Daily NCSC-FI news followup 2020-01-07

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

www.us-cert.gov/ncas/alerts/aa20-006a The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nations critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Irans historic use of cyber offensive activities to retaliate against perceived harm.

SHA-1 is a Shambles

sha-mbles.github.io/ We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1. Check our paper here for more details.. Paper at eprint.iacr.org/2020/014.pdf

I’m the queen of Gibraltar and will never get a traffic ticket… just two of the things anyone could have written into country’s laws thanks to unsanitised SQL input vuln

www.theregister.co.uk/2020/01/07/gibraltar_sql_vuln_allowed_law_editing/ A malicious person using the information exposed by the government website could have deleted and uploaded PDF files to the official online repository of Gibraltar’s laws.

Wheelie bad end to 2019 for Canyon Bicycles as hackers puncture IT systems

www.theregister.co.uk/2020/01/07/hackers_canyon_bicycles/ German cycle-maker Canyon Bicycles GmbG has confirmed it was the victim of a security break-in over the holiday period that has all the hallmarks of a ransomware attack with parts of the infrastructure padlocked by the perpetrators.

Only 9.27% of all npm developers use 2FA

www.zdnet.com/article/only-9-27-of-all-npm-developers-use-2fa/#ftag=RSSbaffb68 Only 9.27% of all maintainers of npm JavaScript libraries use two-factor authentication to protect their accounts.. The number is incredibly low and a major issue of concern for the npm security team, who’d like to see this figure grow in the coming year.

Microsoft Phishing Scam Exploits Iran Cyberattack Scare

www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/ An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials.

UK man sentenced to prison for hacking and spying on victims through their webcams

www.zdnet.com/article/uk-man-sentenced-to-prison-for-hacking-and-spying-on-victims-through-their-webcams/#ftag=RSSbaffb68 A UK man was sentenced this week to two years in prison for infecting at least three female victims with malware and then watching and recording victims via their webcams.

A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)

isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/ For the last week, I have been monitoring our honeypot logs for evidence of exploits taking advantage of CVE-2019-19781. Currently, I have not seen an actual “exploit” being used. But there is some evidence that people are scanning for vulnerable systems. Based on some of the errors made with these scans, I would not consider them “sophisticated.” There is luckily still no public exploit I am aware . of. But other sources I consider credible have indicated that they were able to create a code execution exploit.

Facebook: We’ll ban deepfakes but only if they break these rules

www.zdnet.com/article/facebook-well-ban-deepfakes-but-only-if-they-break-these-rules/ Facebook says it will take down a video if it has been “edited or synthesized beyond adjustments for clarity or quality in ways that aren’t apparent to an average person and would likely mislead someone into thinking that a subject of the video said words that they did not actually say”.. However, it will still allow content that is “parody or satire” or video that has been edited only to omit or change the order of words. . “If a photo or video is rated false or partly false by a fact-checker, we significantly reduce its distribution in News Feed and reject it if it’s being run as an ad. And critically, people who see it, try to share it, or have already shared it, will see warnings alerting them that it’s false,” said Bickert.

Half of the websites using WebAssembly use it for malicious purposes

www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/ Around half of the websites that use WebAssembly, a new web technology, use it for malicious purposes, according to academic research published last year.. Paper at

www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf. The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.. The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found part of malvertising campaigns.

Automotive cybersecurity incidents doubled in 2019, up 605% since 2016

www.helpnetsecurity.com/2020/01/06/automotive-cybersecurity-incidents/ Upstream Securitys 2020 Automotive Cybersecurity Report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019.

Fresh Cambridge Analytica leak shows global manipulation is out of control

www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation The release of documents began on New Years Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil.. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoenaed by Robert Muellers investigation into Russian interference in the 2016 presidential election.

A retrospective on the first two decades of control system cyber security culture issues still prevent successfully securing control systems

www.controlglobal.com/blogs/unfettered/a-retrospective-on-the-first-two-decades-of-control-system-cyber-security-culture-issues-still-prevent-successfully-securing-control-systems/ Control system cyber security was, and should be, about protecting the control system process. That is, keeping lights on, water flowing, pipelines from rupturing, etc. Were now at the end of the second decade of control system cyber security and it has changed from protecting the process to protecting the networks – they are not the same.

The Global Disinformation Order – 2019 Global Inventory of Organised Social Media Manipulation

comprop.oii.ox.ac.uk/wp-content/uploads/sites/93/2019/09/CyberTroop-Report19.pdf Over the past three years, we have monitored the global organization of social media manipulation by governments and political parties. Our 2019 report analyses the trends of computational propaganda and the evolving tools, capacities, strategies, and resources.

You might be interested in …

Daily NCSC-FI news followup 2020-07-03

New Apple macOS Big Sur feature to hamper adware operations www.zdnet.com/article/new-apple-macos-big-sur-feature-to-hamper-adware-operations/#ftag=RSSbaffb68 Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs. Windows 10: Microsoft Defender ATP now rates your security configurations www.zdnet.com/article/windows-10-microsoft-defender-atp-now-rates-your-security-configurations/#ftag=RSSbaffb68 New Microsoft Defender ATP service will […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Daily NCSC-FI news followup 2020-05-14

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users www.gdatasoftware.com/blog/netwire-rat-via-pasteee-and-ms-excel G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL. Sodinokibi drops greatest hits collection, and crime is the secret ingredient blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.