Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft

krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to be changed.. Out of an abundance of caution, this process should be done from a pristine (preferably non-Windows-based) system that does not reside within the network compromised by the attackers. In addition, full use should be made of the strongest method available for securing these passwords with multi-factor authentication.

Google Reinstates Reported UAE Surveillance App ToTok

www.vice.com/en_us/article/dyg8qv/google-reinstates-reported-uae-surveillance-app-totok The version of ToTok on the Play Store is an updated version. Under a “what’s new” section, the ToTok app page reads “There is a newly designed dialog to ask your authorization of accessing and syncing your contact list.” When Google originally removed the app, it told the New York Times ToTok had violated unspecified policies.

Irans Cyber Attack on Billionaire Adelson Provides Lesson on Strategy

www.bloomberg.com/news/articles/2020-01-05/iranian-attack-on-adelson-provides-lesson-on-cyber-strategy As the U.S. awaits possible retribution over a recent airstrike that killed a top general, theres at least one American businessman who can attest, in detail, to what happened after he provoked Iran.. […] in February 2014, hackers inserted malware into the computer networks of Adelsons Las Vegas casino. The withering cyber-attack laid waste to about three quarters of the companys Las Vegas servers; the cost of recovering data and building new systems cost $40 million or more.

VPN warning: REvil ransomware targets unpatched Pulse Secure VPN servers

www.zdnet.com/article/vpn-warning-revil-ransomware-targets-unpatched-pulse-secure-vpn-servers/#ftag=RSSbaffb68 A security researcher is urging organizations that use Pulse Secure VPN to patch now or face ‘big game’ ransomware attacks by criminals who can easily use the Shodan.io IoT search engine to identify vulnerable VPN servers.

GoPro Karma drones grounded worldwide, thanks to possible GPS glitch

www.theverge.com/2020/1/5/21050653/gopro-karma-drone-not-flying-gps-compass-problem-glitch-grounded Owners of the GoPro Karma have been unable to fly their drones since the new year began, according to dozens of forum posts and tweets. The problem is affecting owners all around the globe, and it seems to be related to the recent so-called clock rollovers in the GPS and GLONASS satellite systems. While most tech companies tried to avert problems with the rollovers by issuing software updates . over the last few months, GoPro has not updated the Karma since September 2018, nine months after it discontinued the drone.

Tridium Niagara Vulnerabilities

www.wilbursecurity.com/2020/01/tridium-niagara-vulnerabilities/ These vulnerabilities have been out there for years and need to be remediated ASAP. If you think you might have been hacked or are hacked, reach out to an Incident Response company to comb through the environment. If your company is having these devices installed ask the installer what their security requirements are; show them the hardening guide on how its supposed to be done. We need to . change the mindset of these companies and installers, to think about the security impact of these devices. Together change happens.

Microsoft: RDP brute-force attacks last 2-3 days on average

www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/ Around 0.08% of RDP brute-force attacks are successful, and RDP brute-force attacks last 2-3 days on average, Microsoft said last month while presenting the results of a months-long study into the impact of RDP brute-force attacks on the enterprise sector.. Original at


Ransomware attack shuts down some Michigan schools

www.cbsnews.com/news/ransomware-attack-shuts-down-richmond-michigan-school-district/ District officials at Richmond Community Schools said their servers were attacked by ransomware during the holiday break and that the virus affected telephones, copiers and classroom technology. The district has closed three schools for the week so employees can resolve the problem, which officials believe will be “a very time-consuming process.” Student and staff information wasn’t compromised,

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ We found three malicious apps in the Google Play Store that work together to compromise a victims device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability. Interestingly, . upon further investigation we also found that the three apps are likely to be part of the SideWinder threat actor groups arsenal. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities Windows machines.

Malware Infects Small Hospital’s Medical Imaging Server

www.careersinfosecurity.com/malware-infects-small-hospitals-medical-imaging-server-a-13577 A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes.

Cybersecurity Data Sharing: A Federal Progress Report

www.bankinfosecurity.com/cybersecurity-data-sharing-federal-progress-report-a-13575 Certain federal agencies, especially units within the Department of Defense, still have plenty of work to do when it comes to sharing cybersecurity information and threat intelligence among themselves as well with the private sector, according to an unclassified report recently sent to Congress.. Report at

www.oversight.gov/sites/default/files/oig-reports/Unclassified%2020191219_AUD-2019-005-U_Joint%20Report.pdf. The audit also identifies several hurdles that need to be overcome to improve data sharing among several of the federal agencies that share data. It notes, for example, that:. Restrictive classifications limit cyber threat information from being widely shared among agencies.. Information systems at various agencies lack the ability to communicate with each other, which hampers the timely sharing of cyber threat information.. The reluctance of private organizations to share threat intelligence because of concerns about liability must be overcome.

GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange ‘cyberattack’ have been greatly exaggerated

www.theregister.co.uk/2020/01/06/gchq_not_investigating_london_stock_exchange_cyberattack_allegation/ GCHQ and its cyber-defence offshoot NCSC have both denied that they are investigating a cyber-attack on the London Stock Exchange, contrary to reports.. The Wall Street Journal, normally a reliable source for news with a financial flavour, reported that British signals intelligence agency Government Communications Headquarters (GCHQ) has been looking into an August 2019 outage of the LSE, which was reported to the Financial Conduct Authority at the time.

You might be interested in …

Daily NCSC-FI news followup 2020-02-15

Edes puhelimen nollaus ei auta näin toimii häijy haittaohjelma www.is.fi/digitoday/tietoturva/art-2000006407633.html Erittäin sitkeä xHelper-haittaohjelma on ihmetyttänyt tietoturvatutkijoita kuukausien ajan, mutta nyt sen salaisuudet ovat vihdoin selvinneet ainakin osittain. Unknown number of Bluetooth LE devices impacted by SweynTooth vulnerabilities www.zdnet.com/article/unknown-number-of-bluetooth-le-devices-impacted-by-sweyntooth-vulnerabilities/ BLE software kits from six chipset vendors impacted. More vendor names to be revealed soon. Suomalaisille soitettu […]

Read More

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Daily NCSC-FI news followup 2019-12-08

Clever Microsoft Phishing Scam Creates a Local Login Form www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/ A clever phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. A typical credential-stealing phishing scam consists of an email where the attacker tries to convince […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.