Daily NCSC-FI news followup 2019-11-15

Clampdown on US border device searches not such a big deal

www.zdnet.com/article/clampdown-on-us-border-device-searches-not-such-a-big-deal/#ftag=RSSbaffb68 Alasaad v. Mcaleenan acknowledges the intrusiveness of digital searches, but it’s only about “contraband” and falls short of requiring a warrant. It’s time for SCOTUS and Congress to dig deeper, say experts.

New Emotet Report Details Threats From One of the Worlds Most Successful Malware Operations

www.fortinet.com/blog/threat-research/emotet-playbook-banking-trojan.html Emotet is still highly active, and its daily activity is noted not only by the organizations affected by this pervasive threat, but by researchers and first responders worldwide trying to understand the latest additions and attack methodologies the Emotet authors have added to their war chest. This latest playbook focuses on a specific Emotet attack campaign that FortiGuard Labs has observed as . recently as a few weeks ago. While this playbook is not meant to be an exhaustive analysis of Emotet, as that would be impossible due to time constraints, but it does serve as a small glimpse into an otherwise impressive campaign of criminal behavior.

What is application security? A process and tools for securing software

www.csoonline.com/article/3315700/what-is-application-security-a-process-and-tools-for-securing-software.html According to Veracodes State of Software Security Vol. 10 report, 83% of the 85,000 applications it tested had at least one security flaw. Many had much more, as their research found a total of 10 million flaws, and 20% of all apps had at least one high severity flaw. Not all of those flaws presents a significant security risk, but the sheer number is troubling.

‘State of the Firewall’ Report: Automation Key to Preventing Costly Misconfigurations

www.securityweek.com/state-firewall-report-automation-key-preventing-costly-misconfigurations Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem. Gartner also posits that “99% of firewall breaches will be caused by misconfigurations, not firewall flaws.”. Report at


Fraud rates increasing as criminals become more sophisticated

www.helpnetsecurity.com/2019/11/14/fraud-rates-increasing/ Fraud rates have been skyrocketing, with 90 voice channel attacks occurring every minute in the U.S., Pindrop reveals.. Voice fraud continues to serve as a major threat, with rates climbing more than 350 percent from 2014 to 2018

Facebook Nixes Billions of Fake Accounts

www.securityweek.com/facebook-nixes-billions-fake-accounts Facebook on Wednesday said it has taken down some 5.4 billion fake accounts this year in a sign of the persistent battle on social media against manipulation and misinformation.

IT professionals deem hybrid cloud as most secure

www.helpnetsecurity.com/2019/11/15/hybrid-cloud-security/ Enterprises plan to aggressively shift investment to hybrid cloud architectures, with respondents reporting steady and substantial hybrid deployment plans over the next five years, according to a Nutanix survey.

How the most damaging ransomware evades IT security

news.sophos.com/en-us/2019/11/14/how-the-most-damaging-ransomware-evades-it-security/ We decided to take a closer look at the behaviour of ransomware once it is inside a victim system, and how the various tools and techniques observed are used by the most prevalent ransomware families, from WannaCry, Matrix and GandCrab to Ryuk, SamSam, MegaCortex, and more. This article is a summary of a report were releasing today, How Ransomware Attacks: What defenders should know about the . report:


Katse tulevaisuuteen: Check Pointin kyberturvaennuste 2020


To improve incident response, you need to consider 3rd party solutions

www.helpnetsecurity.com/2019/11/15/improve-incident-response/ Organizations reported an average 32% reduction in threat responder workload when they deployed a managed SIEM solution, according to CenturyLink and IDG.

Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features

intsights.com/resources/under-the-hood Car manufacturers offer more software features to consumers than ever before. Cloud connectivity and wireless technologies are standard features today, and drivers expect everything to work in a safe, reliable, and smart way.. But these advanced software features tend to have lax security protocols, opening the door for threat actors to hack into any cars network and paving the way for them to access the manufacturers corporate systems.. report:


Lizard Squad Threatens UKs Labour Leader with Cyberattacks Against His Family

threatpost.com/lizard-squad-labour-leader-cyberattacks-family/150312/ Lizard Squad, the well-known hacktivist cybergang, is pledging to mount personal cyberattacks on Britains Labour Party leader, Jeremy Corbyn.. Lizard Squad, which specializes in mounting DDoS attacks against high-profile targets, took responsibility for the attack. It tweeted out that no terrorist-supporting government should be allowed to rule a country in a reference to leader Jeremy Corbyns views on Northern Ireland; politics-watchers say that Ulster is at the heart of the countrys inability to get a Brexit deal done.

Custom dropper hide and seek

blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html Cisco Talos has monitored adversaries which are behind a wave of ongoing campaigns dropping well-known information-stealer like Agent Tesla, Loki-bot and others since at least January 2019. The adversaries using custom droppers, which inject the final malware into common processes on the victim machine.. The injection techniques we’re seeing in the wild are well-known and have been used for many years, but with the adversaries customizing them, traditional anti-virus systems are having a hard time detecting the embedded malware. In this post, we’ll walk through one of these campaigns in detail and how the different stages of the dropper hide the malware. Any internet user is a potential target of

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/ A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry as it was discovered on a Linux machine running Nextcloud server.. On October 24, Nextcloud released an urgent alert about a remote code execution vulnerability that impacts the default Nextcloud NGINX configuration. Tracked as CVE-2019-11043, the flaw is in the PHP-FPM (FastCGI Process Manager) component, included by some hosting providers like Nextcloud in their default setup. A public exploit exists and has been leveraged to compromised servers.. Nextclouds recommendation for administrators is to upgrade their PHP packages and NGINX configuration file to the latest version.

DDoS-for-Hire Services Owner Sentenced to 13 Months in Prison

www.bleepingcomputer.com/news/security/ddos-for-hire-services-owner-sentenced-to-13-months-in-prison/ Sergiy P. Usatyuk, the owner and admin of several DDoS-for-hire services also known as booters or stressers, was sentenced to 13 months in prison, to be followed by three years of supervised release.

You might be interested in …

Daily NCSC-FI news followup 2019-09-01

Latest Sextortion Email Scheme Sent by ChaosCC Hacker Group www.bleepingcomputer.com/news/security/latest-sextortion-email-scheme-sent-by-chaoscc-hacker-group/ A new sextortion scam is underway that claims to be from the ChaosCC hacker group who states they infected the recipient’s computer with a Trojan that videoed them on adult web sites. If you received this email, it is important to know from the beginning […]

Read More

Daily NCSC-FI news followup 2020-04-24

New Training: on orchestration of CSIRT Tools www.enisa.europa.eu/news/enisa-news/csirt-training-tools-new-orchestration The EU agency for Cybersecurity introduces new training materials to support Member States’ CSIRTs. ENISA puts great effort into supporting the development of EU Member States’ national incident response preparedness. To that purpose, ENISA updated its CSIRT training material aimed at improving the skills of CSIRT teams. […]

Read More

Daily NCSC-FI news followup 2020-01-18

Microsoft Issues Mitigation for Actively Exploited IE Zero-Day www.bleepingcomputer.com/news/security/microsoft-issues-mitigation-for-actively-exploited-ie-zero-day/ Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.. Redmond’s advisory says that the company is aware of “limited targeted attacks” targeting this vulnerability. Kriittinen nollap√§iv√§haavoittuvuus Internet Explorerissa (CVE-2020-0674) www.kyberturvallisuuskeskus.fi/fi/kriittinen-nollapaivahaavoittuvuus-internet-explorerissa-cve-2020-0674 Microsoft on julkaissut tiedotteen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.