Daily NCSC-FI news followup 2019-11-15

Clampdown on US border device searches not such a big deal

www.zdnet.com/article/clampdown-on-us-border-device-searches-not-such-a-big-deal/#ftag=RSSbaffb68 Alasaad v. Mcaleenan acknowledges the intrusiveness of digital searches, but it’s only about “contraband” and falls short of requiring a warrant. It’s time for SCOTUS and Congress to dig deeper, say experts.

New Emotet Report Details Threats From One of the Worlds Most Successful Malware Operations

www.fortinet.com/blog/threat-research/emotet-playbook-banking-trojan.html Emotet is still highly active, and its daily activity is noted not only by the organizations affected by this pervasive threat, but by researchers and first responders worldwide trying to understand the latest additions and attack methodologies the Emotet authors have added to their war chest. This latest playbook focuses on a specific Emotet attack campaign that FortiGuard Labs has observed as . recently as a few weeks ago. While this playbook is not meant to be an exhaustive analysis of Emotet, as that would be impossible due to time constraints, but it does serve as a small glimpse into an otherwise impressive campaign of criminal behavior.

What is application security? A process and tools for securing software

www.csoonline.com/article/3315700/what-is-application-security-a-process-and-tools-for-securing-software.html According to Veracodes State of Software Security Vol. 10 report, 83% of the 85,000 applications it tested had at least one security flaw. Many had much more, as their research found a total of 10 million flaws, and 20% of all apps had at least one high severity flaw. Not all of those flaws presents a significant security risk, but the sheer number is troubling.

‘State of the Firewall’ Report: Automation Key to Preventing Costly Misconfigurations

www.securityweek.com/state-firewall-report-automation-key-preventing-costly-misconfigurations Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem. Gartner also posits that “99% of firewall breaches will be caused by misconfigurations, not firewall flaws.”. Report at


Fraud rates increasing as criminals become more sophisticated

www.helpnetsecurity.com/2019/11/14/fraud-rates-increasing/ Fraud rates have been skyrocketing, with 90 voice channel attacks occurring every minute in the U.S., Pindrop reveals.. Voice fraud continues to serve as a major threat, with rates climbing more than 350 percent from 2014 to 2018

Facebook Nixes Billions of Fake Accounts

www.securityweek.com/facebook-nixes-billions-fake-accounts Facebook on Wednesday said it has taken down some 5.4 billion fake accounts this year in a sign of the persistent battle on social media against manipulation and misinformation.

IT professionals deem hybrid cloud as most secure

www.helpnetsecurity.com/2019/11/15/hybrid-cloud-security/ Enterprises plan to aggressively shift investment to hybrid cloud architectures, with respondents reporting steady and substantial hybrid deployment plans over the next five years, according to a Nutanix survey.

How the most damaging ransomware evades IT security

news.sophos.com/en-us/2019/11/14/how-the-most-damaging-ransomware-evades-it-security/ We decided to take a closer look at the behaviour of ransomware once it is inside a victim system, and how the various tools and techniques observed are used by the most prevalent ransomware families, from WannaCry, Matrix and GandCrab to Ryuk, SamSam, MegaCortex, and more. This article is a summary of a report were releasing today, How Ransomware Attacks: What defenders should know about the . report:


Katse tulevaisuuteen: Check Pointin kyberturvaennuste 2020


To improve incident response, you need to consider 3rd party solutions

www.helpnetsecurity.com/2019/11/15/improve-incident-response/ Organizations reported an average 32% reduction in threat responder workload when they deployed a managed SIEM solution, according to CenturyLink and IDG.

Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features

intsights.com/resources/under-the-hood Car manufacturers offer more software features to consumers than ever before. Cloud connectivity and wireless technologies are standard features today, and drivers expect everything to work in a safe, reliable, and smart way.. But these advanced software features tend to have lax security protocols, opening the door for threat actors to hack into any cars network and paving the way for them to access the manufacturers corporate systems.. report:


Lizard Squad Threatens UKs Labour Leader with Cyberattacks Against His Family

threatpost.com/lizard-squad-labour-leader-cyberattacks-family/150312/ Lizard Squad, the well-known hacktivist cybergang, is pledging to mount personal cyberattacks on Britains Labour Party leader, Jeremy Corbyn.. Lizard Squad, which specializes in mounting DDoS attacks against high-profile targets, took responsibility for the attack. It tweeted out that no terrorist-supporting government should be allowed to rule a country in a reference to leader Jeremy Corbyns views on Northern Ireland; politics-watchers say that Ulster is at the heart of the countrys inability to get a Brexit deal done.

Custom dropper hide and seek

blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html Cisco Talos has monitored adversaries which are behind a wave of ongoing campaigns dropping well-known information-stealer like Agent Tesla, Loki-bot and others since at least January 2019. The adversaries using custom droppers, which inject the final malware into common processes on the victim machine.. The injection techniques we’re seeing in the wild are well-known and have been used for many years, but with the adversaries customizing them, traditional anti-virus systems are having a hard time detecting the embedded malware. In this post, we’ll walk through one of these campaigns in detail and how the different stages of the dropper hide the malware. Any internet user is a potential target of

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers

www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/ A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry as it was discovered on a Linux machine running Nextcloud server.. On October 24, Nextcloud released an urgent alert about a remote code execution vulnerability that impacts the default Nextcloud NGINX configuration. Tracked as CVE-2019-11043, the flaw is in the PHP-FPM (FastCGI Process Manager) component, included by some hosting providers like Nextcloud in their default setup. A public exploit exists and has been leveraged to compromised servers.. Nextclouds recommendation for administrators is to upgrade their PHP packages and NGINX configuration file to the latest version.

DDoS-for-Hire Services Owner Sentenced to 13 Months in Prison

www.bleepingcomputer.com/news/security/ddos-for-hire-services-owner-sentenced-to-13-months-in-prison/ Sergiy P. Usatyuk, the owner and admin of several DDoS-for-hire services also known as booters or stressers, was sentenced to 13 months in prison, to be followed by three years of supervised release.

You might be interested in …

Daily NCSC-FI news followup 2020-12-24

Windows zero-day with bad patch gets new public exploit code www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.. The issue, which advanced hackers exploited as a zero-day in […]

Read More

Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa US aerospace services provider breached by Maze Ransomware www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached […]

Read More

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.