Daily NCSC-FI news followup 2019-11-18

How the Iranian Government Shut Off the Internet

www.wired.com/story/iran-internet-shutoff/ Amid widespread demonstrations over rising gasoline prices, Iranians began experiencing internet slowdowns over the last few days that became a near-total internet and mobile data blackout on Saturday. The government is apparently seeing to silence protestors and quell unrest. So how does a country like Iran switch off internet to a population of more than 80 million? It’s not an easy thing to do.

Disney+ fans without answers after thousands hacked

www.bbc.com/news/technology-50461171 Thousands of Disney customers say they have been hacked after signing up to its online streaming service.

Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites

threatpost.com/pipka-card-skimmer-removes-itself-after-infecting-ecommerce-sites/150341/ A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data a detection evasion technique never seen before with JavaScript web skimmers.

Interpol: Strong encryption helps online predators. Build backdoors

www.theregister.co.uk/2019/11/18/interpol_says_encryption_helps_paedos_barmy/ Three people “briefed on the matter” told financial newswire Reuters yesterday that the agency would be issuing a statement this week condemning the use of strong encryption because it helps child predators.. While the statement may well read like the rantings of a demented senior citizen in some long-forgotten care home, it builds on similar statements from Western governments, police and spy agencies, as well as new international treaties. So-called “think of the children” rhetoric is a tried and trusted strategy for police workers who are determined to get their way with politicians.

The Iran Cables

theintercept.com/series/iran-cables/ In an unprecedented leak from one of the worlds most secretive regimes, an anonymous source provided 700 pages of Iranian intelligence reports to The Intercept, saying they wanted to let the world know what Iran is doing in my country Iraq.. also:

www.nytimes.com/interactive/2019/11/18/world/middleeast/iran-iraq-spy-cables.html. also: yle.fi/uutiset/3-11073974

Otaniemen Junction-hackathonissa ennätysmäärä ulkomaalaisia osallistujia Pääpalkinto lasten kyberturvaa edistävälle sovellukselle

www.tivi.fi/uutiset/tv/615337fa-9c34-4c98-975e-5d3f53a26a4e Viikonlopun aikana osallistujat rakensivat yhteensä 350 uutta teknologiaprojektia, joista voittajaksi valittiin lasten kyberturvallisuutta edistävä sovellus. Sovellus mahdollistaa tarinallistamalla lapsille oman salasanansa luonnin ja muistamisen.

Pemex ransomware attack: Mexico Oil, Gas Recovery Update.

www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/pemex-recovery-update/ How the Mexican state oil and gas conglomerate is striving to bring systems back online.

Someone is using the ‘Cozy Bear’ moniker to scare DDoS victims into bitcoin payments

www.cyberscoop.com/cozy-bear-ddos-ransom-akamai/ Multiple companies have reported to the security vendor Akamai that they were hit with a distributed denial-of-service attack, which degrades victims web services by overwhelming them with fake traffic. After a brief DDoS hit, victims say they receive an extortion note from a group claiming to be Cozy Bear, a state-sponsored Russian hacking group.. The scheme works like this: attackers launch the DDoS attack from a botnet, in which each IP in the botnet sends a fraction of the overall traffic to the target. The victim has a deadline, typically six days, to pay two bitcoin. If they dont pay by the time the deadline expires, the fee increases by one bitcoin per day, and the DDoS resumes.

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies Its a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.

The Importance of the Network in Detecting Incidents in Critical Infrastructure

blogs.cisco.com/security/the-importance-of-the-network-in-detecting-incidents-in-critical-infrastructure In order to have assurance of business operations, it is critical to have visibility and awareness into what is occurring on the network at any given time.. In the security world we can infer much from network telemetry, from malware behaviour and reconnaissance, to data exfiltration. It is even possible to infer to some extent what is contained in encrypted traffic.

Fortinet, Siemens pair up to better secure operational technology

www.zdnet.com/article/fortinet-siemens-pair-up-to-better-secure-operational-technology/#ftag=RSSbaffb68 Fortinet and Siemens unveiled a partnership designed to better secure operational technology networks in markets such as utilities, transportation and oil and gas.. Under the alliance, Siemens will integrate its industrial and operational technologies and control systems with Fortinet’s cybersecurity platform and Fortinet Security Fabric. The aim is to better secure edge computing and Internet of things devices.

Windows security warning: Ransomware is growing fastest, and just got harder to tackle

www.zdnet.com/article/windows-security-warning-ransomware-is-growing-fastest-and-just-got-harder-to-tackle/#ftag=RSSbaffb68 Tech security company Bitdefender analysed Windows security threats including ransomware, coin miners, fileless malware, PUAs (‘potentially unwanted applications’ that can compromise privacy or security), exploits (attacks based on unpatched or previously-unknown vulnerabilities) and banking Trojans.. Bitdefender found that of all these threats, ransomware reports saw the biggest year-on-year increase — 74.2%. Ransomware also ranked first in terms of the total number of reports.. report:


Linux, Windows Users Targeted With New ACBackdoor Malware

www.bleepingcomputer.com/news/security/linux-windows-users-targeted-with-new-acbackdoor-malware/ Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.. The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan found.. “ACBackdoor provides arbitrary execution of shell commands, arbitrary binary execution, persistence, and update capabilities,” the Intezer researcher found.

Experts found undocumented access feature in Siemens SIMATIC PLCs

securityaffairs.co/wordpress/93939/ics-scada/siemens-simatic-flaw.html Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices.

You might be interested in …

Daily NCSC-FI news followup 2019-09-21

VMware Releases Security Updates for Multiple Products www.us-cert.gov/ncas/current-activity/2019/09/20/vmware-releases-security-updates-multiple-products See also: www.vmware.com/security/advisories/VMSA-2019-0014.html Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/ To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions. Windows 7 Voting Systems to Get […]

Read More

Daily NCSC-FI news followup 2020-04-23

Twitter will remove dubious 5G tweets that could potentially cause harm’ techcrunch.com/2020/04/22/twitter-will-remove-dubious-5g-tweets-that-could-potentially-cause-harm/ “We’re prioritizing the removal of COVID-19 content when it has a call to action that could potentially cause harm, “ First version of Apple and Google’s contact tracing API should be available to developers next week techcrunch.com/2020/04/23/first-version-of-apple-and-googles-contact-tracing-api-should-be-available-to-developers-next-week/ The first version of Apple and […]

Read More

Daily NCSC-FI news followup 2021-01-03

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud threatpost.com/2021-cybersecurity-trends/162629/ Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts. After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.