Daily NCSC-FI news followup 2019-12-28

U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility

www.bleepingcomputer.com/news/security/us-coast-guard-says-ryuk-ransomware-took-down-maritime-facility/ The systems encrypted by Ryuk Ransomware directly impacted the facility’s “entire corporate IT network (beyond the footprint of the facility)” [emphasis ours] and physical access and camera control systems, and it also led to “loss of critical process control monitoring systems.”

Ransomware Hits Maastricht University, All Systems Taken Down

www.bleepingcomputer.com/news/security/ransomware-hits-maastricht-university-all-systems-taken-down/ Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni.

Ransomware at IT Services Provider Synoptek

krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek/ Synoptek, a California-based cloud hosting and IT management services provider suffered a ransomware attack this week that has disrupted operations for many of its clients.. Two sources who work at the company have now confirmed their employer was hit by Sodinokibi, a potent ransomware strain also known as rEvil.

Ransomware Situation Goes From Bad to Worse

www.darkreading.com/attacks-breaches/ransomware-situation-goes-from-bad-to-worse/d/d-id/1336664 The surge in ransomware attacks on cities, municipalities, schools, and healthcare organizations this year is just a foretaste of what is likely come in 2020.. Threat actors have sensed a very real opportunity to make big returns attacking enterprise organizations using ransomware and are refining their tools and techniques to increase their chances for success, say worried security experts.

30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world

www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/ In December 1989 the world was introduced to the first ever ransomware – – and 30 years later ransomware attacks are now at crisis levels.

Leveraging Disk Imaging Tools to Deliver RATs

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-disk-imaging-tools-to-deliver-rats/ This year we observed a notable uptick in disc imaging software (like .ISO) being used as a container for serving malware via email, with .ISO archives attributing to 6% of all malware attachment archives seen this year.

Ring and Amazon get slammed with a federal lawsuit that claims the companies failed to secure cameras against hackers

www.businessinsider.com/ring-amazon-sued-federal-court-security-hacking-2fa-2019-12 The lawsuit alleges that, as a manufacturer of security products, Ring failed to meet its “most basic obligation by not ensuring its Wi-Fi enabled cameras were protected against cyber-attack.”

You might be interested in …

Daily NCSC-FI news followup 2019-08-23

Fortinet SSL VPN vulnerability from May 2019 being exploited in wild opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it’s a bad vulnerability.. Also: https://twitter.com/GossiTheDog/status/1164536461665996800. Original security advisory (2019-05-24) fortiguard.com/psirt/FG-IR-18-384 Cisco Warns of Public Exploit Code for Critical Switch Flaws www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/ Cisco […]

Read More

Daily NCSC-FI news followup 2020-03-08

Data-Stealing FormBook Malware Preys on Coronavirus Fears www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/ Another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan. Hackers can clone millions of Toyota, Hyundai, and Kia keys arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/ Encryption flaws in common anti-theft feature expose vehicles from major […]

Read More

Daily NCSC-FI news followup 2019-12-17

Visa Security Alert – CYBERCRIME GROUPS TARGETING FUEL DISPENSER MERCHANTS click.broadcasts.visa.com/xfm/?30761/0/0624013ddc6f39785bf56d504f3b812e/lonew In summer 2019, Visa Payment Fraud Disruption (PFD) identified three unique attacks targeting merchant point-of-sale (POS) systems that were likely carried out by sophisticated cybercrime groups. Two of the attacks targeted the POS systems of North American fuel dispenser merchants. PFD recently reported on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.