Daily NCSC-FI news followup 2019-10-30

Major vulnerability patched in the EU’s eIDAS authentication system

www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/ Vulnerability would have allowed attackers to pose as any EU citizen or business. SEC Consult researchers said they found that current versions of the eIDAS-Node package fail to validate certificates used in eIDAS operations, allowing attackers to fake the certificate of any other eIDAS citizen or business.. Also:


Takeaways from the $566M BriansClub breach

krebsonsecurity.com/2019/10/takeaways-from-the-566m-briansclub-breach/ Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the worlds largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.

Are Cybercriminals Winning the Mainframe Security Cat-and-Mouse Game?

securityintelligence.com/posts/are-cybercriminals-winning-the-mainframe-security-cat-and-mouse-game/ Just as mainframes are seeing a resurgence in usage, a recent poll revealed that multiple factors are converging to make it harder to secure the mission-critical data they contain and, increasingly, share with cloud-based systems and applications. Respondents cited new types of attacks as a top challenge and indicated that simple security measures are not yet widely adopted.

New Targeted Attack On Taiwanese Government & Tibetan Activists Open Up a Can Of Worms – GrayPigeon, Hangame & Shiqiang gang

www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html We observed new targeted attacks targeting various personnel with pro-Tibetan views. The targets? Weve seen targets at various branches of the Taiwanese government as well as a professor at the Central University Of Tibetan Studies in India.

MS-ISAC Releases EOS Software Report List

www.us-cert.gov/ncas/current-activity/2019/10/30/ms-isac-releases-eos-software-report-list The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an end-of-support (EOS) software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and is, therefore, susceptible to exploitation from security vulnerabilities.

Are we winning or losing the patch management battle?

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/are-we-winning-or-losing-the-patch-management-battle/ A recent research publication from Kenna Security (Prioritization to Prediction Vol. 3) paints a very sorry picture of patch management at 300 sampled organizations. This grim data raises the question: should we abandon patch management as an accepted IT security control altogether?

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

thehackernews.com/2019/10/whatsapp-nso-group-malware.html Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service.. Also:



Insurance Pays Out a Sliver of Norsk Hydros Cyberattack Damages

threatpost.com/insurance-pays-norsk-hydro-cyberattack-damages/149707/ The company received $3.6 million in cyber insurance out of $71 million incurred in damages after a massive March cyberattack. On the heels of a severe cyberattack attack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and send several more into manual mode.

Confirmed: North Korean malware found on Indian nuclear plant’s network

www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/ Two days after rumors of a malware infection at the Kudankulam Nuclear Power Plant surfaced on Twitter, the plant’s parent company confirms the security breach. The network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today.. Also:


Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers

www.zdnet.com/article/ubisoft-reports-93-drop-in-ddos-attacks-after-pushing-back-against-attackers/ Ubisoft said it sent cease-and-desist letters to DDoS service providers, filed complaints against offending players. Ubisoft said it recorded a 93% drop in the frequency of DDoS attacks aimed at Rainbox Six Siege (R6S) servers after the company started sending legal threats to DDoS-for-hire services and abusive players as part of a larger set of countermeasures the company announced last month.

Microsoft Users Hit with Phishing Kits Hosted on Thousands of Domains

www.bleepingcomputer.com/news/security/microsoft-users-hit-with-phishing-kits-hosted-on-thousands-of-domains/ Microsoft’s users were the most targeted by phishing campaigns among the top targeted brands with attackers using thousands of domains specifically registered to be used for harvesting credentials from their targets. 6,035 domains were used to host 120 phishing kit variants according to Akamais 2019 State of the Internet / Security Report, with users and employees of high tech companies being the ones most attacked.

World’s First Domain Registrar Network Solutions Discloses Breach

www.bleepingcomputer.com/news/security/worlds-first-domain-registrar-network-solutions-discloses-breach/ World’s first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company’s computing systems without authorization and potentially access some customers’ personally identifiable information (PII).

21 Million Logins for Top 500 Firms Offered on the Dark Web

www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/ A little over 21 million login credentials stolen from Fortune 500 companies have been found in various places on the dark web, many of them already cracked and available in plaintext form. The information was compiled by crawling multiple resources, like markets in the Tor network, web forums, Pastebin, IRC channels, social networks, and messenger chats.

Murky Details Surround Bed, Bath and Beyond Breach

threatpost.com/murky-details-bed-bath-beyond-breach/149691/ Housewares and home furnishings purveyor Bed, Bath and Beyond has disclosed a data-thieving cyber attack that allowed the adversaries to access customers online accounts. According to a Tuesday SEC filing, the company discovered that a third party acquired email and password information from a source outside of the companys systems which was used to access customers online accounts.. Also:


Remote Access Trojans

blogs.cisco.com/security/remote-access-trojans Youre working for a high-profile technology company, close to releasing a market-changing product to the public. Its a highly contested space, with many competitors, both domestic and international. Theres also a lot of buzz in the media and online speculation on the scope and impact your new product will have. And it goes without question that customers are keen to know more about the upcoming game-changer.

You might be interested in …

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Daily NCSC-FI news followup 2020-03-27

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more www.zdnet.com/article/best-password-managers/ Everyone needs a password manager. Period, full stop. It’s the only possible way to maintain unique, hard-to-guess credentials for every secure site you, your family members, and your team access daily. Booz Allen analyzed 200+ Russian hacking operations to better understand their […]

Read More

Daily NCSC-FI news followup 2019-06-19

Apu: Kyberhyökkäys tietoverkkoihin voisi pimentää Suomen oletko varautunut? www.apu.fi/artikkelit/kyberhyokkays-tietoverkkoihin-voisi-pimentaa-suomen Kiinan tiedustelupalvelu värvää vakoilijoita LinkedInissä myös suomalaisia ulkopolitiikan asiantuntijoita lähestytty yle.fi/uutiset/3-10838995 Raportin on laatinut Ulkopoliittisen instituutin ohjelmajohtaja Mika Aaltola. Quick Detect: Exim “Return of the Wizard” Attack isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ =Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.