Daily NCSC-FI news followup 2019-12-04

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/ Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.. see also

securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/. full whitepaper www.ibm.com/downloads/cas/OAJ4VZNJ

Uutta valtionhallinnossa: Traficom organisoituu osaamisalueiksi ja vaikuttavuusverkostoiksi

www.traficom.fi/fi/ajankohtaista/uutta-valtionhallinnossa-traficom-organisoituu-osaamisalueiksi-ja Liikenne- ja viestintävirasto Traficomin organisaatio uudistuu 1.1.2020 alkaen neljäksi osaamisalueeksi ja kahdeksi vaikuttavuusverkostoksi. Tavoitteena on mahdollistaa viraston uudistumiskyky ja moninäkökulmainen päätöksenteko ja siten varmistaa virastolle osoitettujen tehtävien toteuttaminen tehokkaasti ja tuloksekkaasti.

Two malicious Python libraries caught stealing SSH and GPG keys

www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ The two libraries were created by the same developer and mimicked other more popular libraries — using a technique called typosquatting to register similarly-looking names.. The first is “python3-dateutil,” which imitated the popular “dateutil” library. The second is “jeIlyfish” (the first L is an I), which mimicked the “jellyfish” library.

China resurrects Great Cannon for DDoS attacks on Hong Kong forum

www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/ After more than two years since it’s been used the last time, the Chinese government deployed an infamous DDoS tool named the “Great Cannon” to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests.

New macOS Threat Served from Cryptocurrency Trading Platform

www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/ Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus.

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Attackers have a dirty little secret that is being used to conduct big intrusions. Well explain how they’re “unpatching” an exploit and then provide new Outlook hardening guidance that is not available elsewhere.. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsofts CVE-2017-11774 patch functionality.

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign

blog.trendmicro.com/trendlabs-security-intelligence/obfuscation-tools-found-in-the-capesand-exploit-kit-possibly-used-in-kurdishcoder-campaign/

EU gets a bit STRESSED out about 5G: With great economic benefits come great security risks

www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/ The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits.

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

thehackernews.com/2019/12/goahead-web-server-hacking.html Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

A stranger wants to give me money. What could possibly go wrong?

www.kaspersky.com/blog/incoming-transfer-scam/31716/ Two schemes whereby a victim receives money and neither one is good news.

Analysis of a strangely poetic malware

isc.sans.edu/forums/diary/Analysis+of+a+strangely+poetic+malware/25572/

You might be interested in …

Daily NCSC-FI news followup 2020-04-12

Sodinokibi Ransomware to stop taking Bitcoin to hide money trail www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/ The Sodinokibi Ransomware has started to accept the Monero cryptocurrency to make it harder for law enforcement to track ransom payments and plans to stop allowing bitcoin payments in the future. Burning Cell Towers, Out of Baseless Fear They Spread the Virus www.msn.com/en-us/news/technology/how-a-virus-conspiracy-theory-fueled-arson-and-harassment-in-britain/ar-BB12rCms Across […]

Read More

Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2 arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents […]

Read More

Daily NCSC-FI news followup 2020-05-30

List of well-known web sites that port scan their visitors www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ Last weekend, news heavily circulated that eBay.com was port scanning visitors’ computers when they browsed their site. To see what other sites may be using this script, BleepingComputer reached out to DomainTools, a cybersecurity company specializing in web domain and DNS threat intelligence. Of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.