Daily NCSC-FI news followup 2020-01-13

Citrix ADC Exploits: Overview of Observed Payloads

isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/ Now that there are public exploits for Citrix ADC, we are seeing many attacks and are observing various payloads. For the moment, after normalization, we observed 37 different payloads

Who else works for this cover company network?

intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network/ In our previous articles we identified a network of front companies for APT activity in Hainan, and showed that Gu Jian, an academic at Hainan University, is listed as a contact person for one of these companies Hainan Xiandun. Additionally, Gu Jian appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large

Microsoft Enables Security Defaults in Azure Active Directory

www.bleepingcomputer.com/news/microsoft/microsoft-enables-security-defaults-in-azure-active-directory/ Microsoft introduced new secure default settings dubbed ‘Security Defaults’ to Azure Active Directory (Azure AD), now available for all license levels, including trial tenants. Security Defaults in Azure AD is a set of basic Microsoft-recommended identity security mechanisms containing preconfigured security settings for common attacks such as password spray, replay, and phishing.

Daily NCSC-FI news followup 2021-06-08

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/ The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. Lisäksi: thehackernews.com/2021/06/us-recovers-23-million-ransom-paid-to.html. Lisäksi: threatpost.com/fbi-claws-back-millions-darksides-ransom/166705/. Lisäksi: yle.fi/uutiset/3-11970237 StackOverflow, Twitch, Reddit, others down in Fastly CDN outage www.bleepingcomputer.com/news/security/stackoverflow-twitch-reddit-others-down-in-fastly-cdn-outage/ Major websites […]

Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. Leaky Gekko Group database exposes info on hotel brands, travelers www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over […]

Daily NCSC-FI news followup 2020-12-31

Adobe Flash Player is officially dead tomorrow www.bleepingcomputer.com/news/security/adobe-flash-player-is-officially-dead-tomorrow/ Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Lisäksi www.bleepingcomputer.com/news/software/adobe-now-shows-alerts-in-windows-10-to-uninstall-flash-player/ What’s Next for Ransomware in 2021? threatpost.com/ransomware-getting-ahead-inevitable-attack/162655/ Ransomware response demands a whole-of-business plan before the next attack, […]