Daily NCSC-FI news followup 2020-01-21

by Posted on

Infiltrating Networks: Easier Than Ever Due to Evil Markets

www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the hackers have infiltrated.

Are We Secure Yet? How to Build a ‘Post-Breach’ Culture

www.darkreading.com/risk/are-we-secure-yet-how-to-build-a-post-breach-culture/a/d-id/1336813 There are many ways to improve your organization’s cybersecurity practices, but the most important principle is to start from the top.

DeepBlueCLI: Powershell Threat Hunting

isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/ DeepBlueCLI, in concert with Sysmon, enables fast discovery of specific events detected in Windows Security, System, Application, PowerShell, and Sysmon logs. And I do mean fast, DeepBlueCLI is quick against saved or archived EVTX files. It does take a bit more time to query the running event log service, but no less effective.

Tässä kotien 3 suurinta sähköistä uhkaa näin suojaudut

www.is.fi/digitoday/tietoturva/art-2000006378752.html Kodin nettiin kytketyt laitteet ja palvelut ovat jatkuvan uhan alla. Viranomainen neuvoo huijauksista, salasanoista ja älylaitteista.

New sextortion scam claims to record you with hacked Google Nest cam

www.hackread.com/new-sextortion-scam-recording-hacked-google-nest-cam/ Researchers at the email cybersecurity firm Mimecast have identified a brand new sextortion campaign, which is somewhat unconventional. Unlike the typical scams as it is targeting Google Nest home security camera owners and exploiting the common perception that IoT devices are generally unsecured.

Leave your admin interface’s TLS cert and private key in your router firmware in 2020? Just Netgear things

www.theregister.co.uk/2020/01/20/netgear_exposed_certificates/ Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces.. Security mavens Nick Starke and Tom Pohl found the materials on January 14, and publicly disclosed their findings five days later, over the weekend..

gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9

Vulnerabilities In Citrix/Netscaler Appliances Exploited Actively

www.nixu.com/blog/vulnerabilities-citrixnetscaler-appliances-exploited-actively Note: This blog relates to on-going incidents. Facts, recommendations and impact may change as more information becomes available.

New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users

securityintelligence.com/posts/new-netwire-rat-campaigns-use-img-attachments-to-deliver-malware-targeting-enterprise-users/ IBM X-Force researchers have discovered a new campaign targeting organizations with fake business emails that deliver NetWire remote-access Trojan (RAT) variants.. The RAT is hidden inside an IMG file, which is a file extension used by disk imaging software.

EFS Ransomware

safebreach.com/Post/EFS-Ransomware In this blog post we describe EFS-based ransomware (ransomware which abuses the Windows Encrypting File System), which is a new concept we developed in Safebreach Labs. We put 3 anti-ransomware solutions from well-known vendors to the test against our EFS ransomware.. All 3 solutions failed to protect against this threat. We then notified 17 major anti-malware and anti-ransomware vendors for Windows endpoints, provided them our PoC, and discovered that many products were affected. Most affected vendors deployed updates to address this new technique.. We conclude that the EFS ransomware is an alarming concept and a possible new threat in the ransomware horizon.

Suomalaisille sataa pornokiristysviestejä toimi näin

www.is.fi/digitoday/art-2000006379822.html Viestin sisältö on täyttä petosta. Siinä viestin lähettäjä väittää ottaneensa haltuun uhrin tietokoneen ja kuvanneensa salaa laitteen web-kameralla uhrin surffailua pornosivuilla.. Kiristysviestit kannattaa poistaa, eikä niihin kannata missään nimessä vastata. Lunnaita ei pidä missään tapauksessa maksaa.

Elaborate Honeypot ‘Factory’ Network Hit with Ransomware, RAT, and Cryptojacking

www.darkreading.com/threat-intelligence/elaborate-honeypot-factory-network-hit-with-ransomware-rat-and-cryptojacking/d/d-id/1336842 A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers – and raised alarms for at least one white-hat researcher who stumbled upon it.. also:

www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot. also:

documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf

Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources

www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT Apple Inc (AAPL.O) dropped plans to let iPhone users fully encrypt backups of their devices in the companys iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

16Shop adds Paypal, American Express to their Catalog

www.zerofox.com/blog/16shop-adds-paypal-american-express-to-their-catalog/ Since 2019, ZeroFOX Alpha Team has been tracking a prolific phishing kit distribution network known as 16Shop. Phishing kits services run similarly to software-as-a-service (SaaS) products- users can purchase these kits and are given a license to distribute them for a cost.. In early January 2020, ZeroFOX Alpha Team obtained a phishing kit from 16Shop that targets Paypal customers, as well as information indicating they have an American Express kit. This shows that the group is continuing to add to their product and adding brands to their phishing kit portfolio.

Micropatching a Workaround for CVE-2020-0674

blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html Last Friday, Microsoft published an advisory about a remotely exploitable memory corruption vulnerability (CVE-2020-0674) that was reported to them by Qihoo 360 as being exploited in the wild. These attacks were reportedly limited so Microsoft decided not to rush with issuing a patch but will rather provide one as part of February’s Patch Tuesday. They did, however, provide a workaround.. Because the provided workaround has multiple negative side effects, and because it is likely that Windows 7 and Windows Server 2008 R2 users without Extended Security Updates will not get the patch at all (their support ended this month), we decided to provide a micropatch that simulates the workaround without its negative side effects.

Breaking down a two-year run of Vivins cryptominers

blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html Talos has identified a new threat actor, internally tracked as “Vivin,” conducting a long-term cryptomining campaign. We first began linking different samples of malware dropping illicit coin miners to the same actor in November of 2019. However, upon further investigation, Talos established a much longer timeline of activity. Observable evidence shows that Vivin has been active since at least . November 2017 and is responsible for mining thousands of U.S. dollars in Monero cryptocurrency off of their infected hosts.

Published by News Bot

NCSC-FI Daily news

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.