NCSC-FI News followup

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil bags do indeed jam radio signals from cell towers, satellites (such as GPS), and wireless networks (such as Wi-Fi or Bluetooth). But do people actually spy on other people through these networks? Lets investigate.

Survey: Taxpayers Dont Want Their Dollars Going Toward Ransomware Attacks – From the Cryptolocker to German Wiper to RobinHood, the sophistication of this software varies, but in the end, a ransom is required to regain control of the data. On a personal computer, this ransom might not be worth paying. For a government database, the stakes are much higher.. StateScoop reported that two-thirds of ransomware attacks in 2019 have targeted state and local governments. Recorded Future found that since 2013 there have been 169 ransomware incidents affecting state and local governments. In 2017, there were 38 attacks.

38,000 people forced to pick up email passwords in person Usually, if you forget your password or need to change it for other reasons, getting a new one is a straightforward process that involves a few clicks. Now imagine you would have to prove your identity and retrieve your password in person. Dont rush to laugh this off as a bizarre fantasy, as thousands of students and faculty members at the Justus Liebig University Giessen in Germany were unlikely to be laughing when they learned that they would have to do just that.. Also:

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.

More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query Two days ago, I wrote about how to profile traffic to recognize DNS over HTTPS. This is kind of a problem for DNS over HTTPS. If you can see it, you may be able to block it. On Twitter, a few chimed in to provide feedback about recognizing DNS over HTTPS. I checked a couple of other clients, and well, didn’t have a ton of time so this is still very preliminary.

The Scammer Force is Strong with Star Wars: The Rise of Skywalker Phishers are using black SEO to lure users in to malicious downloads masquerading as the latest Star Wars movie. Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This weeks premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the worlds most beloved franchises as rich fodder for phishing attempts.. Also:

Untangling Legion Loaders Hornet Nest of Malware Malware often arrives hand in hand with other malware. Emotet, for example, can deliver TrickBot; and TrickBot (which is also in a collaborative relationship with IcedID, a fellow banking malware) can, in turn, deliver Ryuk. This kind of collaborative relationship is becoming increasingly common among many threat actors, and in some cases even leads to actors developing specific modules in order to serve these relationships.

Member of ‘The Dark Overlord’ hacking group extradited to the US A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO). The alleged TDO member, named Nathan Francis Wyatt, 39, was arraigned in a Saint Louis court today, where he pleaded not guilty. Also:

Operation Wocao: Shining a light on one of Chinas hidden hacking groups Operation Wocao (, W cao, used as shit or damn) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group. This report details the profile of a publicly underreported threat actor that Fox-IT has dealt with over the past two years. Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes

Näin tarkistat, löytyykö tietojasi netin pimeiltä markkinoilta Hakkerit olivat iskeneet Tivin testaamaan sähköpostiin peräti 6 kertaa Yhtiöt ympäri maailmaa ilmoittavat jatkuvasti tietomurroista, joiden kautta käyttäjätietoja on vuodettu. Vuodettujen tietojen joukossa voi olla esimerkiksi käyttäjän nimi, osoite, puhelinnumero, sähköpostiosoite, käyttäjätunnus, salasana ja luottokorttitiedot. Hakkerit voivat käyttää tietoja vaikka tilatakseen käyttäjän nimissä tuotteita tai avatakseen uusia luottotilejä. Kaksi palvelua auttaa käyttäjää tarkistamaan, onko käyttäjätietoja vuodettu.

Honda Leaks Data of 26K North American Customers The leaky database was online for about a week, exposing customers vehicles information and personal identifiable information. An exposed database was discovered leaking the personal information of 26,000 North American Honda owners and their vehicles. The Elasticsearch database in question is owned by the American Honda Motor Co., a North American subsidiary of the Honda Motor Co.

Kids Tracker Watches: CloudPets, exploiting athletes and hijacking reality TV Kids smart tracker watch security: everyone has missed the point. Its not a few thousand here and there. Its at least 47 million, probably around 150 million exposed tracking devices. It all points back to two or three lazy device manufacturers, much like Mirai v1 did. There have been lots of smart tracker watch security stories. Probably the first was @skooooch who raised serious concerns at Kiwicon about 360,000 car trackers and engine immobilisers in 2015. Lachlan also flagged the connection to thinkrace and kids tracker watches.

Kyberhyökkäys sai 38 000 saksalaista seisomaan jonossa lisäksi tarvitaan 1200 usb-tikkua Kyberhyökkäys on aiheuttanut paljon harmia perinteisessä saksalaisyliopistossa niin opiskelijoille kuin henkilökunnalle. BBC kirjoittaa, että Justus Liebig -yliopistossa on jonotettu saksalaisella perusteellisuudella tällä viikolla. Opinahjon järjestelmät ovat joutuneet kyberhyökkäyksen kohteeksi. Tämän takia kaikille 38 000 opiskelijalle annetaan uusi sähköpostin salasana, jonka saa vain jonottamalla ja henkilöllisyytensä todistamalla.

Emotet Modifies Command & Control URI Structure and Brings Back Link-based Emails Emotet has been busy wrapping up the year with some minor tweaks to their client code and the reintroduction of some tactics that have worked well for them in the past. The botnet that began its life as a banking trojan in 2014 has proven to be a formidable threat to organizations around the world and shows no signs of stopping. Before we look at their recent changes, lets begin with a quick review of some of the notable updates we have observed this year.

Emotet Malware Uses Greta Thunberg Demonstration Invites as Lure Emotet has started a new spam campaign that is banking off the popularity of environmental activist Greta Thunberg and her dedication to the climate movement. Unsuspecting users who think they are getting info about an upcoming “climate crisis” demonstration, will instead find that they have become infected with Emotet and other malware.

Anomaly Detection in Complex Systems: Zero Trust for the Workplace Zero trust and complexity management represent a new basic combination for a closed-loop approach to anomaly detection and mitigation for critical infrastructures. This abstract introduces a set of functional blocks that could enable automation and assurance for secure networks. These blocks are designed to reduce/simplify the impact of anomalies and/or anomalous behaviors on complex systems.

IOS Self-Signed Certificate Expiration on Jan. 1, 2020 At 00:00 on 1 Jan 2020 UTC, all Self-Signed Certificates (SSC) that were generated on IOS/IOS-XE systems will expire, unless the system was running a fixed version of IOS/IOS-XE when the SSC was generated. After that time, unfixed IOS systems will be unable to generate new SSCs. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.