Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies

www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil bags do indeed jam radio signals from cell towers, satellites (such as GPS), and wireless networks (such as Wi-Fi or Bluetooth). But do people actually spy on other people through these networks? Lets investigate.

Survey: Taxpayers Dont Want Their Dollars Going Toward Ransomware Attacks

www.pandasecurity.com/mediacenter/panda-security/taxpayers-dollars-to-ransomware-attacks/ – From the Cryptolocker to German Wiper to RobinHood, the sophistication of this software varies, but in the end, a ransom is required to regain control of the data. On a personal computer, this ransom might not be worth paying. For a government database, the stakes are much higher.. StateScoop reported that two-thirds of ransomware attacks in 2019 have targeted state and local governments. Recorded Future found that since 2013 there have been 169 ransomware incidents affecting state and local governments. In 2017, there were 38 attacks.

38,000 people forced to pick up email passwords in person

www.welivesecurity.com/2019/12/19/38000-people-retrieve-passwords-person/ Usually, if you forget your password or need to change it for other reasons, getting a new one is a straightforward process that involves a few clicks. Now imagine you would have to prove your identity and retrieve your password in person. Dont rush to laugh this off as a bizarre fantasy, as thousands of students and faculty members at the Justus Liebig University Giessen in Germany were unlikely to be laughing when they learned that they would have to do just that.. Also: www.theregister.co.uk/2019/12/19/german_uni_reset/

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

thehackernews.com/2019/12/drupal-website-hacking.html If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.

More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query

isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/ Two days ago, I wrote about how to profile traffic to recognize DNS over HTTPS. This is kind of a problem for DNS over HTTPS. If you can see it, you may be able to block it. On Twitter, a few chimed in to provide feedback about recognizing DNS over HTTPS. I checked a couple of other clients, and well, didn’t have a ton of time so this is still very preliminary.

The Scammer Force is Strong with Star Wars: The Rise of Skywalker

threatpost.com/the-scammer-force-star-wars-rise-of-skywalker/151294/ Phishers are using black SEO to lure users in to malicious downloads masquerading as the latest Star Wars movie. Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This weeks premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the worlds most beloved franchises as rich fodder for phishing attempts.. Also:


Untangling Legion Loaders Hornet Nest of Malware

www.deepinstinct.com/2019/12/18/untangling-legion-loaders-hornet-nest-of-malware/ Malware often arrives hand in hand with other malware. Emotet, for example, can deliver TrickBot; and TrickBot (which is also in a collaborative relationship with IcedID, a fellow banking malware) can, in turn, deliver Ryuk. This kind of collaborative relationship is becoming increasingly common among many threat actors, and in some cases even leads to actors developing specific modules in order to serve these relationships.

Member of ‘The Dark Overlord’ hacking group extradited to the US

www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/ A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO). The alleged TDO member, named Nathan Francis Wyatt, 39, was arraigned in a Saint Louis court today, where he pleaded not guilty. Also:



Operation Wocao: Shining a light on one of Chinas hidden hacking groups

www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/ Operation Wocao (, W cao, used as shit or damn) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This report details the profile of a publicly underreported threat actor that Fox-IT has dealt with over the past two years. Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes

Näin tarkistat, löytyykö tietojasi netin pimeiltä markkinoilta Hakkerit olivat iskeneet Tivin testaamaan sähköpostiin peräti 6 kertaa

www.kauppalehti.fi/uutiset/nain-tarkistat-loytyyko-tietojasi-netin-pimeilta-markkinoilta-hakkerit-olivat-iskeneet-tivin-testaamaan-sahkopostiin-perati-6-kertaa/09ee8961-c84d-492f-b708-8636bd1b0a09 Yhtiöt ympäri maailmaa ilmoittavat jatkuvasti tietomurroista, joiden kautta käyttäjätietoja on vuodettu. Vuodettujen tietojen joukossa voi olla esimerkiksi käyttäjän nimi, osoite, puhelinnumero, sähköpostiosoite, käyttäjätunnus, salasana ja luottokorttitiedot. Hakkerit voivat käyttää tietoja vaikka tilatakseen käyttäjän nimissä tuotteita tai avatakseen uusia luottotilejä. Kaksi palvelua auttaa käyttäjää tarkistamaan, onko käyttäjätietoja vuodettu.

Honda Leaks Data of 26K North American Customers

threatpost.com/honda-leaks-data-26k-north-american-customers/151283/ The leaky database was online for about a week, exposing customers vehicles information and personal identifiable information. An exposed database was discovered leaking the personal information of 26,000 North American Honda owners and their vehicles. The Elasticsearch database in question is owned by the American Honda Motor Co., a North American subsidiary of the Honda Motor Co.

Kids Tracker Watches: CloudPets, exploiting athletes and hijacking reality TV

www.pentestpartners.com/security-blog/kids-tracker-watches-cloudpets-exploiting-athletes-and-hijacking-reality-tv/ Kids smart tracker watch security: everyone has missed the point. Its not a few thousand here and there. Its at least 47 million, probably around 150 million exposed tracking devices. It all points back to two or three lazy device manufacturers, much like Mirai v1 did. There have been lots of smart tracker watch security stories. Probably the first was @skooooch who raised serious concerns at Kiwicon about 360,000 car trackers and engine immobilisers in 2015. Lachlan also flagged the connection to thinkrace and kids tracker watches.

Kyberhyökkäys sai 38 000 saksalaista seisomaan jonossa lisäksi tarvitaan 1200 usb-tikkua

www.tivi.fi/uutiset/tv/5b6663e0-32d0-4c6e-a753-68192a31707f Kyberhyökkäys on aiheuttanut paljon harmia perinteisessä saksalaisyliopistossa niin opiskelijoille kuin henkilökunnalle. BBC kirjoittaa, että Justus Liebig -yliopistossa on jonotettu saksalaisella perusteellisuudella tällä viikolla. Opinahjon järjestelmät ovat joutuneet kyberhyökkäyksen kohteeksi. Tämän takia kaikille 38 000 opiskelijalle annetaan uusi sähköpostin salasana, jonka saa vain jonottamalla ja henkilöllisyytensä todistamalla.

Emotet Modifies Command & Control URI Structure and Brings Back Link-based Emails

cofense.com/emotet-modifies-command-control-uri-structure-brings-back-link-based-emails/ Emotet has been busy wrapping up the year with some minor tweaks to their client code and the reintroduction of some tactics that have worked well for them in the past. The botnet that began its life as a banking trojan in 2014 has proven to be a formidable threat to organizations around the world and shows no signs of stopping. Before we look at their recent changes, lets begin with a quick review of some of the notable updates we have observed this year.

Emotet Malware Uses Greta Thunberg Demonstration Invites as Lure

www.bleepingcomputer.com/news/security/emotet-malware-uses-greta-thunberg-demonstration-invites-as-lure/ Emotet has started a new spam campaign that is banking off the popularity of environmental activist Greta Thunberg and her dedication to the climate movement. Unsuspecting users who think they are getting info about an upcoming “climate crisis” demonstration, will instead find that they have become infected with Emotet and other malware.

Anomaly Detection in Complex Systems: Zero Trust for the Workplace

blogs.cisco.com/security/anomaly-detection-in-complex-systems-zero-trust-for-the-workplace Zero trust and complexity management represent a new basic combination for a closed-loop approach to anomaly detection and mitigation for critical infrastructures. This abstract introduces a set of functional blocks that could enable automation and assurance for secure networks. These blocks are designed to reduce/simplify the impact of anomalies and/or anomalous behaviors on complex systems.

IOS Self-Signed Certificate Expiration on Jan. 1, 2020

www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html At 00:00 on 1 Jan 2020 UTC, all Self-Signed Certificates (SSC) that were generated on IOS/IOS-XE systems will expire, unless the system was running a fixed version of IOS/IOS-XE when the SSC was generated. After that time, unfixed IOS systems will be unable to generate new SSCs. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires..


You might be interested in …

Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US […]

Read More

Daily NCSC-FI news followup 2019-07-26

Stock Trading Service Robinhood Admits To Storing Some Passwords in Cleartext www.zdnet.com/article/robinhood-admits-to-storing-some-passwords-in-cleartext/ “On Monday night, we discovered that some user credentials were stored in a readable format within our internal system,” the company said.. “We resolved the issue, and after thorough review, found no evidence that this information was accessed by anyone outside our response […]

Read More

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.