Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2019-12-04

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/ Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.. see also

securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/. full whitepaper www.ibm.com/downloads/cas/OAJ4VZNJ

Uutta valtionhallinnossa: Traficom organisoituu osaamisalueiksi ja vaikuttavuusverkostoiksi

www.traficom.fi/fi/ajankohtaista/uutta-valtionhallinnossa-traficom-organisoituu-osaamisalueiksi-ja Liikenne- ja viestintävirasto Traficomin organisaatio uudistuu 1.1.2020 alkaen neljäksi osaamisalueeksi ja kahdeksi vaikuttavuusverkostoksi. Tavoitteena on mahdollistaa viraston uudistumiskyky ja moninäkökulmainen päätöksenteko ja siten varmistaa virastolle osoitettujen tehtävien toteuttaminen tehokkaasti ja tuloksekkaasti.

Two malicious Python libraries caught stealing SSH and GPG keys

www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ The two libraries were created by the same developer and mimicked other more popular libraries — using a technique called typosquatting to register similarly-looking names.. The first is “python3-dateutil,” which imitated the popular “dateutil” library. The second is “jeIlyfish” (the first L is an I), which mimicked the “jellyfish” library.

China resurrects Great Cannon for DDoS attacks on Hong Kong forum

www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/ After more than two years since it’s been used the last time, the Chinese government deployed an infamous DDoS tool named the “Great Cannon” to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests.

New macOS Threat Served from Cryptocurrency Trading Platform

www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/ Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus.

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Attackers have a dirty little secret that is being used to conduct big intrusions. Well explain how they’re “unpatching” an exploit and then provide new Outlook hardening guidance that is not available elsewhere.. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsofts CVE-2017-11774 patch functionality.

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign

blog.trendmicro.com/trendlabs-security-intelligence/obfuscation-tools-found-in-the-capesand-exploit-kit-possibly-used-in-kurdishcoder-campaign/

EU gets a bit STRESSED out about 5G: With great economic benefits come great security risks

www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/ The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits.

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

thehackernews.com/2019/12/goahead-web-server-hacking.html Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

A stranger wants to give me money. What could possibly go wrong?

www.kaspersky.com/blog/incoming-transfer-scam/31716/ Two schemes whereby a victim receives money and neither one is good news.

Analysis of a strangely poetic malware

isc.sans.edu/forums/diary/Analysis+of+a+strangely+poetic+malware/25572/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.