Infiltrating Networks: Easier Than Ever Due to Evil Markets
www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the hackers have infiltrated.
Are We Secure Yet? How to Build a ‘Post-Breach’ Culture
www.darkreading.com/risk/are-we-secure-yet-how-to-build-a-post-breach-culture/a/d-id/1336813 There are many ways to improve your organization’s cybersecurity practices, but the most important principle is to start from the top.
DeepBlueCLI: Powershell Threat Hunting
isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ DeepBlueCLI, in concert with Sysmon, enables fast discovery of specific events detected in Windows Security, System, Application, PowerShell, and Sysmon logs. And I do mean fast, DeepBlueCLI is quick against saved or archived EVTX files. It does take a bit more time to query the running event log service, but no less effective.
Tässä kotien 3 suurinta sähköistä uhkaa näin suojaudut
www.is.fi/digitoday/tietoturva/art-2000006378752.html Kodin nettiin kytketyt laitteet ja palvelut ovat jatkuvan uhan alla. Viranomainen neuvoo huijauksista, salasanoista ja älylaitteista.
New sextortion scam claims to record you with hacked Google Nest cam
www.hackread.com/new-sextortion-scam-recording-hacked-google-nest-cam/ Researchers at the email cybersecurity firm Mimecast have identified a brand new sextortion campaign, which is somewhat unconventional. Unlike the typical scams as it is targeting Google Nest home security camera owners and exploiting the common perception that IoT devices are generally unsecured.
Leave your admin interface’s TLS cert and private key in your router firmware in 2020? Just Netgear things
www.theregister.co.uk/2020/01/20/netgear_exposed_certificates/ Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces.. Security mavens Nick Starke and Tom Pohl found the materials on January 14, and publicly disclosed their findings five days later, over the weekend..
gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
Vulnerabilities In Citrix/Netscaler Appliances Exploited Actively
www.nixu.com/blog/vulnerabilities-citrixnetscaler-appliances-exploited-actively Note: This blog relates to on-going incidents. Facts, recommendations and impact may change as more information becomes available.
New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users
securityintelligence.com/posts/new-netwire-rat-campaigns-use-img-attachments-to-deliver-malware-targeting-enterprise-users/ IBM X-Force researchers have discovered a new campaign targeting organizations with fake business emails that deliver NetWire remote-access Trojan (RAT) variants.. The RAT is hidden inside an IMG file, which is a file extension used by disk imaging software.
EFS Ransomware
safebreach.com/Post/EFS-Ransomware In this blog post we describe EFS-based ransomware (ransomware which abuses the Windows Encrypting File System), which is a new concept we developed in Safebreach Labs. We put 3 anti-ransomware solutions from well-known vendors to the test against our EFS ransomware.. All 3 solutions failed to protect against this threat. We then notified 17 major anti-malware and anti-ransomware vendors for Windows endpoints, provided them our PoC, and discovered that many products were affected. Most affected vendors deployed updates to address this new technique.. We conclude that the EFS ransomware is an alarming concept and a possible new threat in the ransomware horizon.
Suomalaisille sataa pornokiristysviestejä toimi näin
www.is.fi/digitoday/art-2000006379822.html Viestin sisältö on täyttä petosta. Siinä viestin lähettäjä väittää ottaneensa haltuun uhrin tietokoneen ja kuvanneensa salaa laitteen web-kameralla uhrin surffailua pornosivuilla.. Kiristysviestit kannattaa poistaa, eikä niihin kannata missään nimessä vastata. Lunnaita ei pidä missään tapauksessa maksaa.
Elaborate Honeypot ‘Factory’ Network Hit with Ransomware, RAT, and Cryptojacking
www.darkreading.com/threat-intelligence/elaborate-honeypot-factory-network-hit-with-ransomware-rat-and-cryptojacking/d/d-id/1336842 A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers – and raised alarms for at least one white-hat researcher who stumbled upon it.. also:
Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources
www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT Apple Inc (AAPL.O) dropped plans to let iPhone users fully encrypt backups of their devices in the companys iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.
16Shop adds Paypal, American Express to their Catalog
www.zerofox.com/blog/16shop-adds-paypal-american-express-to-their-catalog/ Since 2019, ZeroFOX Alpha Team has been tracking a prolific phishing kit distribution network known as 16Shop. Phishing kits services run similarly to software-as-a-service (SaaS) products- users can purchase these kits and are given a license to distribute them for a cost.. In early January 2020, ZeroFOX Alpha Team obtained a phishing kit from 16Shop that targets Paypal customers, as well as information indicating they have an American Express kit. This shows that the group is continuing to add to their product and adding brands to their phishing kit portfolio.
Micropatching a Workaround for CVE-2020-0674
blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html Last Friday, Microsoft published an advisory about a remotely exploitable memory corruption vulnerability (CVE-2020-0674) that was reported to them by Qihoo 360 as being exploited in the wild. These attacks were reportedly limited so Microsoft decided not to rush with issuing a patch but will rather provide one as part of February’s Patch Tuesday. They did, however, provide a workaround.. Because the provided workaround has multiple negative side effects, and because it is likely that Windows 7 and Windows Server 2008 R2 users without Extended Security Updates will not get the patch at all (their support ended this month), we decided to provide a micropatch that simulates the workaround without its negative side effects.
Breaking down a two-year run of Vivins cryptominers
blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html Talos has identified a new threat actor, internally tracked as “Vivin,” conducting a long-term cryptomining campaign. We first began linking different samples of malware dropping illicit coin miners to the same actor in November of 2019. However, upon further investigation, Talos established a much longer timeline of activity. Observable evidence shows that Vivin has been active since at least . November 2017 and is responsible for mining thousands of U.S. dollars in Monero cryptocurrency off of their infected hosts.