Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Kybertoimintaympäristö haastaa meidät yhteistyöhön

turvallisuuskomitea.fi/kybertoimintaymparisto-haastaa-meidat-yhteistyohon/ Kybertoimintaympäristön merkitys kasvaa turvallisuus- ja puolustuspolitiikassa. Kyberoperaatiot luovat työkalun, jolla voidaan painostaa kaikkina aikoina ja eri tasoilla. Kiinnijäämisen riskin ollessa pieni, operaatioiden toteutus voi vaikuttaa houkuttelevalta. Päätös operaation toteuttamisesta on helppo tehdä, jolloin operaatioiden määrä saattaa tulevaisuudessa kasvaa. Myös ei-valtiolliset toimijat lisäävät kyberulottuvuuden kompleksi

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS

blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Members of Akamai’s Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks.. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained first-hand knowledge into the inner workings of a WSD attack after one of our customers came under fire. The attack, which targeted the gaming industry, weighed in at 35/Gbps at peak bandwidth.

Nemty Ransomware 1.0: A Threat in its Early Stage

www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before the threat actors announced retirement. It is also interesting to see that the Nemty ransomware is being distributed using the s

Remote access flaws found in popular routers, NAS devices

www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/ Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

You might be interested in …

Daily NCSC-FI news followup 2020-02-12

Valentines & Chocolate Dont Always Equal Love blog.checkpoint.com/2020/02/12/valentines-chocolate-dont-always-equal-love/ With Valentines Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones. Meanwhile cyber criminals around the world also seem to be caught up in the spirit of this unique day. Over the past 2 years, Check Point […]

Read More

Daily NCSC-FI news followup 2019-10-03

Casbaneiro: Dangerous cooking with a secret ingredient www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/ Casbaneiro, also known as Metamorfo, is a typical Latin American banking trojan that targets banks and cryptocurrency services in Brazil and Mexico (Figure 1). It uses the social engineering method described in the introduction to our previous article, where fake pop-up windows are displayed. Just a GIF […]

Read More

Daily NCSC-FI news followup 2020-05-25

Don’t Be Fooled by Covid-19 Contact-Tracing Scams www.wired.com/story/covid-19-contact-tracing-scams/ Fraudsters have found yet another way to take advantage of the pandemic. Fresh UK review into Huawei role in 5G networks www.bbc.com/news/business-52792587 The UK government is conducting a new review into the impact of allowing Huawei telecoms equipment to be used in British 5G networks. The National […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.