Daily NCSC-FI news followup 2020-01-22

The Guardian: Amazonin perustajan puhelimeen lähetetty hakkerointitiedosto näyttää tulleen Saudi-Arabian kruununprinssiltä

yle.fi/uutiset/3-11169416 Verkkokauppa Amazonin perustajan Jeff Bezosin puhelimen hakkerointiin käytetty tiedosto vaikuttaa tulleen Saudi-Arabian kruununprinssin Mohammed bin Salmanin henkilökohtaiselta tililtä, brittiläinen The Guardian -sanomalehti kirjoittaa. The Guardian artikkeli:


Glenn Greenwald Charged With Cybercrimes in Brazil

www.nytimes.com/2020/01/21/world/americas/glenn-greenwald-brazil-cybercrimes.html Federal prosecutors in Brazil on Tuesday charged the American journalist Glenn Greenwald with cybercrimes for his role in bringing to light cellphone messages that have embarrassed prosecutors and tarnished the image of an anti-corruption task force.. In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasília, accused Mr. Greenwald of being part of a criminal organization that hacked into the cellphones of several prosecutors and other public officials last year.

Microsoft discovers new sLoad 2.0 (Starslord) malware

www.zdnet.com/article/microsoft-discovers-new-sload-2-0-starslord-malware/#ftag=RSSbaffb68 After thoroughly having its secrets laid bare last month in a Microsoft exposé report, the operators of the sLoad malware have put into circulation a revamped 2.0 version earlier this month.. This new sLoad version (also known as Starslord) doesn’t change much, but the fact that the sLoad gang shipped a new version in less than a month after having its operations exposed shows the speed at which malware authors often operate.. Microsoft blog:


German language malspam pushes Ursnif

isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/ On Tuesday 2020-01-21, a wave of malicious spam (malspam) hit various recipients in Germany. Messages from this German malspam were email chains associated with infected Windows hosts, and these emails all had password-protected zip archives as attachments. A closer look revealed this malspam was pushing Ursnif.

All 50 States Gaining Cybersecurity Coordinators

www.msspalert.com/cybersecurity-talent/states-gaining-cybersecurity-coordinators/ Each state will be assigned a cybersecurity coordinator to liaison with all levels of government to prepare, respond and remediate cyber attacks under a new federal bill introduced by a bipartisan group of legislators.. The Cybersecurity State Coordinator Act of 2020 would establish a standalone, federally funded program housed in the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA). CISA will appoint each states coordinator.

Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation

www.carbonblack.com/2020/01/21/threat-analysis-unit-tau-technical-report-the-prospect-of-iranian-cyber-retaliation/ In the past week, reports have surfaced of different attacks, where destructive malware have been used against victims in the Middle East. Destructive malware is generally the coup de grâce, that follows a larger attack.. From talking to IR partners in the region and from other published reports, this specific destructive malware has been used in conjunction with traditional lateral movement techniques.

FireEye and Citrix Tool Scans for Indicators of Compromise Related to CVE-2019-19781

www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html To help organizations identify compromised systems associated with CVE-2019-19781, FireEye and Citrix worked together to release a new tool that searches for indicators of compromise (IoC) associated with attacker activity observed by FireEye Mandiant. This tool is freely accessible in both the Citrix and FireEye GitHub repositories.. The free tool is designed to allow Citrix customers to run it locally on their Citrix instances and receive a rapid assessment of potential indications of compromise in the system based on known attacks and exploits. Citrix and FireEye strongly recommend that all Citrix customers run this tool as soon as possible to increase their overall level of awareness of potential compromise and take

150 000 ilmoitusta viranomaisilta jäi tulematta Traficomin lasku päätyi ulosottoon

www.is.fi/digitoday/art-2000006380528.html Kansalaisten sähköinen asiointipalvelu Suomi.fi kärsi marrasjoulukuun vaihteessa häiriöstä, joka koski palveluun saapuneista viesteistä lähteviä ilmoituksia. Häiriön aikana vähintään puolet ilmoituksista jäi lähtemättä, vaikka viestit sinänsä saapuivat palveluun normaalisti.. Näin ollen kansalainen ei olisi tiennyt esimerkiksi viranomaisten lähettämistä laskuista, ellei niitä käynyt katsomassa palvelussa itse.

Report: 250 million Microsoft customer service and support records exposed on the web

www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ Over the New Year, Microsoft exposed nearly 250 million Customer Service and Support (CSS) records on the web. The records contained logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019. All of the data was left accessible to anyone with a web browser, with no password or other authentication needed.. The Comparitech security research team led by Bob Diachenko uncovered five Elasticsearch servers, each of which contained an apparently identical set of the 250 million records. Diachenko immediately notified Microsoft upon discovering the exposed data, and Microsoft took swift action to secure it.

Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices

unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ Tomato is an open source alternative firmware for routers. Thanks to its stable, Linux-based, non-proprietary firmware, with VPN-passthrough capability and advanced quality of service (QoS) control, Tomato firmware is commonly installed by multiple router vendors and also installed manually by end users.. Unit 42 researchers discovered a new variant of the Muhstik botnet that adds a scanner to now attack Tomato routers for the first time by web authentication brute forcing.

PoC Exploits Do More Good Than Harm: Threatpost Poll

threatpost.com/poc-exploits-do-more-good-than-harm-threatpost-poll/152053/ More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.

You might be interested in …

[NCSC-FI News] Iskut vain kiihtyvät – ”Ihmiset eivät tajua, miten paljon Venäjää hakkeroidaan nyt”

Venäjältä on varastettu sodan aikana tietomurroissa teratavukaupalla tietoa, jota jaellaan verkossa. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency

A security researcher has netted a $250, 000 bug bounty for disclosing a vulnerability in Coinbase that could have allowed a user to sell’ currency they did not own. […] Alpha described on Twitter how they used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, “a pair I do not have access to, […]

Read More

[NCSC-FI News] Chinese “Override Panda” Hackers Resurface With New Espionage Attacks

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.