Daily NCSC-FI news followup 2019-10-29

Industrial equipment to come under fire at the world’s largest hacking contest

www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/ Pwn2Own hacking contest to feature ICS SCADA targets for the first time. The next Pwn2Own contest is set to take place at the S4 ICS security conference that will be held in Miami South Beach on January 21-23, 2020.

Microsoft: Russian hackers are targeting sporting organizations ahead of Tokyo Olympics

www.zdnet.com/article/microsoft-russian-hackers-are-targeting-sporting-organizations-ahead-of-tokyo-olympics/ Microsoft said APT28 targeted “at least 16 national and international sporting and anti-doping organizations.”. Also:








CertUtil Qualms: They Came to Drop FOMBs

www.fireeye.com/blog/threat-research/2019/10/certutil-qualms-they-came-to-drop-fombs.html This intrusion attempt highlights a number of valuable lessons in security, chiefly: attackers work fast faster than many security teams can react.. This intrusion attempt highlights a number of valuable lessons in security, chiefly: attackers work fast faster than many security teams can react. Additionally, patching complex software environments while keeping the business operational makes it difficult to keep pace with attackers exploiting vulnerabilities, especially when these truths are coupled with rapid exploitation with innovative

Current and Future Hacks and Attacks that Threaten Esports

blog.trendmicro.com/trendlabs-security-intelligence/current-and-future-hacks-and-attacks-that-threaten-esports/ Esports has evolved from niche entertainment into a highly lucrative industry. Growing ad revenue and sponsorships allow the tournaments to grow; and as the tournaments grow, the prize pool grows as well. Of course, growing popularity and increased funds open up the entities involved to cybercriminals looking for any opportunity to make a profit.

Attention-grabbing cyberattacks that use fiendish exploits are probably not the kind of threat that should be your main concern here’s what your organization should focus on instead

www.welivesecurity.com/2019/10/29/what-you-may-be-getting-wrong-about-cybersecurity/ When we hear about breaches, we assume that attackers used some never-before-seen, zero-day exploit to breach our defenses. This situation is normally far from the truth. While it is true that nation-states hold onto tastily crafted zero days that they use to infiltrate the most nationally significant targets, those targets are not you. And theyre probably not your organization, either.

FTC Provides Tips for Warding Off Hackers

www.us-cert.gov/ncas/current-activity/2019/10/29/ftc-provides-tips-warding-hackers The Federal Trade Commission (FTC) has released an article with tips on how protect your personal information from being stolen by hackers. In support of National Cybersecurity Awareness Month (NCSAM), FTC provides recommendations on how to safeguard phones, computers, accounts, and personally identifiable information.

Mysterious malware that re-installs itself infected over 45,000 Android Phones

thehackernews.com/2019/10/remove-xhelper-android-malware.html Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices.. Also:



New Adwind Variant Targets Windows, Chromium Credentials

threatpost.com/new-adwind-variant-windows-chromium-credentials/149642/ A new version of the typically platform-agnostic Adwind trojan has been spotted targeting Windows applications and systems and Chromium-based browsers. A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets. Adwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data mainly login credentials from victims machines.. Also:



Details for 1.3 million Indian payment cards put up for sale on Joker’s Stash

www.zdnet.com/article/details-for-1-3-million-indian-payment-cards-put-up-for-sale-on-jokers-stash/ n what security researchers have dubbed one of the biggest card dumps in recent years, more than 1.3 million payment card details have been put up for sale on Joker’s Stash, the internet’s largest carding shop, ZDNet has learned. The new upload contains data primarily from Indian cardholders, security researchers at Group-IB told ZDNet today, after spotting the new upload just hours before.. Also:


NordVPN introduces bug bounty program as part of security overhaul

www.zdnet.com/article/nordvpn-introduces-bug-bounty-program-as-part-of-security-overhaul/ NordVPN has announced a series of initiatives that it says will significantly improve the security of its infrastructure after an attacker gained access to one of its servers. The company, known for its widely used virtual private network (VPN) service, confirmed last week that a server it was renting from a data center in Finland was exploited by an attacker via an insecure remote management system left by the data center provider.. Also:


Verkko kyykkäsi Peijaksen sairaalassa

www.tivi.fi/uutiset/tv/73c4a1d0-2a7d-4723-960b-ba2811c2165e Tietoliikennehäiriö kesti vajaat viisi tuntia. Häiriö vaikeutti yhteydenottoa potilastietojärjestelmään mikä haittasi sairaalan toimintaa. Vantaalla Peijaksen sairaalassa oli perjantaina laaja tietoliikennehäiriö, joka haittasi sairaalan toimintaa. Sen aikana tietokoneista ei saanut yhteyttä potilastietojärjestelmään.

Blogger and WordPress Sites Hacked to Show Sextortion Scams

www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/ Scammers are hacking into WordPress and Blogger sites and using the hacked accounts to create posts stating that the blogger’s computer has been hacked and that they were recorded while using adult web sites. These types of threats is called sextortion and are typically send via email to recipients whose information was disclosed in data breaches. These scam emails then threaten the recipient that their video will be released to everyone on the their contact list unless an extortion demand is paid.

Chrome devs tell world that DNS over HTTPS won’t open the floodgates of hell

www.theregister.co.uk/2019/10/29/chrome_dns_https/ Chrome devs have had a little rant about “misinformation”, repeating that DNS-over-HTTPS (DoH) will be supported but won’t necessarily be automatically used in upcoming builds of the browser. In a blog post published last night, Google’s Chrome product manager insisted it was not going to “force users to change their DNS provider” after building the technology into Chrome 78, released last week.

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

threatpost.com/threatlist-most-retail-hardware-pos-flaws-are-critical/149609/ Almost all of hardware vulnerabilities 90 percent that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. Thats due to the fact that retail hardware assets often lack built-in security features. Hardware assets often require manual updates (which cant be done at scale, making it more difficult and time-consuming to patch systems) and are generally short on processing power and memory (meaning standard encryption protocols are frequently forgone by manufacturers).

The Pirate Bay was recently down for over a week due to a DDoS attack

thehackernews.com/2019/10/the-pirate-bay-down.html It seems like the prolonged downtime and technical difficulties faced by The Pirate Bay over the past several weeks were due to a series of distributed denial of service (DDoS) attacks against the widely-popular torrent website by malicious actors.

Maze Ransomware Attacks Italy in New Email Campaign

www.bleepingcomputer.com/news/security/maze-ransomware-attacks-italy-in-new-email-campaign/ The Maze Ransomware is conducting a new spam campaign that targets Italian users by pretending to be the country’s Tax and Revenue Agency. The Maze Ransomware is not a new infection, but within the past month it has been picking up steam with new campaigns, partnering with exploit kits, and inserting playful comments targeting researchers in their executables.

MikroTik Router Vulnerabilities Can Lead to Backdoor Creation

www.securityweek.com/mikrotik-router-vulnerabilities-can-lead-backdoor-creation A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTik’s RouterOS software, and ends with enabling a backdoor..


You might be interested in …

Daily NCSC-FI news followup 2020-12-13

Exclusive: U.S. Treasury breached by hackers backed by foreign government – sources www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter. “The United States government is aware […]

Read More

Daily NCSC-FI news followup 2021-01-26

Poliisi tutkii jälleen huijauksia Mieheltä vietiin lähes 300 000 euroa poliisi.fi/-/poliisi-tutkii-jalleen-huijauksia-miehelta-vietiin-lahes-300-000-euroa Helsingin poliisi tutkii kahta erillistä tapausta, joissa uhreilta huijattiin puhelimitse ja sähköpostitse rahaa. Also: www.is.fi/digitoday/art-2000007763427.html CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating […]

Read More

Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials. SolarWinds hack analysis reveals 56% boost […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.