Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays!

nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you!

Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London pharmacy’s teaspoon

www.theregister.co.uk/2019/12/23/rain_falls_on_london_pharmacy_stung_by_icos_first_fine_under_gdpr/ A pharmacy that left around half a million documents, including customers’ personal information and medical data, in unlocked storage at the back of its premises, has been fined £275,000 – a financial penalty the ICO has issued under the General Data Protection Regulation.

Fortinet Threat Research – Introducing BIOLOAD: FIN7 BOOSTWRITEs Lost Twin

www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html Some of the samples in the environment matched ones described in a recent publication by FireEye about FIN7s new tools and techniques, specifically BOOSTWRITE. Comparing the rest of the samples to BOOSTWRITE revealed they have a common codebase and carry the Carbanak backdoor.

Combining AI and Playbooks to Predict Cyberattacks

threatpost.com/combining-ai-playbooks-predict-cyberattacks/151367/ FortiGuard Labs, for example, recently released a playbook on Emotet, a malicious and highly active malware that began as a banking trojan but has evolved into what the U.S. Department of Homeland Security has identified as among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors.

Timely acquisition of network traffic evidence in the middle of an incident response procedure

isc.sans.edu/diary/rss/25560 The quickest solution is to use the network trace capability built inside Windows. This feature uses the NDIS driver to capture packets. Let’s use powershell to perform the operations

20 Vulnerabilities to Prioritize Patching Before 2020

www.darkreading.com/threat-intelligence/20-vulnerabilities-to-prioritize-patching-before-2020/d/d-id/1336691 Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

How Organizations Can Defend Against Advanced Persistent Threats

thehackernews.com/2019/12/apt-cyber-attacks.html For example, if antivirus tools often detect and remove malware, it is possible that an APT is continuously implanting trojans and remote access tools into the network.

You might be interested in …

Daily NCSC-FI news followup 2019-11-12

BlueKeep freakout had little to no impact on patching, say experts www.theregister.co.uk/2019/11/11/bluekeep_didnt_boost_patching/ According to SANS, those reports did not do much to get people motivated. The security institute says that the rate of BlueKeep-vulnerable boxes it tracks on Shodan has been on a pretty steady downward slope since May, and the media’s rush to sound […]

Read More

Daily NCSC-FI news followup 2020-03-14

Etätyö kaatoi valtion salatun verkkoyhteyden työntekijöiltä estetään Facebookiin pääsy ensi viikolla yle.fi/uutiset/3-11255717 Moni työpaikka kehottaa nyt tekemään etätöitä koronaviruksen leviämisen estämiseksi. Salattuja eli VPN-verkkoyhteyksiä ei ole kuitenkaan suunniteltu siten, että suurin osa työntekijöistä olisi etätöissä. Silloin ne saattavat kaatua. Kapasiteettia kuormittaa käyttäjämäärän lisäksi se, mitä käyttäjät tekevät verkossa. Esimerkiksi videoiden katsominen kuormittaa verkkoa. Keskisuurissa ja […]

Read More

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.