Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot

www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of August 21st, which is the same day we discovered the malspam campaign.

PsiXBot Modular Malware Gets New Sextortion, Google DoH Upgrades

www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/ Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Googles DNS over HTTPS (DoH) service to get command and control (C2) IP addresses.

Secret Service Investigates Breach at U.S. Govt IT Contractor

krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/ The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Purple Fox Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group

www.welivesecurity.com/2019/09/09/backdoor-stealth-falcon-group/ ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. Amnesty Internationals Senior Technologist, Claudio Guarnieri, has concluded that Stealth Falcon and Project Raven actually are the same group.. Also:

threatpost.com/stealth-falcon-middle-east-windows-bits/148136/. Stealth Falcon Targets Middle East with Windows BITS Feature

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

www.forbes.com/sites/zakdoffman/2019/09/05/secret-chinese-hacking-group-set-traps-to-steal-nsa-cyberattack-tools-new-report/

North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variantsreferred to as ELECTRICFISH and BADCALLused by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

MAR-10135536-10 North Korean Trojan: BADCALL

www.us-cert.gov/ncas/analysis-reports/ar19-252a

MAR-10135536-21 North Korean Proxy Malware: ELECTRICFISH

www.us-cert.gov/ncas/analysis-reports/ar19-252b

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

threatpost.com/million-iot-radios-hijack-telnet-backdoor/148123/

You might be interested in …

Daily NCSC-FI news followup 2021-08-22

Applen tietoja vuotanut työntekijä tuli katumapäälle Paljasti yhteisönsä jäseniä, jäi ilman minkäänlaista korvausta www.kauppalehti.fi/uutiset/applen-tietoja-vuotanut-tyontekija-tuli-katumapaalle-paljasti-yhteisonsa-jasenia-jai-ilman-minkaanlaista-korvausta/8cea66c6-e206-47b6-acb3-879f856c7445 Tiedot uusista, vielä julkaisemattomista Apple-tuotteista ovat kuumaa kamaa internetissä, koska laitteet ovat niin suosittuja ympäri maailman. Siksi niistä myös maksetaan, ja moni pyrkii saamaan haltuunsa salaisia tietoja. Tietovuotajien toiminta kiinnostaa luonnollisesti myös Applea. Motherboard on julkaissut artikkelin Apple-vuotajana pitkään toimineesta Andrej […]

Read More

Daily NCSC-FI news followup 2021-10-06

Actively exploited Apache 0-day also allows remote code execution www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/ Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. Attackers can […]

Read More

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.