Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft

krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to be changed.. Out of an abundance of caution, this process should be done from a pristine (preferably non-Windows-based) system that does not reside within the network compromised by the attackers. In addition, full use should be made of the strongest method available for securing these passwords with multi-factor authentication.

Google Reinstates Reported UAE Surveillance App ToTok

www.vice.com/en_us/article/dyg8qv/google-reinstates-reported-uae-surveillance-app-totok The version of ToTok on the Play Store is an updated version. Under a “what’s new” section, the ToTok app page reads “There is a newly designed dialog to ask your authorization of accessing and syncing your contact list.” When Google originally removed the app, it told the New York Times ToTok had violated unspecified policies.

Irans Cyber Attack on Billionaire Adelson Provides Lesson on Strategy

www.bloomberg.com/news/articles/2020-01-05/iranian-attack-on-adelson-provides-lesson-on-cyber-strategy As the U.S. awaits possible retribution over a recent airstrike that killed a top general, theres at least one American businessman who can attest, in detail, to what happened after he provoked Iran.. […] in February 2014, hackers inserted malware into the computer networks of Adelsons Las Vegas casino. The withering cyber-attack laid waste to about three quarters of the companys Las Vegas servers; the cost of recovering data and building new systems cost $40 million or more.

VPN warning: REvil ransomware targets unpatched Pulse Secure VPN servers

www.zdnet.com/article/vpn-warning-revil-ransomware-targets-unpatched-pulse-secure-vpn-servers/#ftag=RSSbaffb68 A security researcher is urging organizations that use Pulse Secure VPN to patch now or face ‘big game’ ransomware attacks by criminals who can easily use the Shodan.io IoT search engine to identify vulnerable VPN servers.

GoPro Karma drones grounded worldwide, thanks to possible GPS glitch

www.theverge.com/2020/1/5/21050653/gopro-karma-drone-not-flying-gps-compass-problem-glitch-grounded Owners of the GoPro Karma have been unable to fly their drones since the new year began, according to dozens of forum posts and tweets. The problem is affecting owners all around the globe, and it seems to be related to the recent so-called clock rollovers in the GPS and GLONASS satellite systems. While most tech companies tried to avert problems with the rollovers by issuing software updates . over the last few months, GoPro has not updated the Karma since September 2018, nine months after it discontinued the drone.

Tridium Niagara Vulnerabilities

www.wilbursecurity.com/2020/01/tridium-niagara-vulnerabilities/ These vulnerabilities have been out there for years and need to be remediated ASAP. If you think you might have been hacked or are hacked, reach out to an Incident Response company to comb through the environment. If your company is having these devices installed ask the installer what their security requirements are; show them the hardening guide on how its supposed to be done. We need to . change the mindset of these companies and installers, to think about the security impact of these devices. Together change happens.

Microsoft: RDP brute-force attacks last 2-3 days on average

www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/ Around 0.08% of RDP brute-force attacks are successful, and RDP brute-force attacks last 2-3 days on average, Microsoft said last month while presenting the results of a months-long study into the impact of RDP brute-force attacks on the enterprise sector.. Original at


Ransomware attack shuts down some Michigan schools

www.cbsnews.com/news/ransomware-attack-shuts-down-richmond-michigan-school-district/ District officials at Richmond Community Schools said their servers were attacked by ransomware during the holiday break and that the virus affected telephones, copiers and classroom technology. The district has closed three schools for the week so employees can resolve the problem, which officials believe will be “a very time-consuming process.” Student and staff information wasn’t compromised,

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ We found three malicious apps in the Google Play Store that work together to compromise a victims device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability. Interestingly, . upon further investigation we also found that the three apps are likely to be part of the SideWinder threat actor groups arsenal. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities Windows machines.

Malware Infects Small Hospital’s Medical Imaging Server

www.careersinfosecurity.com/malware-infects-small-hospitals-medical-imaging-server-a-13577 A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes.

Cybersecurity Data Sharing: A Federal Progress Report

www.bankinfosecurity.com/cybersecurity-data-sharing-federal-progress-report-a-13575 Certain federal agencies, especially units within the Department of Defense, still have plenty of work to do when it comes to sharing cybersecurity information and threat intelligence among themselves as well with the private sector, according to an unclassified report recently sent to Congress.. Report at

www.oversight.gov/sites/default/files/oig-reports/Unclassified%2020191219_AUD-2019-005-U_Joint%20Report.pdf. The audit also identifies several hurdles that need to be overcome to improve data sharing among several of the federal agencies that share data. It notes, for example, that:. Restrictive classifications limit cyber threat information from being widely shared among agencies.. Information systems at various agencies lack the ability to communicate with each other, which hampers the timely sharing of cyber threat information.. The reluctance of private organizations to share threat intelligence because of concerns about liability must be overcome.

GCHQ: A cyber-what-now? Rumours of our probe into London Stock Exchange ‘cyberattack’ have been greatly exaggerated

www.theregister.co.uk/2020/01/06/gchq_not_investigating_london_stock_exchange_cyberattack_allegation/ GCHQ and its cyber-defence offshoot NCSC have both denied that they are investigating a cyber-attack on the London Stock Exchange, contrary to reports.. The Wall Street Journal, normally a reliable source for news with a financial flavour, reported that British signals intelligence agency Government Communications Headquarters (GCHQ) has been looking into an August 2019 outage of the LSE, which was reported to the Financial Conduct Authority at the time.

You might be interested in …

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]

Read More

Daily NCSC-FI news followup 2020-10-17

Google warned users of 33,000 state-sponsored attacks in 2020 www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/ Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. Political campaign emails contain dark patterns to manipulate donors, voters www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/ Princeton researchers analyzed 100,000 different campaign emails from more […]

Read More

Daily NCSC-FI news followup 2021-09-02

UK VoIP telco receives ‘colossal ransom demand’, reveals REvil cybercrooks suspected of ‘organised’ DDoS attacks on UK VoIP companies www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/ In a statement, chair of Comms Council UK Eli Katz told us: “Comms Council UK is aware of the Denial of Service attacks currently targeting IP-based communications service providers in the UK and that a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.