Daily NCSC-FI news followup 2019-12-13

G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks

www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike in a targeted manner – using new methods such as Living Off The Land attacks.

Dangerous letters for small online retailers

www.kaspersky.com/blog/attack-on-online-retail/31786/ Cybercriminals are attacking small online stores, trying to trick their employees into opening malicious files. Cybercriminals often choose very small companies as their targets. Small businesses rarely spend significant money on security systems, often do not even have an IT specialist, and most important, are more likely to operate from just one or two computers, which makes it easier to choose a target that holds the kind of information cybercriminals are usually hunting for. Recently, our technologies detected yet another attack aimed at small online stores. Attackers, using social engineering methods, tried to force the owners of such businesses to run malicious scripts on their computers.

Connected Car Security Is a New Kind of Mobile Security Risk

securityintelligence.com/articles/connected-car-security-is-a-new-kind-of-mobile-security-risk/ Earlier this year, we published a piece about the need for a cybersecurity wake-up call in the automotive industry. The focal point of the story was a report on the industry by Synopsys that brought up critical red flags for all organizations operating within the automotive supply chain.. Fast forward to just over half a year later (an eternity in the tech world), and there appears to be more cause for optimism.

2FA: Double down on your security

www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/ The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. The usual way to secure most of your digital accounts is by using a password, no question about it. The problem is you have tens even hundreds of accounts you need to secure. How do you go about it? Do you have a unique password for every service you use?

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

thehackernews.com/2019/12/wordpress-elementor-beaver.html Attention WordPress users! Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password.. Also:

threatpost.com/critical-bug-in-wordpress-plugins-open-sites-to-hacker-takeovers/151123/

Internet banking sites and their use of TLS… and SSLv3… and SSLv2?!

isc.sans.edu/forums/diary/Internet+banking+sites+and+their+use+of+TLS+and+SSLv3+and+SSLv2/25606/ Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use. And even though the numbers are much lower, some servers on the web support SSLv2 to this day as well. And, as it turns out, this is true even when it comes to web servers hosting internet banking portals

FIN8 Targets Card Data at Fuel Pumps

threatpost.com/fin8-targets-card-data-fuel-pumps/151105/ Paying at the pump has landed in the sights of the notorious PoS-skimming group. The notorious FIN8 cybercrime group has a new target when it comes to skimming payment-card details from consumers: Point-of-sale (PoS) systems used at fuel pumps at gas stations. Visa warned this week in a public alert posted online that its Payment Fraud Disruption (PFD) department has seen at least two separate campaigns emerging this past summer that targeted fuel pumps.. Also:

www.bleepingcomputer.com/news/security/visa-warns-of-ongoing-cyber-attacks-on-gas-pump-pos-systems/

H:| Npm team warns of new ‘binary planting’ bug

www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/ Npm bug lets booby-trapped npm (JavaScript) packages plant or alter binaries on the victim’s system. The team behind npm, the biggest package manager for JavaScript libraries, has issued a security alert yesterday, advising all users to update to the latest version (6.13.4) to prevent “binary planting” attacks.. Also:

www.theregister.co.uk/2019/12/13/npm_path_traversal_bug/

The State of Ransomware in the US: Report and Statistics 2019

blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/ This report was originally scheduled to be published on January 1st, 2020. We have, however, decided to release it immediately due to a recent incident in which a ransomware attack may have resulted in a municipal governments data falling into the hands of cybercriminals. We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.

GALLIUM: Targeting global telecom

www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/ Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect themselves. By sharing the detailed methodology and indicators related to GALLIUM activity, were encouraging the security community to implement active defenses to secure the broader ecosystem from these attacks.

Edes vanha nyrkkisääntö ei auta kiristysohjelma nöyryyttää uhrinsa täysin

www.is.fi/digitoday/tietoturva/art-2000006342803.html Pitkään tiedetty uhka on muuttumassa todeksi. Yksi yritys sai jo kokea tämän karusti. Aiemmin nyrkkisäännöksi annettu varmuuskopiointikaan ei auta. Turvayhtiö nimeltä Allied Universal näki 700 megatavun edestä tietojaan levitettävän netissä sen jälkeen, kun yhtiö ei maksanut lunnaita Maze-kiristysohjelman viemistä tiedoista marraskuussa. Nyt samalla tavalla uhkaavat toimia Revil-kiristysohjelman levittäjät, jotka ovat venäjänkielisessä viestissään sanoneet julkaisevansa datakeskusyhtiö CyrusOnelta varastamansa tiedot tai myyvänsä ne kilpailijalle, jos lunnaita ei makseta. Toistaiseksi ei ole tiedossa, onko kyseessä vain uhkaus.

Suurin mobiililaitteisiin kohdistuva tietoturvauhka poistaminen ei auta, haittaohjelma osaa asentaa itsensä uudelleen

www.tivi.fi/uutiset/tv/5424cf25-cf53-40fe-b33e-264167352741 Maailmalla leviävä XHelper-mobiilitroijalainen on noussut Suomessakin yleisimmin tavattujen haittaohjelmien listalle. Tietoturvayhtiö Check Pointin tutkijat kertovat haittaohjelmakatsauksessaan, että maailman yleisimpien haittaohjelmien listalla on ensimmäistä kertaa yli kolmeen vuoteen mukana mobiilitroijalainen, XHelper. Mobiilihaittaohjelmien listalla se kiri marraskuussa kymmenikköön. Suomessakin se on paikallisen listan sijalla 7.. Myös: yle.fi/uutiset/3-11116346

Another Ransomware Will Now Publish Victims’ Data If Not Paid

www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/ The operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and data as leverage to get victims to pay ransoms. A new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom. While we have seen these threats in the past, only recently have Ransomware operators, such as Maze, actually followed through.

Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things

www.theregister.co.uk/2019/12/13/siemens_security_advisory/ Siemens industrial control systems designed specifically for energy plant gear are riddled with dozens of security vulnerabilities that are, luckily enough, tricky to exploit from the outside. The teams at Positive Technologies, Kaspersky Lab, and Biznet Bilisim took credit for finding and reporting 54 CVE-listed flaws in the SPPA-T3000 (PDF), an application server that handles the management of power plant controllers. Also:

threatpost.com/critical-remote-code-execution-global-power-plants/151087/

Mozilla to force all add-on devs to use 2FA to prevent supply-chain attacks

www.zdnet.com/article/mozilla-to-force-all-add-on-devs-to-use-2fa-to-prevent-supply-chain-attacks/ Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. “Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal],” said Caitlin Neiman, Add-ons Community Manager at Mozilla.

Elegant sLoad Carries Out Spying, Payload Delivery in BITS

threatpost.com/sload-spying-payload-delivery-bits/151120/ The BITS file-transfer component of Windows as a key piece of sLoads attack methodology. A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware living off the land of a targeted system and successfully evading detection and carrying out malicious activities.

New Echobot Variant Exploits 77 Remote Code Execution Flaws

www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/ The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part. A variant discovered this summer included more than 50 exploits that allow remote code execution. A security researcher noticed that a new version emerged with even more exploits, 77 of them.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.