Daily NCSC-FI news followup 2019-10-17

Security researcher publishes proof-of-concept code for recent Android zero-day

www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/ Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day.

Operation Ghost: The Dukes arent back they never left

www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families. We believe Operation Ghost started in 2013 and it is still ongoing as of this writing. Our research shows that the Ministries of Foreign Affairs in at least three different countries in Europe are affected by this campaign. We have also discovered an infiltration by the Dukes at the Washington, DC embassy of a European Union country.. full report


The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History

www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/ How digital detectives unraveled the mystery of Olympic Destroyerand why the next big attack will be even harder to crack.

European Airport Systems Infected With Monero-Mining Malware

www.bleepingcomputer.com/news/security/european-airport-systems-infected-with-monero-mining-malware/ More than 50% of all computing systems at a European international airport were recently found to be infected with a Monero cryptominer linked to the Anti-CoinMiner campaign Zscaler spotted during August 2018.. see also


Trump Campaign Website Left Open to Email Server Hijack

threatpost.com/trump-campaign-website-allowed-email-hijack/149278/ A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trumps official campaign website.

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

thehackernews.com/2019/10/dark-web-child-abuse.html The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins.

When Card Shops Play Dirty, Consumers Win

krebsonsecurity.com/2019/10/when-card-shops-play-dirty-consumers-win/ Cybercrime forums have been abuzz this week over news that BriansClub one of the undergrounds largest shops for stolen credit and debit cards has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClubs longtime competitors trying to knock out a rival.

Microsoft Adds Azure AD Sign-In History to Detect Unusual Activity

www.bleepingcomputer.com/news/microsoft/microsoft-adds-azure-ad-sign-in-history-to-detect-unusual-activity/ Microsoft announced the addition of an Azure Active Directory (AD) sign-in history feature that would allow users to get an overview of past sign-ins and quickly detect any unusual login activity.

You might be interested in …

[NCSC-FI News] New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel

In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In addition to the traditional backdoor functions, B1txor20 also has functions such as opening Socket5 proxy and remotely downloading and installing Rootkit. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Conti Ransomware Group Diaries, Part II: The Office

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series […]

Read More

[NCSC-FI News] KRP:n nimissä lähetetään huijausviestejä toimi näin, jos olet saanut viestin

KRP:n mukaan viestien sisällöt vaihtelevat ja niitä on lähetetty eri sähköpostiosoitteista. Sähköpostit eivät tule oikeasti poliisista, vaan rikolliset pyrkivät jäljittelemään poliisin käyttämiä sähköpostiosoitteita Yhdistävä tekijä viesteissä on nykytiedon mukaan se, että viestien liitteinä on pdf-tiedostoja ja viestien otsikossa mainitaan “artikla 360”. Viesteissä on väitetty vastaanottajan syyllistyneen rikoksiin. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.