Daily NCSC-FI news followup 2019-10-08

CISO series: Lessons learned from the Microsoft SOCPart 3a: Choosing SOC tools

www.microsoft.com/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/ Over the course of the series, weve discussed how we operate our SOC at Microsoft. In the last two posts, Part 2a, Organizing people, and Part 2b: Career paths and readiness, we discussed how to support our most valuable resourcespeoplebased on successful job performance.. As part of Cybersecurity Awareness month, todays installment focuses on the technology that enables our people to accomplish their mission by sharing our current approach to technology, how our tooling evolved over time, and what we learned along the way. We hope you can use what we learned to improve your own security operations.

FBI warns of major ransomware attacks as criminals go big-game hunting

arstechnica.com/information-technology/2019/10/fbi-warns-of-major-ransomware-attacks-as-criminals-go-big-game-hunting/ The FBI has issued a public service announcement entitled “High Impact Ransomware Attacks Threaten US Businesses and Organizations.” While the announcement doesn’t provide any details of specific attacks, the Bureau warns in the announcement:. “Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 [the Internet Crime Complaint Center] and FBI case information.”

Nettipetosten määrä räjähti tällainen on suomalainen verkkokonna

www.is.fi/digitoday/tietoturva/art-2000006265453.html Poliisi kertoi maanantaina tuoreita lukuja Suomen tietoverkkorikollisuudesta ja valotti samalla tavallisen kotimaisen kyberkonnan olemusta.. Poliisin rekisteröimien tietojen perusteella suomalaisista tieto- ja viestintärikoksista epäillyistä henkilöistä valtaosa on miehiä. Keskimäärin epäillyt ovat alle 30-vuotiaita, nuorimpien epäiltyjen ollessa 12-vuotiaita ja vanhimpien yli 60-vuotiaita, kirjoittaa ylitarkastaja Christian Jämsén poliisin kyberrikostorjuntakeskuksesta.. Poliisin blogi:

blogi.poliisi.fi/tietoverkkorikollisuus-poliisin-silmin/

Zero-day published for old Joomla CMS versions

www.zdnet.com/article/zero-day-published-for-old-joomla-cms-versions/#ftag=RSSbaffb68 Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites.. The vulnerability is trivial to exploit, and proof-of-concept exploit code has been published online.. blog:

blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41

Needles in a haystack: Picking unwanted UEFI components out of millions of samples

www.welivesecurity.com/2019/10/08/needles-haystack-unwanted-uefi-components/ ESET experts describe how they trained a machine-learning model to recognize a handful of unwanted UEFI components within a flood of millions of harmless samples

Ransomware hits several Spanish city halls

www.pandasecurity.com/mediacenter/news/ransomware-spanish-city-halls/ In Spain, the attacks hit in the middle of September. Since then, several city halls and institutions have been affected by ransomware attacks.. The first signs were seen in the Basque Country, where there were at least four reports of alleged cybersecurity crimes. Warnings were sent out about a massive campaign of emails containing attachments with malware. However, several government entities had already been hit.

Signal immediately fixed FaceTime-style eavesdropping bug

nakedsecurity.sophos.com/2019/10/08/signal-immediately-fixed-facetime-style-eavesdropping-bug/ Remember the FaceTime bug that allowed a caller to eavesdrop on your phone? Well, researchers recently discovered a similar one this time in super-secret messaging app Signal. A logic error in the app causes the program to answer an incoming call even if the user doesnt pick it up.

France Set to Roll Out Nationwide Facial Recognition ID Program

www.bloomberg.com/news/articles/2019-10-03/french-liberte-tested-by-nationwide-facial-recognition-id-plan France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity — whether they want it or not.. With the move, France will join states around the world rushing to create digital identities to give citizens secure access to everything from their taxes and banks to social security and utility bills. Singapore uses facial recognition and has signed an accord to help the U.K. prepare its own ID system. India uses iris scans.

macOS Catalina: Security and privacy improvements

www.helpnetsecurity.com/2019/10/08/macos-catalina-security-privacy/ Apple has released macOS Catalina (v10.15), a new major release of its desktop operating system, which comes with many functional and security and privacy improvements.

vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities

thehackernews.com/2019/10/vBulletin-hacking-exploit.html vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software.. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take complete control over targeted web servers and steal sensitive user information.. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums.

Analysis of A New Golang Ransomware Targeting Linux Systems

www.fortinet.com/blog/threat-research/new-golang-ransomware-targeting-linux-systems.html During the past two months, I have been working on reverse engineering malware written in Golang. Go, also known as Golang, is a statically typed, compiled programming language designed at Google that is becoming more popular within the malware development community. In this blog, I will analyze a newly found Golang ransomware targeting Linux systems.

Microsoft October 2019 Patch Tuesday

isc.sans.org/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ This month we got patches for 59 vulnerabilities total. None of them have been previously disclosed nor are being exploited according to Microsoft.. Amongst 9 critical vulnerabilities, its worth mentioning the remote code execution one which affects Microsoft XML Core Services (CVE-2019-1060). To exploit this vulnerability, an attacker would have to convince a user to access a specially crafted website designed to invoke MSXML through the web browser. When Internet Explorer parses the malicious content, the attacker could run malicious code remotely on userss system.. There is also a critical remote execution vulnerability Windows Remote Desktop Client (CVE-2019-1333). To exploit this vulnerability, an attacker would have to force the user to connect to a malicious server or compromise a legitimate server to host the malicious code on it, and wait for the users to connect.

Microsoft Releases the October 2019 Security Updates for Office

www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-october-2019-security-updates-for-office/ Microsoft released the October 2019 Microsoft Office security updates, bundling a total of 14 security updates and four cumulative updates across seven different products, nine of them patching remote code execution flaws.

Google October Android Security Update Fixes Critical RCE Flaws

threatpost.com/google-october-android-security-update/148964/ Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code.. The remote code execution (RCE) flaws are part of Googles October 2019 Android Security Bulletin, which deployed fixes for high and critical-severity vulnerabilities tied to nine CVEs overall. Qualcomm, whose chips are used in Android devices, also patched 18 high and critical-severity vulnerabilities.

Trucking Industry Has Become a Top Target of Ransomware Attacks

www.ttnews.com/articles/trucking-industry-has-become-top-target-ransomware-attacks Transportation is now one of the most cyberattacked industries in the United States, which puts trucking in the crosshairs of hackers, a panel of cybersecurity experts said here during American Trucking Associations’ Management Conference & Exhibition on Oct. 6.. If you take a step back from all of the critical infrastructures such as financial, transportation, medical and so on, transportation moved from No. 10 to No. 2 most-attacked in 2018, said Sharon Reynolds, chief information security officer for Omnitracs, in reviewing separate cybersecurity data by business sector from IBM X-Force Threat Intelligence Index.

China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations The Anomali Threat Research Team has identified an ongoing campaign which it believes is being conducted by the China-based threat group, Mustang Panda. The team first revealed these findings on Wednesday, October 2, during Anomali Detect 19, the companys annual user conference, in a session titled: Mustang Panda Riding Across Country Lines.

The Kittens Are Back in Town 2 Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods

www.clearskysec.com/the-kittens-are-back-in-town-2/ On the 15th of September 2019, we have published a report[1] about a sharp increase in Charming Kitten attacks against researchers from the US, Middle East, and France, focusing on Iranian academic researchers, Iranian dissidents in the US. In our last report, we exposed a new cyber espionage campaign that was conducted in July 2019. Since then, we observed another wave of these attacks, leveraging new impersonating vectors and IOCs.

GitHub Pages Spread Ramnit

www.netskope.com/blog/github-pages-spread-ramnit Netskope Threat Protection recently blocked several GitHub Pages sites that were infected by Ramnit. This post explores how these sites came to be infected by Ramnit and discusses the potential reach an attacker has when they compromise a GitHub repository.

Another Agenttesla campaign using a compromised Iraq Government site

myonlinesecurity.co.uk/another-agenttesla-campaign-using-a-compromised-iraq-government-site/ WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I dont always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. This version is noteworthy because the Exfil / C2 is an Ira

Adobe cancels all user accounts in Venezuela to comply with Trump order

arstechnica.com/tech-policy/2019/10/adobe-cancels-all-user-accounts-in-venezuela-to-comply-with-trump-order/ Adobe is deactivating all user accounts in Venezuela, saying that the action is necessary to comply with an executive order issued by President Donald Trump. The action affects both free and paid accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.