Daily NCSC-FI news followup 2019-12-04

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/ Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.. see also

securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/. full whitepaper www.ibm.com/downloads/cas/OAJ4VZNJ

Uutta valtionhallinnossa: Traficom organisoituu osaamisalueiksi ja vaikuttavuusverkostoiksi

www.traficom.fi/fi/ajankohtaista/uutta-valtionhallinnossa-traficom-organisoituu-osaamisalueiksi-ja Liikenne- ja viestintävirasto Traficomin organisaatio uudistuu 1.1.2020 alkaen neljäksi osaamisalueeksi ja kahdeksi vaikuttavuusverkostoksi. Tavoitteena on mahdollistaa viraston uudistumiskyky ja moninäkökulmainen päätöksenteko ja siten varmistaa virastolle osoitettujen tehtävien toteuttaminen tehokkaasti ja tuloksekkaasti.

Two malicious Python libraries caught stealing SSH and GPG keys

www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ The two libraries were created by the same developer and mimicked other more popular libraries — using a technique called typosquatting to register similarly-looking names.. The first is “python3-dateutil,” which imitated the popular “dateutil” library. The second is “jeIlyfish” (the first L is an I), which mimicked the “jellyfish” library.

China resurrects Great Cannon for DDoS attacks on Hong Kong forum

www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/ After more than two years since it’s been used the last time, the Chinese government deployed an infamous DDoS tool named the “Great Cannon” to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests.

New macOS Threat Served from Cryptocurrency Trading Platform

www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/ Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus.

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Attackers have a dirty little secret that is being used to conduct big intrusions. Well explain how they’re “unpatching” an exploit and then provide new Outlook hardening guidance that is not available elsewhere.. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsofts CVE-2017-11774 patch functionality.

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign


EU gets a bit STRESSED out about 5G: With great economic benefits come great security risks

www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/ The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits.

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

thehackernews.com/2019/12/goahead-web-server-hacking.html Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

A stranger wants to give me money. What could possibly go wrong?

www.kaspersky.com/blog/incoming-transfer-scam/31716/ Two schemes whereby a victim receives money and neither one is good news.

Analysis of a strangely poetic malware


You might be interested in …

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied […]

Read More

Daily NCSC-FI news followup 2019-10-31

Breaches at NetworkSolutions, Register.com, and Web.com krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/ Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.. thehackernews.com/2019/10/domain-name-registrars-hacked.html How a months-old AMD microcode bug destroyed my weekend arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/ AMD shipped Ryzen 3000 with a serious microcode […]

Read More

Daily NCSC-FI news followup 2019-11-19

Why Were the Russians So Set Against This Hacker Being Extradited? krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/ The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States.. When Israeli authorities turned down requests to send him back to Russia supposedly to face separate […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.