Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses

www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses.

Stantinko botnet adds cryptomining to its pool of criminal activities

www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators of the Stantinko botnet have expanded their toolset with a new means of profiting from the computers under their control. The roughly half-million-strong botnet known to have been active since at least 2012 and mainly targeting users in Russia, Ukraine, Belarus and Kazakhstan now distributes a cryptomining module.

NYPD Fingerprint Database Taken Offline to Thwart Ransomware

threatpost.com/nypd-fingerprint-database-ransomware/150592/ The New York Police Departments database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports.

Exploit kits: fall 2019 review

blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/ Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, were seeing new exploit kits emerge.

A hacking group is hijacking Docker systems with exposed API endpoints

www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/ A hacking group is currently mass-scanning the internet looking for Docker platforms that have API endpoints exposed online.. The purpose of these scans is to allow the hacker group to send commands to the Docker instance and deploy a cryptocurrency miner on a company’s Docker instances, to generate funds for the group’s own profits.

Some Fortinet products shipped with hardcoded encryption keys

www.zdnet.com/article/some-fortinet-products-shipped-with-hardcoded-encryption-keys/#ftag=RSSbaffb68 Fortinet, a vendor of cyber-security products, took between 10 and 18 months to remove a hardcoded encryption key from three products that were exposing customer data to passive interception.. See also:



HPE issues firmware fix to to stop SSD failure

blocksandfiles.com/2019/11/25/hpe-issues-firmware-fix-to-to-stop-ssd-failure/ The HPE customer bulletin, dated 19 November, says SSD Firmware Version HPD8 is a critical fix. If it is not applied the drive will fail at 32,768 hours operating time, meaning 3 years, 270 days 8 hours, and data on the drive will be lost.

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

krebsonsecurity.com/2019/11/sale-of-4-million-stolen-cards-tied-to-breaches-at-4-restaurant-chains/ On Nov. 23, one of the cybercrime undergrounds largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

thehackernews.com/2019/11/sdk-twitter-facebook-android.html Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users’ data associated with their connected social media accounts.. See also: help.twitter.com/en/sdk-issue

Microsoft says new Dexphot malware infected more than 80,000 computers

www.zdnet.com/article/microsoft-says-new-dexphot-malware-infected-more-than-80000-computers/ Microsoft security engineers detailed today a new malware strain that has been infecting Windows computers since October 2018 to hijack their resources to mine cryptocurrency and generate revenue for the attackers.

New DeathRansom Ransomware Begins to Make a Name for Itself

www.bleepingcomputer.com/news/security/new-deathransom-ransomware-begins-to-make-a-name-for-itself/ A new ransomware called DeathRansom began with a rocky start, but has now resolved it’s issues and has begun to infect victims and encrypt their data. . When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting around November 20th, though, something changed.

Detecting a MuddyWater APT using the RSA NetWitness Platform

community.rsa.com/community/products/netwitness/blog/2019/11/21/detecting-a-muddywater-apt-using-the-rsa-netwitness-platform MuddyWater is a state-sponsored threat group suspected to be linked to Iran. The group relied on spear phishing emails with macro infected Word documents in the past and has recently been using similar techniques using Excel documents in a new wave of attacks during October-November 2019.

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ Server-Side Request Forgery (SSRF) is a web application vulnerability that redirects the attackers requests to the internal network or localhost behind the firewall. SSRF poses a particular threat to cloud services due to the use of the metadata API that allows applications to access the underlying cloud infrastructures information such as configurations, logs, and credentials. . Unit 42 researchers took a closer look at the Jira SSRF vulnerability (CVE-2019-8451) and studied its impact on six public cloud service providers (CSPs). This is the same type of vulnerability that led to the Capital One data breach in July 2019.

You might be interested in …

Daily NCSC-FI news followup 2019-12-25

Toistasataa kiinalaista pidätettiin Nepalissa epäiltynä kyberhuijauksesta yle.fi/uutiset/3-11134577 Ratsiassa takavarikoitiin yli 700 puhelinta ja 400 tietokonetta. Staying Cyber-Safe This Holiday Season www.fortinet.com/blog/industry-trends/staying-cyber-safe-this-holiday-season.html Look-alike websites, fake shipping notifications, e-cards, emergency scams, phony charities, free gift cards etc. These are the most common forms of holiday scams. Signs of Phishing: Protecting Yourself During the Holidays www.tripwire.com/state-of-security/featured/signs-of-phishing-protecting-yourself-during-the-holidays/ Some things […]

Read More

Daily NCSC-FI news followup 2021-10-14

Analyzing Email Services Abused for Business Email Compromise www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses despite the decrease in number of victims. Our continued monitoring of BEC activities […]

Read More

Daily NCSC-FI news followup 2021-10-11

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/  DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.