Daily NCSC-FI news followup 2019-11-18

How the Iranian Government Shut Off the Internet

www.wired.com/story/iran-internet-shutoff/ Amid widespread demonstrations over rising gasoline prices, Iranians began experiencing internet slowdowns over the last few days that became a near-total internet and mobile data blackout on Saturday. The government is apparently seeing to silence protestors and quell unrest. So how does a country like Iran switch off internet to a population of more than 80 million? It’s not an easy thing to do.

Disney+ fans without answers after thousands hacked

www.bbc.com/news/technology-50461171 Thousands of Disney customers say they have been hacked after signing up to its online streaming service.

Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites

threatpost.com/pipka-card-skimmer-removes-itself-after-infecting-ecommerce-sites/150341/ A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data a detection evasion technique never seen before with JavaScript web skimmers.

Interpol: Strong encryption helps online predators. Build backdoors

www.theregister.co.uk/2019/11/18/interpol_says_encryption_helps_paedos_barmy/ Three people “briefed on the matter” told financial newswire Reuters yesterday that the agency would be issuing a statement this week condemning the use of strong encryption because it helps child predators.. While the statement may well read like the rantings of a demented senior citizen in some long-forgotten care home, it builds on similar statements from Western governments, police and spy agencies, as well as new international treaties. So-called “think of the children” rhetoric is a tried and trusted strategy for police workers who are determined to get their way with politicians.

The Iran Cables

theintercept.com/series/iran-cables/ In an unprecedented leak from one of the worlds most secretive regimes, an anonymous source provided 700 pages of Iranian intelligence reports to The Intercept, saying they wanted to let the world know what Iran is doing in my country Iraq.. also:

www.nytimes.com/interactive/2019/11/18/world/middleeast/iran-iraq-spy-cables.html. also: yle.fi/uutiset/3-11073974

Otaniemen Junction-hackathonissa ennätysmäärä ulkomaalaisia osallistujia Pääpalkinto lasten kyberturvaa edistävälle sovellukselle

www.tivi.fi/uutiset/tv/615337fa-9c34-4c98-975e-5d3f53a26a4e Viikonlopun aikana osallistujat rakensivat yhteensä 350 uutta teknologiaprojektia, joista voittajaksi valittiin lasten kyberturvallisuutta edistävä sovellus. Sovellus mahdollistaa tarinallistamalla lapsille oman salasanansa luonnin ja muistamisen.

Pemex ransomware attack: Mexico Oil, Gas Recovery Update.

www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/pemex-recovery-update/ How the Mexican state oil and gas conglomerate is striving to bring systems back online.

Someone is using the ‘Cozy Bear’ moniker to scare DDoS victims into bitcoin payments

www.cyberscoop.com/cozy-bear-ddos-ransom-akamai/ Multiple companies have reported to the security vendor Akamai that they were hit with a distributed denial-of-service attack, which degrades victims web services by overwhelming them with fake traffic. After a brief DDoS hit, victims say they receive an extortion note from a group claiming to be Cozy Bear, a state-sponsored Russian hacking group.. The scheme works like this: attackers launch the DDoS attack from a botnet, in which each IP in the botnet sends a fraction of the overall traffic to the target. The victim has a deadline, typically six days, to pay two bitcoin. If they dont pay by the time the deadline expires, the fee increases by one bitcoin per day, and the DDoS resumes.

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies Its a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time.

The Importance of the Network in Detecting Incidents in Critical Infrastructure

blogs.cisco.com/security/the-importance-of-the-network-in-detecting-incidents-in-critical-infrastructure In order to have assurance of business operations, it is critical to have visibility and awareness into what is occurring on the network at any given time.. In the security world we can infer much from network telemetry, from malware behaviour and reconnaissance, to data exfiltration. It is even possible to infer to some extent what is contained in encrypted traffic.

Fortinet, Siemens pair up to better secure operational technology

www.zdnet.com/article/fortinet-siemens-pair-up-to-better-secure-operational-technology/#ftag=RSSbaffb68 Fortinet and Siemens unveiled a partnership designed to better secure operational technology networks in markets such as utilities, transportation and oil and gas.. Under the alliance, Siemens will integrate its industrial and operational technologies and control systems with Fortinet’s cybersecurity platform and Fortinet Security Fabric. The aim is to better secure edge computing and Internet of things devices.

Windows security warning: Ransomware is growing fastest, and just got harder to tackle

www.zdnet.com/article/windows-security-warning-ransomware-is-growing-fastest-and-just-got-harder-to-tackle/#ftag=RSSbaffb68 Tech security company Bitdefender analysed Windows security threats including ransomware, coin miners, fileless malware, PUAs (‘potentially unwanted applications’ that can compromise privacy or security), exploits (attacks based on unpatched or previously-unknown vulnerabilities) and banking Trojans.. Bitdefender found that of all these threats, ransomware reports saw the biggest year-on-year increase — 74.2%. Ransomware also ranked first in terms of the total number of reports.. report:

download.bitdefender.com/resources/files/News/CaseStudies/study/293/Bitdefender-WhitePaper-Mid-Year-Threat-Landscape-Report-2019.pdf

Linux, Windows Users Targeted With New ACBackdoor Malware

www.bleepingcomputer.com/news/security/linux-windows-users-targeted-with-new-acbackdoor-malware/ Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.. The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan found.. “ACBackdoor provides arbitrary execution of shell commands, arbitrary binary execution, persistence, and update capabilities,” the Intezer researcher found.

Experts found undocumented access feature in Siemens SIMATIC PLCs

securityaffairs.co/wordpress/93939/ics-scada/siemens-simatic-flaw.html Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.