Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies

www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil bags do indeed jam radio signals from cell towers, satellites (such as GPS), and wireless networks (such as Wi-Fi or Bluetooth). But do people actually spy on other people through these networks? Lets investigate.

Survey: Taxpayers Dont Want Their Dollars Going Toward Ransomware Attacks

www.pandasecurity.com/mediacenter/panda-security/taxpayers-dollars-to-ransomware-attacks/ – From the Cryptolocker to German Wiper to RobinHood, the sophistication of this software varies, but in the end, a ransom is required to regain control of the data. On a personal computer, this ransom might not be worth paying. For a government database, the stakes are much higher.. StateScoop reported that two-thirds of ransomware attacks in 2019 have targeted state and local governments. Recorded Future found that since 2013 there have been 169 ransomware incidents affecting state and local governments. In 2017, there were 38 attacks.

38,000 people forced to pick up email passwords in person

www.welivesecurity.com/2019/12/19/38000-people-retrieve-passwords-person/ Usually, if you forget your password or need to change it for other reasons, getting a new one is a straightforward process that involves a few clicks. Now imagine you would have to prove your identity and retrieve your password in person. Dont rush to laugh this off as a bizarre fantasy, as thousands of students and faculty members at the Justus Liebig University Giessen in Germany were unlikely to be laughing when they learned that they would have to do just that.. Also: www.theregister.co.uk/2019/12/19/german_uni_reset/

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

thehackernews.com/2019/12/drupal-website-hacking.html If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.

More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query

isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Two days ago, I wrote about how to profile traffic to recognize DNS over HTTPS. This is kind of a problem for DNS over HTTPS. If you can see it, you may be able to block it. On Twitter, a few chimed in to provide feedback about recognizing DNS over HTTPS. I checked a couple of other clients, and well, didn’t have a ton of time so this is still very preliminary.

The Scammer Force is Strong with Star Wars: The Rise of Skywalker

threatpost.com/the-scammer-force-star-wars-rise-of-skywalker/151294/ Phishers are using black SEO to lure users in to malicious downloads masquerading as the latest Star Wars movie. Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This weeks premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the worlds most beloved franchises as rich fodder for phishing attempts.. Also:


Untangling Legion Loaders Hornet Nest of Malware

www.deepinstinct.com/2019/12/18/untangling-legion-loaders-hornet-nest-of-malware/ Malware often arrives hand in hand with other malware. Emotet, for example, can deliver TrickBot; and TrickBot (which is also in a collaborative relationship with IcedID, a fellow banking malware) can, in turn, deliver Ryuk. This kind of collaborative relationship is becoming increasingly common among many threat actors, and in some cases even leads to actors developing specific modules in order to serve these relationships.

Member of ‘The Dark Overlord’ hacking group extradited to the US

www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/ A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO). The alleged TDO member, named Nathan Francis Wyatt, 39, was arraigned in a Saint Louis court today, where he pleaded not guilty. Also:



Operation Wocao: Shining a light on one of Chinas hidden hacking groups

www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/ Operation Wocao (, W cao, used as shit or damn) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This report details the profile of a publicly underreported threat actor that Fox-IT has dealt with over the past two years. Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes

Näin tarkistat, löytyykö tietojasi netin pimeiltä markkinoilta Hakkerit olivat iskeneet Tivin testaamaan sähköpostiin peräti 6 kertaa

www.kauppalehti.fi/uutiset/nain-tarkistat-loytyyko-tietojasi-netin-pimeilta-markkinoilta-hakkerit-olivat-iskeneet-tivin-testaamaan-sahkopostiin-perati-6-kertaa/09ee8961-c84d-492f-b708-8636bd1b0a09 Yhtiöt ympäri maailmaa ilmoittavat jatkuvasti tietomurroista, joiden kautta käyttäjätietoja on vuodettu. Vuodettujen tietojen joukossa voi olla esimerkiksi käyttäjän nimi, osoite, puhelinnumero, sähköpostiosoite, käyttäjätunnus, salasana ja luottokorttitiedot. Hakkerit voivat käyttää tietoja vaikka tilatakseen käyttäjän nimissä tuotteita tai avatakseen uusia luottotilejä. Kaksi palvelua auttaa käyttäjää tarkistamaan, onko käyttäjätietoja vuodettu.

Honda Leaks Data of 26K North American Customers

threatpost.com/honda-leaks-data-26k-north-american-customers/151283/ The leaky database was online for about a week, exposing customers vehicles information and personal identifiable information. An exposed database was discovered leaking the personal information of 26,000 North American Honda owners and their vehicles. The Elasticsearch database in question is owned by the American Honda Motor Co., a North American subsidiary of the Honda Motor Co.

Kids Tracker Watches: CloudPets, exploiting athletes and hijacking reality TV

www.pentestpartners.com/security-blog/kids-tracker-watches-cloudpets-exploiting-athletes-and-hijacking-reality-tv/ Kids smart tracker watch security: everyone has missed the point. Its not a few thousand here and there. Its at least 47 million, probably around 150 million exposed tracking devices. It all points back to two or three lazy device manufacturers, much like Mirai v1 did. There have been lots of smart tracker watch security stories. Probably the first was @skooooch who raised serious concerns at Kiwicon about 360,000 car trackers and engine immobilisers in 2015. Lachlan also flagged the connection to thinkrace and kids tracker watches.

Kyberhyökkäys sai 38 000 saksalaista seisomaan jonossa lisäksi tarvitaan 1200 usb-tikkua

www.tivi.fi/uutiset/tv/5b6663e0-32d0-4c6e-a753-68192a31707f Kyberhyökkäys on aiheuttanut paljon harmia perinteisessä saksalaisyliopistossa niin opiskelijoille kuin henkilökunnalle. BBC kirjoittaa, että Justus Liebig -yliopistossa on jonotettu saksalaisella perusteellisuudella tällä viikolla. Opinahjon järjestelmät ovat joutuneet kyberhyökkäyksen kohteeksi. Tämän takia kaikille 38 000 opiskelijalle annetaan uusi sähköpostin salasana, jonka saa vain jonottamalla ja henkilöllisyytensä todistamalla.

Emotet Modifies Command & Control URI Structure and Brings Back Link-based Emails

cofense.com/emotet-modifies-command-control-uri-structure-brings-back-link-based-emails/ Emotet has been busy wrapping up the year with some minor tweaks to their client code and the reintroduction of some tactics that have worked well for them in the past. The botnet that began its life as a banking trojan in 2014 has proven to be a formidable threat to organizations around the world and shows no signs of stopping. Before we look at their recent changes, lets begin with a quick review of some of the notable updates we have observed this year.

Emotet Malware Uses Greta Thunberg Demonstration Invites as Lure

www.bleepingcomputer.com/news/security/emotet-malware-uses-greta-thunberg-demonstration-invites-as-lure/ Emotet has started a new spam campaign that is banking off the popularity of environmental activist Greta Thunberg and her dedication to the climate movement. Unsuspecting users who think they are getting info about an upcoming “climate crisis” demonstration, will instead find that they have become infected with Emotet and other malware.

Anomaly Detection in Complex Systems: Zero Trust for the Workplace

blogs.cisco.com/security/anomaly-detection-in-complex-systems-zero-trust-for-the-workplace Zero trust and complexity management represent a new basic combination for a closed-loop approach to anomaly detection and mitigation for critical infrastructures. This abstract introduces a set of functional blocks that could enable automation and assurance for secure networks. These blocks are designed to reduce/simplify the impact of anomalies and/or anomalous behaviors on complex systems.

IOS Self-Signed Certificate Expiration on Jan. 1, 2020

www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html At 00:00 on 1 Jan 2020 UTC, all Self-Signed Certificates (SSC) that were generated on IOS/IOS-XE systems will expire, unless the system was running a fixed version of IOS/IOS-XE when the SSC was generated. After that time, unfixed IOS systems will be unable to generate new SSCs. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires..


You might be interested in …

Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name […]

Read More

Daily NCSC-FI news followup 2021-06-04

Tekstiviestitse levitettävät Android-haittaohjelmat www.kyberturvallisuuskeskus.fi/fi/tekstiviestitse-levitettavat-android-haittaohjelmat Pakettiteemaisia huijausviestejä lähettävä FluBot-kampanja on aktivoitunut Suomessa. Kyberturvallisuuskeskukselle tulleiden ilmoitusten perusteella suomen kielellä kirjoitettuja huijausviestejä lähetetään tällä hetkellä arviolta tuhansille suomalaisille. Lisäksi: yle.fi/uutiset/3-11966491. Lisäksi: www.is.fi/digitoday/tietoturva/art-2000008027889.html. Lisäksi: www.epressi.com/tiedotteet/logistiikka-ja-liikenne/android-haittaohjelmat-leviavat-tekstiviestitse.html Exclusive: U.S. to give ransomware hacks similar priority as terrorism www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ The U.S. Department of Justice is elevating investigations of ransomware attacks to a […]

Read More

Daily NCSC-FI news followup 2020-10-06

Myöhästyykö odotettu koronarokote? Ongelmat liittyvät keskeiseen sovellukseen www.tivi.fi/uutiset/tv/a758c9c3-96cc-4861-86bd-00adc7544339 New York Times kirjoittaa eResearch Technologyyn (ERT) kohdistuneesta kiristyshaittaohjelmasta. ERT:n ohjelmistoa käyttävät monet lääkevalmistajat muun muassa koronarokotteiden kliinisissä testeissä Euroopassa, Aasiassa ja Pohjois-Amerikassa. Lisäksi: www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html. Lisäksi: threatpost.com/covid-19-clinical-trials-ransomware/159877/ Emotet Malware us-cert.cisa.gov/ncas/alerts/aa20-280a To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.