Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays!

nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you!

Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London pharmacy’s teaspoon

www.theregister.co.uk/2019/12/23/rain_falls_on_london_pharmacy_stung_by_icos_first_fine_under_gdpr/ A pharmacy that left around half a million documents, including customers’ personal information and medical data, in unlocked storage at the back of its premises, has been fined £275,000 – a financial penalty the ICO has issued under the General Data Protection Regulation.

Fortinet Threat Research – Introducing BIOLOAD: FIN7 BOOSTWRITEs Lost Twin

www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html Some of the samples in the environment matched ones described in a recent publication by FireEye about FIN7s new tools and techniques, specifically BOOSTWRITE. Comparing the rest of the samples to BOOSTWRITE revealed they have a common codebase and carry the Carbanak backdoor.

Combining AI and Playbooks to Predict Cyberattacks

threatpost.com/combining-ai-playbooks-predict-cyberattacks/151367/ FortiGuard Labs, for example, recently released a playbook on Emotet, a malicious and highly active malware that began as a banking trojan but has evolved into what the U.S. Department of Homeland Security has identified as among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, and the private and public sectors.

Timely acquisition of network traffic evidence in the middle of an incident response procedure

isc.sans.edu/diary/rss/25560 The quickest solution is to use the network trace capability built inside Windows. This feature uses the NDIS driver to capture packets. Let’s use powershell to perform the operations

20 Vulnerabilities to Prioritize Patching Before 2020

www.darkreading.com/threat-intelligence/20-vulnerabilities-to-prioritize-patching-before-2020/d/d-id/1336691 Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

How Organizations Can Defend Against Advanced Persistent Threats

thehackernews.com/2019/12/apt-cyber-attacks.html For example, if antivirus tools often detect and remove malware, it is possible that an APT is continuously implanting trojans and remote access tools into the network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.