Daily NCSC-FI news followup 2019-11-13

While CISOs Fret, Business Leaders Tout Security Robustness

www.darkreading.com/operations/while-cisos-fret-business-leaders-tout-security-robustness/d/d-id/1336342 Nominet recently surveyed nearly 300 senior security and IT practitioners, including CISOs, CIOs, and CTOs from the US and UK. The survey sought to assess the level of confidence among executives about their organizations’ cybersecurity posture and readiness to deal with threats.. Seventy percent of the respondents said their organizations use its cybersecurity posture as a selling point to customers and business partners, even though CISOs and others responsible for cybersecurity were far less confident in the security stack.

Shock! US border cops need ‘reasonable suspicion’ of a crime before searching your phone, laptop

www.theregister.co.uk/2019/11/12/cbp_device_searches/ Massachusetts district court judge Denise Casper declared that the practice breaks the Fourth Amendment on unreasonable search, and that border agents need to have a reasonable suspicion of illegal activity before they can search electronic devices.. Its not clear whether the ruling will apply to all visitors to the United States or just citizens and permanent residents, but Schwartz argues that the logic should be that all visitors are given equal protections.

Suomalaisten tärkeä tunnistuspalvelu reistaili syynä ei palvelunestohyökkäys

www.tivi.fi/uutiset/tv/7b9bb443-d3c5-47c0-9098-f11ec0bf2c43 Suomi.fi-tunnistautumispalvelussa oli ongelmia keskiviikkona aamulla. Palvelu ei ollut kokonaan nurin, mutta sen toiminnassa oli häiriöitä.

Russian bloke charged in US with running $20 million stolen card-as-a-service online souk

www.theregister.co.uk/2019/11/13/russian_charged_cardplanet/ Prosecutors say that Burkov was the mastermind behind two sites dedicated to buying and selling the details of stolen payment cards. One site, known as Cardplanet, was public and it is estimated that the cards traded on the site were used by criminals to rack up fraudulent charges in excess of $20m. That site operated from 2009 through most of 2013.

Hackers Breach ZoneAlarm’s Forum Site Outdated vBulletin to Blame

thehackernews.com/2019/11/zonealarm-forum-data-breach.html ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News.. Moreover, the company has also clarified that the security incident only affects users registered with the “forums.zonealarm.com” domain, which has a small number of subscribers, nearly 4,500.. Upon reaching out to the company, a spokesperson confirmed The Hacker News that attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorized access.

Two New Carding Bots Threaten E-Commerce Sites

www.infosecurity-magazine.com/news/two-new-carding-bots-threaten/ One of the new carding bots, named the canary bot, specifically exploits top e-commerce platforms. The other bot, dubbed the shortcut bot, bypasses the e-commerce website entirely and instead exploits the card payment vendor APIs used by a website or mobile app.. Describing an attack by the canary bot, researchers wrote: “In this attack, the bots create a shopping cart, add products to the cart, set shipping information, and finally execute the carding attackall of the steps except for the carding attack exhibit normal user behavior through a website.”. As can be expected from its name, the shortcut bot takes a more direct approach, skipping out on adding products to the cart and completing the billing process in an attempt to avoid detection.

Cheat or death? The secret world of malware-like cheats in video games

www.kaspersky.com/blog/malware-like-cheats/29231/ Video game cheats are nothing new, but now, among the great variety of performance enhancing cheats we are seeing cheats that demonstrate malwarelike behavior, using evasion features and techniques that rival those of advanced persistent threats.. Video of related Bluehat talk at https://www.youtube.com/watch?v=MuIsxE4rCYg

Cyber Command flags North Korean-linked hackers behind ongoing financial heists

www.cyberscoop.com/north-korea-malware-cyber-command-virus-total-apt38/ The Department of Defense has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heists, including past attacks on the interbank messaging system known as the Society for Worldwide Interbank Financial Telecommunication (SWIFT), CyberScoop has learned.. These malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors, [US Cyber Command] said in a tweet. https://twitter.com/CNMF_VirusAlert/status/1192131508007505921. [originally in news followup on 2019-07-11 from US-CERT]

GSM Traffic and Encryption: A5/1 Stream Cipher

www.blackhillsinfosec.com/gsm-traffic-and-encryption-a5-1-stream-cipher/ This write-up documents some of my follow-up research with regard to analyzing the GSM traffic packets I captured using Software Defined Radio. My attempt was to better understand the GSM mobile network protocols and procedures, with an emphasis on the authentication and ciphering algorithms being deployed.

Leashing Cerberus

www.anomali.com/blog/leashing-cerberus Cerberus is an Android banking trojan first reported on by ThreatFabric in June 2019 that may have been active since at least 2017. The malware is for sale on a Russian hacking forum called xss[.]is where the actors behind its development are selling licenses for the service from $4000 – $12000. This new malware-as-a-service may have filled the void for actors who require Android malware rental . services like Anubis and Red Alert which have ceased to exist. ThreatFabric analysts point out that the malware activates when victims move around, triggering the accelerometer inside the device. . Cerberus lies dormant until the pedometer (measuring step count) reaches a certain amount of steps. It also alters the lure depending on the Android package name, capturing banking details or mail credentials. Cerberus does not share code with Anubis or other Android banking trojans and appears to have been newly written

You might be interested in …

Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet. Google offers up […]

Read More

[NCSC-FI News] Julkishallinto sai api-periaatteet

Valtiovarainministeriö on julkaissut yhteiset ohjelmointirajapintakehityksen toimintaperiaatteet ja suositukset julkiselle hallinnolle. Nämä api-periaatteet on jaettu kolmelle tasolle, joita ovat strateginen, taktinen ja operatiivinen. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2021-02-14

Egregor ransomware operators arrested in Ukraine www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/ Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.. Members of the Egregor ransomware cartel have been arrested this week in Ukraine, French radio station France Inter reported on Friday, citing law enforcement sources. Pro-India hackers use Android spyware to spy […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.