Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2

arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents law enforcement from using forensics tools against your phone, and the result of which is this blog post.”

September 2019s Most Wanted Malware: Emotet Botnet Starts Spreading Spam Campaigns Again After Three-Month Silence

blog.checkpoint.com/2019/10/10/september-2019s-most-wanted-malware-emotet-botnet-starts-spreading-spam-campaigns-again-after-three-month-silence/ In September, the Emotet Botnet resumed activity again after a three-month break. We first reported the notorious botnet taking a break in June 2019, and that the offensive infrastructure had become active again in August. Some of the Emotet spam campaigns featured emails which contained a link to download a malicious Word file, and some contained the malicious document itself. When opening the file, it lures the victims to enable the documents macros, which then installs the Emotet malware on the victims computer. Emotet was the 5th most prevalent malware globally in September.

Windows 7 support: time is running out

www.gdatasoftware.com/blog/time-is-running-out The end date for support for Windows 7 has already been fixed for some time. Anyone can find the dates on Microsoft product lifecycle page. Nevertheless, many private users and companies are shying away from switching to a more current version of Windows. Private users have it the easiest – Microsoft made the switchover to Windows 10 more palatable to users willing to make the change by offering a . free upgrade. However, that offer was time-limited and is no longer available. Here are the most important facts and most frequently asked questions regarding the end of support for Windows 7. Some of them are sure that cloud providers should be responsible for the protection; some think that public clouds are secure by design, and so not requiring any additional protection. But both those hypothesis are erroneous: public clouds are as much prone to software vulnerability exploitation, update repo poisoning, network connection exploitation, and account information compromise as the rest

Protecting public clouds from common vulnerabilities

www.kaspersky.com/blog/vulnerabilities-in-public-clouds/28905/ Many businesses already utilize a cloud environment that consists of on-premises private cloud and public cloud resources a hybrid cloud. However, when it comes to cybersecurity, companies tend to focus more on protection of physical or virtualized environments, paying much less attention to the part of their infrastructure that resides in public clouds

Clone or Swap? SIM Card Vulnerabilities to Reckon With

securityintelligence.com/posts/clone-or-swap-sim-card-vulnerabilities-to-reckon-with/ The most commonly used computer platform nowadays is no longer a desktop or a laptop its a phone. According to Bank My Cell, as of August 2019, there are more than 5 billion mobile devices worldwide. A staggering 67 percent of the population has some kind of mobile device, and research suggests the average person spends five hours a day on their phone about a third of the time the average person is awake. Its no wonder attackers are targeting the mobile phone market.

Mahalo FIN7: Responding to the Criminal Operators New Tools and Techniques

www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7s new tools that we have called BOOSTWRITE and RDFSNIFFER

ESET discovers Attor, a spy platform with curious GSM fingerprinting

www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/ ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users. ESET researchers have discovered a new espionage platform with a complex architecture, a host of measures to make detection and analysis more difficult and two notable features. First, its GSM plugin uses the AT command protocol, and second, it uses Tor for its network communications. ESET researchers thus named the cyberespionage platform Attor.

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

blog.trendmicro.com/trendlabs-security-intelligence/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops/ We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider Volusion, one of the top e-commerce platforms in the market. This is actually the third time we have identified a card skimmer injected into the cloud platform of an e-commerce provider. Two other businesses were already victimized this year: a campus e-commerce platform and a hotel e-commerce platform.

Small Business Cyber Security Guide

www.cyber.gov.au/publications/small-business-cyber-security-guide This guide has been developed to help small businesses protect themselves from the most common cyber security incidents. A cyber security incident that impacts a small business can be devastating. Unfortunately, we at the Australian Cyber Security Centre see the impact of cyber security incidents each and every day, on individuals, large companies, and small businesses.

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

www.us-cert.gov/ncas/current-activity/2019/10/10/fbi-releases-article-defending-against-phishing-and-spearphishing In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

thehackernews.com/2019/10/apple-bonjour-ransomware.html The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple’s iTunes and iCloud software for Windows to evade antivirus detection. The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network communication protocol that works silently in the background and automates various low-level network tasks, including automatically download the future updates for Apple software.

HP Touchpoint Analytics Opens PCs to Code Execution Attack

threatpost.com/hp-touchpoint-analytics-opens-pcs-to-code-execution-attack/149069/ The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say. A security flaw, discovered in an open-source software program that is a key component of HPs TouchPoint Analytics service, is opening up a wide swath of HP computers to attack. The vulnerability, if exploited by local attackers with administrative privileges, can allow them to execute arbitrary code on victim systems.

Ransomware: Prepare for hackers launching even more destructive malware attacks

www.zdnet.com/article/ransomware-prepare-for-hackers-launching-even-more-destructive-malware-attacks/ The ‘wiper’ ransomware used in state-backed attacks like NotPetya is gaining round among cyber criminals, warns EU law enforcement annual cybercrime report. The threat from ransomware continues to grow and it’s possible that the file-encrypting malware attacks could become far more destructive as cyber criminals evolve and change their tactics. European law enforcement agency Europol’s annual cybercrime report the Internet Organised Crime Threat Assessment (IOCTA) lists ransomware as the most widespread and financially damaging cyber attack, despite a decline in the number of ransomware incidents.

Member States publish a report on EU coordinated risk assessment of 5G networks security

europa.eu/rapid/press-release_IP-19-6049_en.htm Today, Member States, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on cybersecurity in Fifth Generation (5G) networks. This major step is part of the implementation of the European Commission Recommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU. 5G networks is the future backbone of our increasingly digitised economies and societies. Billions of connected objects and systems are concerned, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems. Ensuring the security and resilience of 5G networks is therefore essential.

Verkkohuijareiden tarinat muuttuvat, meininki ei näillä vinkeillä tietoturva paranee

www.tivi.fi/uutiset/tv/83f5e1e3-4c3e-4e11-b72e-9062b73b3ec6 Verkkohuijareiden tarinat muuttuvat, mutta pelin henki pysyy samana. Hyväuskoisia jymäytetään ja rahat viedään. Verkkopankkitunnusten tai luottotietojen kalastelua, datalouhintaa ja haittaohjelmia. Näistä ovat tavallisen kansalaisen tietoturvariskit tehty, muistuttaa tietoturvajohtaja Leo Niemelä LähiTapiolan verkkosivulla. Niemelän mukaan toimiva tietoturva on monen osan summa, mutta tärkeintä on muistaa ylläpitää tietoturvaa arjessa. Parhaatkaan suojakeinot eivät toimi, ellei niitä seuraava ihminen ole tietoinen riskeistä ja toimi tietoturvallisesti.

SafeBreach Labs discovered a new vulnerability in HP Touchpoint Analytics software. In this post, we will demonstrate how this vulnerability can be used in order to achieve privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as SYSTEM

safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333 Additionally, we will present some of the potential malicious actions that could be undertaken by exploiting this vulnerability in the HP Touchpoint Analytics software.

Phishing Incident Exposes Medical, Personal Info of 60K Patients

www.bleepingcomputer.com/news/security/phishing-incident-exposes-medical-personal-info-of-60k-patients/ Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information for 68,039 individuals may have been exposed following a successful phishing attack against two of its employees. Methodist provides surgical and medical hospital services, it employs 2,576 individuals, and it reported a total number of 195,055 patient encounters during 2018 according to last year’s annual report.

The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack. The NSA’s bulletin, issued earlier this week, says that state-sponsored hacking groups are now actively targeting the remote takeover and connection hijacking flaws in VPNs that were first publicized in April of this year.


Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

www.wired.com/story/plant-spy-chips-hardware-supermicro-cheap-proof-of-concept/ A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment. More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for “most overhyped bug” and “most epic fail.” And no follow-up reporting has yet affirmed its central premise.

You might be interested in …

Daily NCSC-FI news followup 2020-11-30

German users targeted with Gootkit banker or REvil ransomware blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/ On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystroke or video recording designed to […]

Read More

Daily NCSC-FI news followup 2020-01-08

No, the US Army isnt drafting you for WWIII by text message www.theverge.com/2020/1/7/21055797/us-army-draft-ww3-scam-text-message-fake On Tuesday, the Army put out a news bulletin alerting the public of fraudulent text messages from people claiming to be recruiters. Some texts tell the person receiving them to head to their local recruiting office for immediate departure to Iran. Others […]

Read More

Daily NCSC-FI news followup 2020-04-20

Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730 – From what we found even those who use VPNs are at risk even more so than usual. Read below to see how and what to do about it. The main objective of these attacks was the exfiltration of intellectual property, such as documents on integrated […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.