­viestejä rahaa yritetään saada tappouhkauksilla

www.is.fi/digitoday/art-2000006221243.html Poliisille rikosilmoituksia on kirjattu tämän vuoden aikana kymmenkunta. Liikkeellä on sähköpostiviestejä, joissa yritetään kiristää rahaa tappouhkauksin. Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen tietoon on tullut kiristysviestejä, joissa vastaanottajalta vaaditaan 10000 dollaria hengen säilyttämiseksi. Tietoturva-asiantuntija Ville Kontinen Kyberturvallisuuskeskuksesta kertoo, että heidän tietoonsa on tullut kourallinen tappouhkauksia sisältäviä kiristysviestejä. Viestejä on tullut Kontisen mukaan sähköpostitse organisaatioille.

A Look Inside the Highly Profitable Sodinokibi Ransomware Business

www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/ Relatively new on the ransomware scene, Sodinokibi has already made impressive profits for its administrators and affiliates, some victims paying as much as $240,000, while a network infection netted $150,000 on average. These figures are not surprising when you look at the malware’s recent activity. On August 16, Sodinokibi hit 22 local administrations in Texas and demanded a collective ransom of $2.5 million. It compromised multiple MSPs (managed service providers) spreading the malware to their customers.

Despite billions in spending, your ‘military grade’ network will still be leaking data

www.theregister.co.uk/2019/08/30/human_error_data_leak/ Despite years of corporate awareness training, warning articles in The Reg and regular bollockings by frustrated IT admins, human error is still behind most personal data leaks, a newly released study says. Security shop Egress studied 4,856 personal data breach reports collected from the UK Information Commissioner’s Office, and found that in 60 per cent of the incidents, someone within the affected biz was at fault.

New Forensic Investigation Procedures for First Responder Guides

blogs.cisco.com/security/new-forensic-investigation-procedures-for-first-responder-guides Cisco is pleased to announce a new series of Forensic Investigation Procedures for First Responders guides that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised. These guides provide step-by-step instructions for collecting information that first responders can use for forensic analysis for several different platforms, including devices that run Cisco IOS and IOS XE Software, and devices that run Cisco ASA or Firepower Threat Defense (FTD) Software.

You might be interested in …

Daily NCSC-FI news followup 2021-09-27

AWS EC2 North Virginia outage makes the net blippy www.zdnet.com/article/aws-ec2-north-virginia-outage-makes-the-net-blippy/ Signal falls over while Xero and Nest got a bit iffy when the main AWS EC2 region had degraded performance. FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/ NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing […]

Read More

Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also: www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and Microsoft Phishing Attack Uses Google Redirects to Evade Detection www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign […]

Read More

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.