Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays!

nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you!

Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London pharmacy’s teaspoon

www.theregister.co.uk/2019/12/23/rain_falls_on_london_pharmacy_stung_by_icos_first_fine_under_gdpr/ A pharmacy that left around half a million documents, including customers’ personal information and medical data, in unlocked storage at the back of its premises, has been fined £275,000 – a financial penalty the ICO has issued under the General Data Protection Regulation.

Fortinet Threat Research – Introducing BIOLOAD: FIN7 BOOSTWRITEs Lost Twin

www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html Some of the samples in the environment matched ones described in a recent publication by FireEye about FIN7s new tools and techniques, specifically BOOSTWRITE. Comparing the rest of the samples to BOOSTWRITE revealed they have a common codebase and carry the Carbanak backdoor.

Combining AI and Playbooks to Predict Cyberattacks

threatpost.com/combining-ai-playbooks-predict-cyberattacks/151367/ FortiGuard Labs, for example, recently released a playbook on Emotet, a malicious and highly active malware that began as a banking trojan but has evolved into what the U.S. Department of Homeland Security has identified as among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors.

Timely acquisition of network traffic evidence in the middle of an incident response procedure

isc.sans.edu/diary/rss/25560 The quickest solution is to use the network trace capability built inside Windows. This feature uses the NDIS driver to capture packets. Let’s use powershell to perform the operations

20 Vulnerabilities to Prioritize Patching Before 2020

www.darkreading.com/threat-intelligence/20-vulnerabilities-to-prioritize-patching-before-2020/d/d-id/1336691 Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

How Organizations Can Defend Against Advanced Persistent Threats

thehackernews.com/2019/12/apt-cyber-attacks.html For example, if antivirus tools often detect and remove malware, it is possible that an APT is continuously implanting trojans and remote access tools into the network.

You might be interested in …

Daily NCSC-FI news followup 2020-07-30

Hackers Broke Into Real News Sites to Plant Fake Stories www.wired.com/story/hackers-broke-into-real-news-sites-to-plant-fake-stories-anti-nato/ A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. FireEye’s finding that all of those operations to plant fake news were carried out by a single group comes on the heels […]

Read More

Daily NCSC-FI news followup 2021-09-14

Microsoft September 2021 Patch Tuesday: Remote code execution flaws in MSHTML, OMI fixed www.zdnet.com/article/microsoft-september-2021-patch-tuesday-remote-code-execution-flaws-in-mshtml-open-management-fixed/ This month’s round of security fixes tackles critical software issues including a zero-day flaw known to be exploited in the wild. Microsoft has released over 60 security fixes and updates resolving issues including a remote code execution (RCE) flaw in MSHTML […]

Read More

Daily NCSC-FI news followup 2021-07-16

Valtionhallinnon VY-runkoverkossa oli laajamittainen häiriö valtori.fi/-/valtionhallinnon-vy-runkoverkon-kayttajien-palveluissa-ongelmia Häiriö johtui Telian runkoverkossa olleesta kuitukaapelien rikkoontumisesta. Microsoft Print Spooler Saga: Microsoft Defender for Identity now detects PrintNightmare attacks www.bleepingcomputer.com/news/security/microsoft-defender-for-identity-now-detects-printnightmare-attacks/ Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers’ attempts to abuse this critical vulnerability. Microsoft Print Spooler […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.