Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks

threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also:

www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and

Microsoft Phishing Attack Uses Google Redirects to Evade Detection

www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs.. The phishers behind these attacks use URL Encoding (also known as Percent Encoding), a technique that makes it possible to convert ASCII characters in URLs with % signs followed by two hexadecimal digits.. This allows the threat actors to hide the phishing page URL from secure email gateways (SEGs) that scan emails for malicious links and content to block potentially dangerous messages.. As researchers at the Cofense Phishing Defense Center who discovered this phishing campaign point out in their write-up, “The easiest way to trick a secure email gateway (SEG) is hiding the true destination of the payload.”

Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt

www.bleepingcomputer.com/news/security/ransomware-decryptors-released-for-yatron-wannacryfake-and-fortunecrypt/ Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections.. While none of these ransomware variants have seen much activity in the wild, even if one user can get their files back for free, it is a win.

vBulletin Security Patch Released. Versions 5.5.2, 5.5.3, and 5.5.4

forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4422707-vbulletin-security-patch-released-versions-5-5-2-5-5-3-and-5-5-4 A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.

IST Cybersecurity Practice Guide, SP 1800-23, Energy Sector Asset Management,

www.nccoe.nist.gov/projects/use-cases/energy-sector/asset-management The NCCoE released a draft of the NIST Cybersecurity Practice Guide, SP 1800-23, Energy Sector Asset Management, on September 23, 2019, and is requesting your feedback. Public comments on the draft will close on November 25, 2019.. The National Cybersecurity Center of Excellence (NCCoE) at NIST has published a draft practice guide to enhance the energy sectors asset management capabilities for operational technology (OT). This project includes a reference design and uses commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

Näppärä someviesti vie tietojasi myös muille tarkista käyttöehdot ja suojaa käyttäjätilisi

www.verke.org/blog/nappara-someviesti-vie-tietojasi-myos-muille-tarkista-kayttoehdot-ja-suojaa-kayttajatilisi/ Sosiaalisen median palveluihin ja esimerkiksi sähköpostitilille antamiesi tietojen kohtaloa voit selvittää käyttöehdoista. Varaudu yllätyksiin, sillä meidän tietomme ovat palvelujen omistajille arvotavaraa. Muistathan myös suojata käyttäjätilisi.

Every Part of the Supply Chain Can Be Attacked

www.nytimes.com/2019/09/25/opinion/huawei-internet-security.html The United States governments continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and its impossible to verify that theyre trustworthy. Solving this problem which is increasingly a national security issue will require us to both make major policy changes and invent new technologies.. The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government. The government could require Huawei to install back doors into the 5G routers it sells abroad, allowing the government to eavesdrop on communications or even worse take control of the routers during wartime. Since the United States will rely on those routers for all of its communications, we become vulnerable by

Ransomware attack affects 1,500 health system computers, disrupts services

www.mcknightsseniorliving.com/home/news/ransomware-attack-affects-1500-health-system-computers-disrupts-services/ A ransomware attack at a Wyoming health system that includes a long-term care facility has affected all 1,500 computers, disrupted service provision and forced the use of paper charts instead of electronic health records. And one official says such incidents are increasing across the country.. The attack at Gillette, WY-based Campbell County Health which includes The Legacy Living and Rehabilitation Center, with a secure memory care wing, as well as a hospital, medical group with almost 20 clinics, and a surgery center occurred around 3:30 a.m. Friday, according to system officials.

A botnet has been detected utilizing the recently disclosed vBulletin exploit to secure vulnerable servers so that they cannot be used by other attackers. This allows the botnet to grow their army of compromised servers without fear that other attackers will utilize the same server

www.bleepingcomputer.com/news/security/botnet-uses-recent-vbulletin-exploit-to-block-other-hackers/ On Monday, a zero-day remote code execution vulnerability and exploit for the vBulletin forum software was publicly released. This quickly led to attackers using the exploit to hack into vulnerable vBulletin servers. BleepingComputer has learned from Troy Mursch of Bad Packets Report that a botnet is using this vBulletin exploit to block other attackers from also using it. It does this by hacking into a vulnerable server with the exploit and then using it to modify the vulnerable source code file so that it requires a password to execute commands.

On Chinese “Spy Trains”

www.schneier.com/blog/archives/2019/09/on_chinese_spy_.html The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world’s largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries. But another part involves fears about national security. News articles talk about “spy trains,” and the possibility that the train cars might surreptitiously monitor their passengers’ faces, movements, conversations or phone calls.

How to Optimize Security Awareness Training for Different Groups

securityintelligence.com/articles/how-to-optimize-security-awareness-training-for-different-groups/ Security awareness training is not a one-size-fits-all solution. While some organizations tailor their training to different departments or seniority levels, its not a common practice to adjust based on age group, for example. Since distinct age groups each learn in their own way, however, perhaps the enterprise should take these demographics into account. When I used to create and administer security awareness training, there were many employees who needed to be put through classes. The thought of breaking them up by demographic was unfathomable. When I think back, however, it probably would have been more effective to optimize the training to different groups.

Kyberharjoittelun aika? Hyvään alkuun pääset uuden harjoitusoppaamme avulla

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoittelun-aika-hyvaan-alkuun-paaset-uuden-harjoitusoppaamme-avulla _Harjoitteleeko organisaatiosi kyberkriisien varalta? Uuden harjoitusohjeemme avulla saatte eväitä harjoitustoimintanne kehittämiseen. Kyberharjoittelu on mainio tapa arvioida toimintatapoja, parantaa kriisinsietokykyä ja nopeuttaa toipumista kyberhäiriöistä. Kyberturvallisuuskeskus on julkaissut käytännönläheisen oppaan kyberharjoitusten järjestämisestä, jossa opit on koottu yksiin kansiin. Harjoitusohje soveltuu niin ensimmäistä harjoitustaan järjestävälle organisaatiolle kuin kokeneellekin harjoituskonkarille uusien menetelmien ja näkökulmien etsimiseen. Se on kirjoitettu ensisijaisesti käytännön ohjeeksi heille, joille kyberharjoituksen järjestäminen on ajankohtaista.

 Outlook on the Web to Block File Extensions for PowerShell, Python, and More

www.bleepingcomputer.com/news/microsoft/outlook-on-the-web-to-block-file-extensions-for-powershell-python-and-more/ Microsoft will soon be blocking an additional 38 file extension from being downloaded as attachments in Outlook on the Web in order to protect users from malicious files. These additional extensions includes files used by Java, PowerShell, Python, and various vulnerabilities. Users of Outlook on the Web are blocked from downloading attachments if they have certain extensions in order to protect them from malicious scripts and executables.. Read also:

www.zdnet.com/article/microsoft-bans-38-file-extensions-in-outlook-for-the-web/ and thehackernews.com/2019/09/email-attachment-malware.html

 Hackers tried to steal Airbus secrets via contractors: AFP

www.reuters.com/article/us-airbus-cyberattack-report/hackers-tried-to-steal-airbus-secrets-via-contractors-report-idUSKBN1WB0U9 PARIS (Reuters) – A series of cyber attacks on Airbus (AIR.PA) in the past few months were conducted via the computer systems of its suppliers and contractors and security sources suspect a link to China, AFP news agency reported on Thursday. Airbus, the worlds second-largest aerospace group, did not immediately respond to a request for comment on the report. China has repeatedly denied involvement in hacking and neither the foreign ministry nor Chinas official cyber regulator responded to requests for comment on the report. Airbus said last January that a cyber attack on its systems had resulted in a data breach. Last year U.S. prosecutors said Chinese intelligence officers and hackers stole information about a jet engine being developed by firms who supply Airbus as well as its U.S. rival Boeing (BA.N).

Liikenne- ja viestintävirasto Traficom järjestää maailman ensimmäisen 5G:n kyberturvallisuutta koskevan hackathonin Oulussa 29.11.-1.12.2019

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/liikenne-ja-viestintavirasto-traficom-jarjestaa-maailman-ensimmaisen-5gn Kyberturvallisuuden huippuasiantuntijat ympäri maailmaa valtaavat Oulun 29.11.-1.12.2019. EU-puheenjohtajamaana toimiva Suomi saa kunnian toimia maailman ensimmäisen 5G:n kyberturvallisuutta luotaavan hackathonin isäntänä. 5G Cyber Security Hackathonin näyttämönä toimii Oulun yliopiston Tellus Innovation Arena.

Cisco Releases Security Advisories

www.us-cert.gov/ncas/current-activity/2019/09/26/cisco-releases-security-advisories Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.. See also: tools.cisco.com/security/center/publicationListing.x

New York sues Dunkin Donuts over hack affecting thousands of people

www.cnet.com/news/new-york-sues-dunkin-donuts-over-hack-affecting-thousands-of-people/ New York is suing Dunkin’ Donuts over its failure to disclose a data breach in 2015 affecting nearly 20,000 people who had signed up for the company’s loyalty program. The lawsuit alleges Dunkin’ Donuts failed to protect its customers (PDF), and knew about the cyberattacks for years before warning the public.

5G and IoT: How to Approach the Security Implications

threatpost.com/5g-and-iot-how-to-approach-the-security-implications/148681/ When it comes to the next generation of mobile networks, 5G promises a more Internet of Things-friendly ecosystem with vast improvements over the current capabilities of 4G however, its intersection with IoT will also raise the stakes on cybersecurity.

Microsoft Spots Nodersok Malware Campaign That Zombifies PCs

www.bleepingcomputer.com/news/security/microsoft-spots-nodersok-malware-campaign-that-zombifies-pcs/ A new fileless malicious campaign, dubbed Nodersok by Microsoft Defender ATP Research Team researchers who discovered it, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies. Unlike other fileless malware attacks that only use living-off-the-land binaries (LOLBins) present on the devices they compromise, the attackers behind Nodersok have been observed while also delivering the legitimate Node.exe Node.js framework and the Windows Packet Divert (WinDivert) network packet capture tool to devices they target. The campaign attacked thousands of machines within several weeks, with a focus on home users from U.S. and Europe, with roughly 3% of all attacks also targeting organization from industry sectors such as education, business and professional services, healthcare, finance, and retail.

REvil (Sodinokibi) Ransomware Targets Chinese Users with DHL Spam

www.bleepingcomputer.com/news/security/revil-sodinokibi-ransomware-targets-chinese-users-with-dhl-spam/ A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware.. This spam campaign was discovered by security researcher onion and pretends to be an email from DHL stating that the delivery of a package has been delayed due to an incorrect customs declaration.. It then proceeds to inform the recipient that they must download the enclosed “Customs documents”, fill them out correctly, and send it back in order for the package to be properly delivered.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.