Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses

www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses.

Stantinko botnet adds cryptomining to its pool of criminal activities

www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators of the Stantinko botnet have expanded their toolset with a new means of profiting from the computers under their control. The roughly half-million-strong botnet known to have been active since at least 2012 and mainly targeting users in Russia, Ukraine, Belarus and Kazakhstan now distributes a cryptomining module.

NYPD Fingerprint Database Taken Offline to Thwart Ransomware

threatpost.com/nypd-fingerprint-database-ransomware/150592/ The New York Police Departments database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports.

Exploit kits: fall 2019 review

blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/ Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, were seeing new exploit kits emerge.

A hacking group is hijacking Docker systems with exposed API endpoints

www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/ A hacking group is currently mass-scanning the internet looking for Docker platforms that have API endpoints exposed online.. The purpose of these scans is to allow the hacker group to send commands to the Docker instance and deploy a cryptocurrency miner on a company’s Docker instances, to generate funds for the group’s own profits.

Some Fortinet products shipped with hardcoded encryption keys

www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/#ftag=RSSbaffb68 Fortinet, a vendor of cyber-security products, took between 10 and 18 months to remove a hardcoded encryption key from three products that were exposing customer data to passive interception.. See also:



HPE issues firmware fix to to stop SSD failure

blocksandfiles.com/2019/11/25/hpe-issues-firmware-fix-to-to-stop-ssd-failure/ The HPE customer bulletin, dated 19 November, says SSD Firmware Version HPD8 is a critical fix. If it is not applied the drive will fail at 32,768 hours operating time, meaning 3 years, 270 days 8 hours, and data on the drive will be lost.

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/ On Nov. 23, one of the cybercrime undergrounds largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

thehackernews.com/2019/11/sdk-twitter-facebook-android.html Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users’ data associated with their connected social media accounts.. See also: help.twitter.com/en/sdk-issue

Microsoft says new Dexphot malware infected more than 80,000 computers

www.zdnet.com/article/microsoft-says-new-dexphot-malware-infected-more-than-80000-computers/ Microsoft security engineers detailed today a new malware strain that has been infecting Windows computers since October 2018 to hijack their resources to mine cryptocurrency and generate revenue for the attackers.

New DeathRansom Ransomware Begins to Make a Name for Itself

www.bleepingcomputer.com/news/security/new-deathransom-ransomware-begins-to-make-a-name-for-itself/ A new ransomware called DeathRansom began with a rocky start, but has now resolved it’s issues and has begun to infect victims and encrypt their data. . When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting around November 20th, though, something changed.

Detecting a MuddyWater APT using the RSA NetWitness Platform

community.rsa.com/community/products/netwitness/blog/2019/11/21/detecting-a-muddywater-apt-using-the-rsa-netwitness-platform MuddyWater is a state-sponsored threat group suspected to be linked to Iran. The group relied on spear phishing emails with macro infected Word documents in the past and has recently been using similar techniques using Excel documents in a new wave of attacks during October-November 2019.

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ Server-Side Request Forgery (SSRF) is a web application vulnerability that redirects the attackers requests to the internal network or localhost behind the firewall. SSRF poses a particular threat to cloud services due to the use of the metadata API that allows applications to access the underlying cloud infrastructures information such as configurations, logs, and credentials. . Unit 42 researchers took a closer look at the Jira SSRF vulnerability (CVE-2019-8451) and studied its impact on six public cloud service providers (CSPs). This is the same type of vulnerability that led to the Capital One data breach in July 2019.

You might be interested in …

Daily NCSC-FI news followup 2019-06-19

Apu: Kyberhyökkäys tietoverkkoihin voisi pimentää Suomen oletko varautunut? www.apu.fi/artikkelit/kyberhyokkays-tietoverkkoihin-voisi-pimentaa-suomen Kiinan tiedustelupalvelu värvää vakoilijoita LinkedInissä myös suomalaisia ulkopolitiikan asiantuntijoita lähestytty yle.fi/uutiset/3-10838995 Raportin on laatinut Ulkopoliittisen instituutin ohjelmajohtaja Mika Aaltola. Quick Detect: Exim “Return of the Wizard” Attack isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ =Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit […]

Read More

Daily NCSC-FI news followup 2020-02-03

TERVEYSTALON SÄHKÖISEEN VERKKOAJANVARAUKSEEN ON KOHDISTUNUT TIETOJENKALASTELUA www.terveystalo.com/fi/Sijoittajat/Tiedotteet/?crid=2AECEBB792F63309 Terveystalon sähköiseen verkkoajanvaraukseen on kohdistunut tietojenkalastelua. Tämän seurauksena yksittäisten henkilöiden henkilötunnus on todennäköisesti saatu selvitettyä. Verkkoajanvarauksessa ei käsitellä potilastietoja, ainoastaan nimi- ja henkilötunnustietoja. Potilastietoja verkkoajanvarauksen kautta ei saa selvitettyä.. Lue myös yle.fi/uutiset/3-11189706, www.hs.fi/kotimaa/art-2000006393563.html, www.is.fi/digitoday/tietoturva/art-2000006394014.html ja www.is.fi/digitoday/tietoturva/art-2000006394067.html Hakkerointi on yhtä murhaava ase kuin ohjusisku, sanoo Israelin armeijan tiedustelun veteraani […]

Read More

Daily NCSC-FI news followup 2021-04-08

Researchers uncover a new Iranian malware used in recent cyberattacks thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.