Daily NCSC-FI news followup 2019-10-12

These are the 29 countries vulnerable to Simjacker attacks

www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/ Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.. Simjacker attacks spotted in Mexico, Colombia and Peru.

Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit

www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware. . According to security firm Tesorion, Nemty 1.6 also modified their encryption algorithm to use the Windows cryptographic libraries instead of their own custom AES implementation. . This was most likely done to break the decryptor created by Tesorion, which didn’t go as plan as Tesorion’s decryptor can still decrypt Nemty 1.6 victims for free.

Mikä moka: tiedustelupalvelu osti nollapäivähaavoittuvuuksia – omalla koneella ollut virusskanneri aiheutti melkoisen yllätyksen

www.mikrobitti.fi/uutiset/mb/6bc5e739-52d6-4fd8-a990-92130396c0d7 Uzbekistanin uusi tiedustelupalvelu SandCat oli työssään niin kujalla, että se paitsi vuosi oman hyökkäystyökalunsa tietoturvatutkijoille, myös paljasti vahingossa Saudi-Arabian käyttämiä iskumetodeja.. see also

www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware

Decades-Old Code Is Putting Millions of Critical Devices at Risk

www.wired.com/story/urgent-11-ipnet-vulnerable-devices/ Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.

Attackers Create Elaborate Crypto Trading Scheme to Install Malware

www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/ Security researcher MalwareHunterTeam discovered a scheme where an attacker has created a fake company that is offering a free cryptocurrency trading platform called JMT Trader. When this program is installed, it will also infect a victim with a backdoor Trojan.. Possible ties to the Lazarus APT group

You might be interested in …

Daily NCSC-FI news followup 2020-07-19

WSJ: Yhdysvaltalaistutkijat jäljittivät matkapuhelinten signaaleja lähellä venäläisiä sotilaskohteita yle.fi/uutiset/3-11455540 Kaupallisesti saatavilla olevaa paikannustietoa käytetään yhä enemmän myös valtiollisessa tiedustelussa. Amerikkalainen tutkijaryhmä Mississippin yliopistosta seurasi viime vuonna matkapuhelinten signaaleja lähellä Venäjän sotilasalueita, Wall Street Journal uutisoi. Lue myös: www.wsj.com/articles/academic-project-used-marketing-data-to-monitor-russian-military-sites-11595073601 iOS 13.6: Apple Just Gave iPhone Users 29 Security Reasons To Update Now www.forbes.com/sites/kateoflahertyuk/2020/07/19/ios-136-apple-just-gave-iphone-users-29-security-reasons-to-update-now/ Apple’s iOS 13.6 […]

Read More

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Read More

Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. When coffee makers are demanding a ransom, you know IoT is screwed arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water. Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.