Daily NCSC-FI news followup 2019-11-21

The Cyber-Physical Security of the Power Grid

smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid Since critical infrastructures play a crucial role in our everyday life, its security has to be considered as one of the most important challenges in this modern era.. Physical and cyber security of smart power grids is very difficult due to their complexity and inhomogeneity. A huge part of the system is connected to the Internet, hence remote control is possible.. A well-structured defense mechanism against cyber threats can only be effective if the whole power grid is deeply known by its ICS. For this reason, it is worth examining smart grid and SCADA structures integrated into each other.

Customer Guidance for the Dopplepaymer Ransomware

msrc-blog.microsoft.com/2019/11/20/customer-guidance-for-the-dopplepaymer-ransomware/ Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims. In our investigations we found that the malware relies on

Security Firms, Nonprofits Team to Fight Stalkerware

threatpost.com/security-firms-nonprofits-team-stalkerware/150498/ The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.

Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks

www.zdnet.com/article/anonymous-hacker-gets-a-whopping-six-years-in-prison-for-some-lame-ddos-attacks/#ftag=RSSbaffb68 An Ohio man was sentenced last month to six years in prison for a series of DDoS attacks against websites for the city of Akron, Ohio, and the Akron police department.. Some might argue that six years in prison just for launching DDoS attacks that only caused intermittent downtime for a public website may be excessive; however, US authorities have been historically hard on these types of crimes.. Ironically, the operator of eight DDoS booter services that allowed people like Robinson to rent the firepower to carry out these types of attacks only got a 13-month prison sentence.

Exposed database left terabyte of travelers’ data open to the public

www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/ Security researchers found that one of Europe’s largest hotel booking companies left more than a terabyte of sensitive data exposed on a public server.. The exposed database contained travelers’ information like names, home addresses, lodging, children’s personal information, credit card numbers and thousands of passwords stored in plaintext, the security researchers said Wednesday. The database stores information on 140,000 clients, each of which could be an individual, a group of travelers or an organization.

New SectopRAT: Remote access malware utilizes second desktop to control browsers

www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers This new remote access malware creates a second desktop that is invisible to the system’s user. The threat actor can surf the Internet using the infected machine.

Registers as Default Print Monitor, but is a malicious downloader. Meet DePriMon

www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/ DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor a trick falling under the Port Monitors technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the Windows Default Print Monitor name, thats why we have named it DePriMon. Due to its complexity

Mikko Hyppönen varoittaa: Näitä hyökkäyksiä emme ole nähneet ihan vielä

www.is.fi/digitoday/tietoturva/art-2000006316233.html Tekoälypohjaiset hyökkäykset ovat odotettavissa lähitulevaisuudessa. Samalla tietoturvayhtiö haluaa muuttaa tavan, jolla tekoälystä ajatellaan.

Long-known Vulnerabilities in High-Profile Android Applications

research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/ The common perception is that as soon as a vulnerability is discovered in a software component, its immediately fixed. Therefore, by maintaining up-to-date versions of the mobile OS and all apps, you can keep your mobile device secure. However, Check Point Research shows that even long-since fixed vulnerabilities can be critically important, as outdated code can find its way into even the most

Russia’s Sandworm Hackers Also Targeted Android Phones

www.wired.com/story/sandworm-android-malware/ At the CyberwarCon conference in Arlington, Virginia today, Google security researchers Neel Mehta and Billy Leonard described a series of new details about Sandworm’s activities since 2017 that ranged from its role in targeting the French Election to its attempt to disrupt the 2018 Olympics toperhaps the most unlikely new example of Sandworm’s tacticsattempting to infect large numbers of . They even tried to compromise Android developers, in an attempt to taint their legitimate apps with malware.

New RIPlace Bypass Evades Windows 10, AV Ransomware Protection

www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/ A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.

Nigerian Fraudster Pulled Off $1M Scam While Serving Prison Term

www.tripwire.com/state-of-security/security-data-protection/nigerian-fraudster-pulled-off-1m-scam-while-serving-prison-term/ A convicted Nigerian fraudster earned more than $1 million from a scam that he executed while serving a multi-year prison term.

Gnip Banking Trojan Shows Ongoing, Aggressive Development

threatpost.com/gnip-banking-trojan-aggressive-development/150521/ A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating including a sample released in November that includes part of the Anubis trojans source code.

Expanding the Android Security Rewards Program

security.googleblog.com/2019/11/expanding-android-security-rewards.html The Android Security Rewards (ASR) program was created in 2015 to reward researchers who find and report security issues to help keep the Android ecosystem safe.. Today, were expanding the program and increasing reward amounts. We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top

Dtrack: In-depth analysis of APT on a nuclear power plant

www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/ Dtrack is a RAT (Remote Administration Tool) allegedly written by the North Korean Lazarus group. Recently the Dtrack malware was found in the Indian nuclear power planet Kudankulam Nuclear Power Plant (KNPP).. This post includes: Technical analysis of the Dtrack droppers and their connection to our previous research on BackSwap and Ursnif, Technical analysis of the Dtrack variant found on KNPP, How Cyberbit EDR detects both Dtracks droppers and the KNPP, variant, Suggestions of practical steps to identify Dtrack samples in the wild.

Deepfakes and LinkedIn: malign interference campaigns

blog.malwarebytes.com/social-engineering/2019/11/deepfakes-and-linkedin-malign-interference-campaigns/ Deepfakes havent quite lost the power to surprise, but given their wholesale media saturation in the last year or so, theres a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to be fairly split between Wow, thats funny and barely even amused.. What happens when a perfectly ordinary LinkedIn profile features a deepfake-generated image of a person who doesnt exist? Everyone believes the lie.

New Spam Campaign Impersonates a Variety of Government Agencies from Different Countries

www.fortinet.com/blog/threat-research/spam-campaign-impersonates-government-agencies.html A number of malicious spam campaigns have been detected simultaneously delivering malware including ransomware, banking Trojans, and backdoors to victims across different geographical regions.. These campaigns are interesting because they all use lookalike domains and stolen branding from a variety of government agencies, each specifically tied to the countries being targeted to lend a sense of local legitimacy and urgency to their messages.. They have been targeting IT services, manufacturing, and healthcare organizations using these spoofed government agencies to convince users to read these emails and open their attachments.. While the source of these spam campaigns is still being analyzed, some threat researchers have asserted that these campaigns are being launched and coordinated by a single criminal organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.