Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays!

nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you!

Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London pharmacy’s teaspoon

www.theregister.co.uk/2019/12/23/rain_falls_on_london_pharmacy_stung_by_icos_first_fine_under_gdpr/ A pharmacy that left around half a million documents, including customers’ personal information and medical data, in unlocked storage at the back of its premises, has been fined £275,000 – a financial penalty the ICO has issued under the General Data Protection Regulation.

Fortinet Threat Research – Introducing BIOLOAD: FIN7 BOOSTWRITEs Lost Twin

www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html Some of the samples in the environment matched ones described in a recent publication by FireEye about FIN7s new tools and techniques, specifically BOOSTWRITE. Comparing the rest of the samples to BOOSTWRITE revealed they have a common codebase and carry the Carbanak backdoor.

Combining AI and Playbooks to Predict Cyberattacks

threatpost.com/combining-ai-playbooks-predict-cyberattacks/151367/ FortiGuard Labs, for example, recently released a playbook on Emotet, a malicious and highly active malware that began as a banking trojan but has evolved into what the U.S. Department of Homeland Security has identified as among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors.

Timely acquisition of network traffic evidence in the middle of an incident response procedure

isc.sans.edu/diary/rss/25560 The quickest solution is to use the network trace capability built inside Windows. This feature uses the NDIS driver to capture packets. Let’s use powershell to perform the operations

20 Vulnerabilities to Prioritize Patching Before 2020

www.darkreading.com/threat-intelligence/20-vulnerabilities-to-prioritize-patching-before-2020/d/d-id/1336691 Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

How Organizations Can Defend Against Advanced Persistent Threats

thehackernews.com/2019/12/apt-cyber-attacks.html For example, if antivirus tools often detect and remove malware, it is possible that an APT is continuously implanting trojans and remote access tools into the network.

You might be interested in …

Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread […]

Read More

Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of […]

Read More

Daily NCSC-FI news followup 2021-03-11

February 2021s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals. Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.