Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Kybertoimintaympäristö haastaa meidät yhteistyöhön

turvallisuuskomitea.fi/kybertoimintaymparisto-haastaa-meidat-yhteistyohon/ Kybertoimintaympäristön merkitys kasvaa turvallisuus- ja puolustuspolitiikassa. Kyberoperaatiot luovat työkalun, jolla voidaan painostaa kaikkina aikoina ja eri tasoilla. Kiinnijäämisen riskin ollessa pieni, operaatioiden toteutus voi vaikuttaa houkuttelevalta. Päätös operaation toteuttamisesta on helppo tehdä, jolloin operaatioiden määrä saattaa tulevaisuudessa kasvaa. Myös ei-valtiolliset toimijat lisäävät kyberulottuvuuden kompleksi

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS

blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Members of Akamai’s Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks.. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained first-hand knowledge into the inner workings of a WSD attack after one of our customers came under fire. The attack, which targeted the gaming industry, weighed in at 35/Gbps at peak bandwidth.

Nemty Ransomware 1.0: A Threat in its Early Stage

www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before the threat actors announced retirement. It is also interesting to see that the Nemty ransomware is being distributed using the s

Remote access flaws found in popular routers, NAS devices

www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/ Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

You might be interested in …

Daily NCSC-FI news followup 2020-06-23

Introducing the TypeRefHash (TRH) www.gdatasoftware.com/blog/2020/06/36164-introducing-the-typerefhash-trh We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware families. Zoom 5 moves toward security www.kaspersky.com/blog/zoom-5-security/36001/ Zoom developers have made their service more secure. We review whats […]

Read More

Daily NCSC-FI news followup 2019-09-14

Using Docker to Do Machine Learning at Scale www.crowdstrike.com/blog/using-docker-to-do-machine-learning-at-scale/ One key building block we use for scaling our machine learning models at CrowdStrike® is Docker containers. Docker containers let us construct application environments with all the dependencies, tools and security our teams need in an easy to maintain pipeline. This ensures that everyone on the […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.