Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays!

nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you!

Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London pharmacy’s teaspoon

www.theregister.co.uk/2019/12/23/rain_falls_on_london_pharmacy_stung_by_icos_first_fine_under_gdpr/ A pharmacy that left around half a million documents, including customers’ personal information and medical data, in unlocked storage at the back of its premises, has been fined £275,000 – a financial penalty the ICO has issued under the General Data Protection Regulation.

Fortinet Threat Research – Introducing BIOLOAD: FIN7 BOOSTWRITEs Lost Twin

www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html Some of the samples in the environment matched ones described in a recent publication by FireEye about FIN7s new tools and techniques, specifically BOOSTWRITE. Comparing the rest of the samples to BOOSTWRITE revealed they have a common codebase and carry the Carbanak backdoor.

Combining AI and Playbooks to Predict Cyberattacks

threatpost.com/combining-ai-playbooks-predict-cyberattacks/151367/ FortiGuard Labs, for example, recently released a playbook on Emotet, a malicious and highly active malware that began as a banking trojan but has evolved into what the U.S. Department of Homeland Security has identified as among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors.

Timely acquisition of network traffic evidence in the middle of an incident response procedure

isc.sans.edu/diary/rss/25560 The quickest solution is to use the network trace capability built inside Windows. This feature uses the NDIS driver to capture packets. Let’s use powershell to perform the operations

20 Vulnerabilities to Prioritize Patching Before 2020

www.darkreading.com/threat-intelligence/20-vulnerabilities-to-prioritize-patching-before-2020/d/d-id/1336691 Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

How Organizations Can Defend Against Advanced Persistent Threats

thehackernews.com/2019/12/apt-cyber-attacks.html For example, if antivirus tools often detect and remove malware, it is possible that an APT is continuously implanting trojans and remote access tools into the network.

You might be interested in …

Daily NCSC-FI news followup 2021-09-04

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/ A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation meaning they can be used to track their wearers. The State of SSL/TLS Certificate Usage in […]

Read More

Daily NCSC-FI news followup 2020-10-05

Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/ Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation Digipoolin teettämä kartoitus MosaicRegressor: Lurking in the Shadows of UEFI securelist.com/mosaicregressor/98849/ UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips […]

Read More

Daily NCSC-FI news followup 2019-07-12

Buhtrap group uses zeroday in latest espionage campaigns www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/ ESET research reveals notorious crime group also conducting espionage campaigns for the past five years Over 17,000 Domains Infected with Code that Steals Card Data www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/ Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.