Daily NCSC-FI news followup 2019-10-01

Yritysten kybervarautumisen tilanne ei juurikaan ole muuttunut uhat ovat yleistyneet

www.kauppakamarilehti.fi/index.php/ajankohtaista/yritysten-kybervarautumisen-tilanne-ei-juurikaan-ole-muuttunut-uhat-ovat-yleistyneet/ Selvitys tehtiin syksyllä 2019 yhteistyössä CyVantage LLC:n kanssa. Yrityksiin kohdistuvat kyberuhat 2019 -selvitys osoittaa että niin yritysten kuin viranomaisten toiminnassa torjua kyberuhkia on paljon kehitettävää. Selvitys on kolmas, mikä aiheesta on tehty.

Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs

www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/ Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum. “Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public,”

Centralised DoH is bad for privacy, in 2019 and beyond

blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/ In this post I argue that in September 2019, centralised DoH by default is a net-negative for privacy for everyone and that even in later years it will not improve privacy outside of the most privacy hostile environments where no one should rely on partial measures like DoH to stay secure.

Simjacker: SIM-based phone hacking

www.kaspersky.com/blog/simjacker-sim-espionage/28832/ Recently, experts at AdaptiveMobile Security discovered a method of attack on mobile phones that can be carried out using a normal computer and a dirt-cheap USB modem.

Head Fake: Tackling Disruptive Ransomware Attacks

www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html Within the past several months, FireEye has observed financially-motivated threat actors employ tactics that focus on disrupting business processes by deploying ransomware in mass throughout a victims environment. In this post, well provide a technical examination of one recent campaign that stems back to a technique that we initially reported on in April 2018.

The dark web’s latest offering: Disinformation as a service

www.zdnet.com/article/the-dark-webs-latest-offering-disinformation-as-a-service/#ftag=RSSbaffb68 Cyber criminals are following in the footsteps of nation states by offering disinformation services but rather than attempting to influence elections or political discourse, these influence campaigns are being advertised to the private sector.

Some Victorian hospitals are offline after ransomware hit

www.zdnet.com/article/some-victorian-hospitals-are-offline-after-ransomware-hit/ A number of Victorian hospitals have disconnected themselves from the internet in an attempt to quarantine a ransomware infection. The Victorian government is working with the health services, police, and Australian Cyber Security Centre to fix the incident.

Ransomware incident to cost Danish company a whopping $95 million

www.zdnet.com/article/ransomware-incident-to-cost-danish-company-a-whopping-95-million/ Demant, one of the world’s largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month.

Under-Detected ODT Files Deliver Common Remote Access Trojans

www.bleepingcomputer.com/news/security/under-detected-odt-files-deliver-common-remote-access-trojans/ Security researchers noticed multiple cybercriminal operations using OpenDocument Text (ODT) files to distribute malware that is typically blocked by antivirus engines. The campaigns target English and Arabic-speaking users.

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

krebsonsecurity.com/2019/10/mariposa-botnet-author-darkcode-crime-forum-admin-arrested-in-germany/ A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, whove recently re-indicted him on related charges.

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/ We found a new modular fileless botnet malware, which we named Novter, (also reported and known as Nodersok and Divergent) that the KovCoreG campaign has been distributing since March. Weve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated.

Fake Office Activation Wizard Docs Used to Spread Emotet Trojan

www.bleepingcomputer.com/news/security/fake-office-activation-wizard-docs-used-to-spread-emotet-trojan/ The Emotet botnet has switched to a new template used by malicious attachments that pretend to be a Microsoft Office Activation Wizard. When conducting spam campaigns, the actors behind Emotet will use malicious Word document templates that are designed to trick recipients into enabling macros in the document.

You might be interested in …

Daily NCSC-FI news followup 2021-06-27

Builder for Babuk Locker ransomware leaked online therecord.media/builder-for-babuk-locker-ransomware-leaked-online/ The builder for the Babuk Locker ransomware was leaked online this week, allowing easy access to an advanced ransomware strain to any would-be criminal group looking to get into the ransomware scene with little to no development effort Google announces unified vulnerability schema to strengthen open-source security […]

Read More

Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an […]

Read More

Daily NCSC-FI news followup 2020-10-05

Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/ Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation Digipoolin teettämä kartoitus MosaicRegressor: Lurking in the Shadows of UEFI securelist.com/mosaicregressor/98849/ UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.