Daily NCSC-FI news followup 2019-10-28

800 cyberattacks an hour in the United Kingdom

www.pandasecurity.com/mediacenter/security/cyberattacks-united-kingdom-councils/ In 2019, public administrations have suffered a great deal at the hands of cybercriminals. In January, the city hall of Del Rio, Texas, suffered a ransomware attack that forced its employees to carry out their work with pen and paper. This incident was first in a wave of ransomware attacks on public administrations all over the world, which is still affecting organizations.

Does Social Media Visualization Serve as a Primer for 5G Data Visualization?

securityintelligence.com/articles/does-social-media-visualization-serve-as-a-primer-for-5g-data-visualization/ The deployment of 5G data technology in our daily lives will be revolutionary, but this blast of speed and data will burden cybersecurity management teams and create an entirely new set of risks to handle around issues such as mobile security and integration with smart cities.

Return of the LNK Files…

windowsir.blogspot.com/2019/10/return-of-lnk-files.html I wanted to put something scary together in time for Halloween; I was gonna go with a mullet wig, a la Joe Dirt, or maybe pass out cards with truly scary cards for those of us who are adulting, full time, such as, “…your septic field just rose and flowed down the yard into your porch…”, or “…your teenager just go their license and want to drive home…”. You know, truly scary stuff. However, from a #DFIR perspective (and maybe even a little bit of #threatintel) this just seemed a bit more fun and appropriate.

UniCredit Bank Suffers ‘Data Incident’ Exposing 3 Million Italian Customer Records

thehackernews.com/2019/10/unicredit-bank-data-breach.html UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers. Officially founded in 1870, UniCredit is Italy’s biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 countries.

sadcloud: Templating Cloud Misconfigurations

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/sadcloud/ n September, we began to put together a workshop to give at OWASP BASC, titled “AWS Cloud Security Fundamentals.” The goal of the workshop was to walk participants through AWS Security, with a focus on easy wins, built-in AWS security tools, and self-auditing using open-source tools, including NCC Group’s own ScoutSuite. ScoutSuite is NCC Group’s multi-cloud security-auditing tool, which currently supports the identification of over a hundred different AWS misconfigurations that can degrade security in various ways.

Using scdbg to Find Shellcode

isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/ I’ve written a couple of diary entries about scdbg, a Windows 32-bit shellcode emulator. If you’re not familiar reading assembly code or machine language, scdbg can help you understand what shellcode is doing, by emulating it and reporting relevant Win32 API calls.

Magecart Gang Targets Skin Care Site Visitors For 5+ Months

threatpost.com/magecart-attack-skin-care-site/149580/ A Magecart skimmer, discovered on the site of First Aid Beauty, was only just removed after being in place for five months. The website of popular skin care brand First Aid Beauty has been hacked by the infamous Magecart group, which embedded digital card skimmers on the site to steal visitors payment-card information. The skimmers were undetected on the website for more than five months.

Industrial equipment to come under fire at the world’s largest hacking contest

www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/ Pwn2Own hacking contest to feature ICS SCADA targets for the first time. Software for industrial equipment will be the primary focus of the next edition of Pwn2Own, the world’s largest and most well-known hacking contest. This is the first time that security researchers will be allowed to hack ICS (industrial control systems) software and protocols at Pwn2Own.

U.S. Food Chain Alerts Customers of Payment Card Incident

www.bleepingcomputer.com/news/security/us-food-chain-alerts-customers-of-payment-card-incident/ U.S. fast-food restaurant chain Krystal disclosed a security incident involving one of is payment processing systems and affecting some of its restaurants between July and September 2019. Krystal was founded back in 1932, currently has 342 locations in the Southern United States and “is the original quick-service restaurant chain in the South” according to a press release published on Friday.

Amazon is saying nothing about the DDoS attack that took down AWS, but others are

www.theregister.co.uk/2019/10/28/amazon_ddos_attack/ Looks like some security staff were asleep at the switch. Amazon has still not provided any useful information or insights into the DDoS attack that took down swathes of websites last week, so lets turn to others that were watching. One such company is digital monitoring firm Catchpoint, which sent us its analysis of the attack in which it makes two broad conclusions: that Amazon was slow in reacting to the attack, and that tardiness was likely the result of its looking in the wrong places.

Privacy is a Shared Responsibility

blogs.cisco.com/security/privacy-is-a-shared-responsibility Privacy is an evolving topic with diverse perspectives on how best to balance the rights and interests of consumers and companies. As allegations of data mishandling fill headlines, privacy is now front and center on everyones minds. While data has been the lifeblood of innovation and economic growth, there has also been excessive data collection, lax security, and undisclosed sharing. Public opinion and new laws are starting to curtail some of this bad behavior creating both compliance challenges and business/brand opportunities.

Sixth June Fashion Site Hacked to Steal Credit Cards

www.bleepingcomputer.com/news/security/sixth-june-fashion-site-hacked-to-steal-credit-cards/ French fashion online store Sixth June is offering shoppers more than the latest in men and women streetwear apparel as the site was infected some time ago with code that steals payment card info at checkout.. The infosec community typically refers to this type of scripts as MageCart because they initially targeted sites using the Magento e-commerce platform.

You’re ARIN a laugh: Critical internet org accused of undercutting security over legal fears

www.theregister.co.uk/2019/10/28/arin_rpki_open_source/ America’s regional internet registry slammed by critics, snubbed by ISPs. A key internet infrastructure organization is undercutting efforts to make the internet more secure by insisting ISPs accept a legal agreement before using a security framework, critics charge.

Largest cyber-attack in Georgia’s history linked to hacked web hosting provider

www.zdnet.com/article/largest-cyber-attack-in-georgias-history-linked-to-hacked-web-hosting-provider/ A hacker has defaced over 15,000 websites hosted on the infrastructure of Pro-Service, a Georgian web hosting provider, including government sites, local newspapers, and TV stations. The country of Georgia suffered a massive cyber-attack today during which over 15,000 websites were defaced and later taken offline. The attack, considered by local press the biggest in the country’s history, impacted the sites for various government agencies, banks, courts, local newspapers, and TV stations.

This Time, There Really Are NO IPv4 Internet Addresses Left

www.ispreview.co.uk/index.php/2019/10/this-time-there-really-are-no-ipv4-internet-addresses-left.html The RIPE Network Coordination Centre (RIPE NCC), which manages regional distribution of internet addresses for the UK, Europe, Middle East and parts of Central Asia, has confirmed that their final reserve pool of Internet Protocol v4 (IPv4) addresses will completely run out in November 2019.

VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

www.virusbulletin.com/blog/2019/10/vb2019-paper-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/ Magecart is an umbrella-term for various groups that engage in placing JavaScript code on e-commerce sites to steal credit card info. Magecart attacks go back almost a decade but it became an infosec household name following some prominent breaches in 2018. Magecart is getting a lot of attention from security researchers, and RiskIQ’s Yonathan Klijnsma is probably the most prolific among them. He was one of the authors of a 2018 report that detailed the modi operandi of the various Magecart groups.

You might be interested in …

Daily NCSC-FI news followup 2021-05-15

Irelands Health Services hit with $20 million ransomware demand www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/ Yesterday, a cybersecurity researcher shared a screenshot of a chat between Conti and Ireland’s HSE with BleepingComputer.. In the screenshot, the Conti gang claims to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700 GB […]

Read More

Daily NCSC-FI news followup 2020-05-23

The Week in Ransomware – May 22nd 2020 – Constantly Innovating www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-22nd-2020-constantly-innovating/ Ransomware operators continue to leak data for their victims and develop new ways to infect victims without being detected by security software. This week, we saw Snake ransomware leak data from Fresenius Medical Care, and REvil claims to have a buyer for the […]

Read More

Daily NCSC-FI news followup 2021-09-17

NSO Group iMessage Zero-Click Exploit Captured in the Wild citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail. Mitigating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.