Daily NCSC-FI news followup 2020-02-01

Exercise Crossed Swords 2020 Reached New Levels of Multinational and Interdisciplinary Cooperation

ccdcoe.org/news/2020/exercise-crossed-swords-2020-reached-new-levels-of-multinational-and-interdisciplinary-cooperation/ The 6th iteration of the annual cyber exercise Crossed Swords in Riga, Latvia, brought together more than 120 technical experts, Cyber Commands´ members, Special Forces operators and military police. Organized jointly by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and CERT.LV, Crossed Swords has evolved from a purely technical red teaming workshop into a one of a kind training event combining different technical skills with kinetic force and taking place in several locations simultaneously. The exercise plays out a number of mutually intertwined kinetic and cyber operations. The focus is on advancing cyber Red Team members’ skills in preventing, detecting and responding to an adversary in the context of full-scale cyber operations.

Kansaneläkelaitos (Kela) rikkoo lakia, kun se ei pyydä verkkosivuillaan kävijöiltä tietosuojalainsäädännön edellyttämää suostumusta käyttäjätietojen keräämiseen, kirjoittaa Uutissuomalainen

yle.fi/uutiset/3-11187680 Kelan sivuja selaavista päätyy tietoja kolmansille osapuolille. Näitä ovat muun muassa Facebook ja Google. Lue myös:


Analyysi: Facebook paljastaa, miten yhtiö seuraa sinua palvelun ulkopuolella yhtiö tietää, mitä sovelluksia käytät ja milloin Facebook tekee tiedonkeruustaan läpinäkyvämpää, mutta käyttäjien yksityisyyden suojaa uudistus ei juurikaan paranna

yle.fi/uutiset/3-11186679 Facebook kerää sinusta tietoja koko ajan. Ei vain silloin, kun jaat palvelussa lomakuvia tai kommentoit ystäviesi julkaisuja. Koko ajan. Myös silloin, kun olet sulkenut sovelluksen tai kirjautunut ulos facebook.comista. Tällä viikolla tästä prosessista tuli hieman läpinäkyvämpää(siirryt toiseen palveluun). Facebook julkaisi tiistaina työkalun, jonka avulla käyttäjät näkevät, mitä tietoja Facebook on heistä kerännyt palvelunsa ulkopuolelta. Facebookin ulkopuolinen toiminta -ominaisuus paljastaa, mitkä sovellukset ja verkkosivut jakavat tietoja toimistasi somejätille. Lue myös:


Watch Out for Coronavirus Phishing Scams

www.wired.com/story/coronavirus-phishing-scams/ At least one email campaign is preying on fears by claiming to offer info about the Wuhan coronavirus. A sample phishing email from Tuesday, detected by security firm Mimecast, shows attackers disseminating malicious links and PDFs that claim to contain information on how to protect yourself from the spread of the disease. “Go through the attached document on safety measures regarding the spreading of corona virus, ” reads the message, which purports to come from a virologist. “This little measure can save you.”

Remember those infosec fellas who were cuffed while testing the physical security of a courthouse? The burglary charges have been dropped

www.theregister.co.uk/2020/01/31/dumb_charges_dropped_in_iowa/ Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong. On Thursday, the Des Moines Register no relation reported that a judge in Dallas County, Iowa, formally dismissed the third-degree burglary and possession of burglary tools allegations against Coalfire employees Gary DeMercurio and Justin Wynn. Read also:


New Intel Microcodes for Windows 10 Released to Fix CPU Bugs

www.bleepingcomputer.com/news/microsoft/new-intel-microcodes-for-windows-10-released-to-fix-cpu-bugs/ Microsoft has released a new Intel Microcode update for Windows 10 1909, 1903, and older versions that contains software fixes for hardware bugs in Intel CPUs. Intel Microcode updates are optional updates that mitigate hardware-based security vulnerabilities and bugs through a software patch. This allows Intel to fix, or at least mitigate, security flaws such as speculative execution vulnerabilities or bugs that are discovered after a CPU has been manufactured.

The Week in Ransomware – January 31st 2020 – Taking it to The Courts

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-31st-2020-taking-it-to-the-courts/ This week we saw victims continuing to use the legal system to target ransomware operators’ assets and services as well as a new ransomware targeting vulnerabilities. The most interesting news is how victims are utilizing the legal system to freeze or get injunctions against the assets and services used by ransomware operators. This was seen in the previous Southwire lawsuit against Maze and this week with a UK judge freezing the ransomware wallet for Bitpaymer.

Ransomware hits TV & radio news monitoring service TVEyes

www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/ Newsrooms, political campaigns, and PR agencies panic as they lose access to one of their crucial media monitoring tools. A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe. TVEyes CEO David Ives told ZDNet the ransomware attack took place after midnight on Thursday, January 30. The ransomware hit core server & engineering workstations inside TVEyes’ network, primarily in the US, but also some systems located abroad. Ives told ZDNet they have not yet identified the ransomware strain that infected the company’s network, but they have already began recovery efforts.

Burn, drown, or smash your phone: Forensics can extract data anyway

www.zdnet.com/article/burn-drown-or-smash-your-phone-forensics-can-extract-data-anyway/ Even if criminals try to destroy the evidence, NIST finds forensic experts can still extract data from a damaged phone. This is how they do it. Damaged mobile phones are still filled with plenty of useful data, according to researchers at the National Institute of Standards and Technology (NIST), which is part of the U.S. Department of Commerce. NIST published the results of a recent study on forensic methods for getting data from mobile damaged mobile phones. It tested the tools that law enforcement uses to hack phones and found that even if criminals attempt to destroy the evidence by burning, drowning, or smashing their phones, forensic tools can still successfully extract data from the phone’s electronic components.

Alert (AA20-031A) – Detecting Citrix CVE-2019-19781

www.us-cert.gov/ncas/alerts/aa20-031a Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1]. Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations were likely to be targeted once exploit code began circulating on the internet a few weeks later.

Sodinokibi Ransomware Group Sponsors Hacking Contest

threatpost.com/sodinokibi-ransomware-hacking-contest/152422/ Larger winnings for underground skills competitions are attracting sophisticated crime groups. White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same time, increasingly sophisticated participants are throwing their hats into the mix notably, the operators behind the Sodinokibi (a.k.a. REvil) ransomware.

Iranian Hackers Target U.S. Gov. Vendor With Malware

threatpost.com/iran-hackers-us-gov-malware/152452/ APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments. The company in question is U.S.-based Westat, a professional services company that provides research services to U.S. state and local governments, as well as more than 80 federal agencies. Researchers at Intezer uncovered the campaign after detecting a malicious file in January (called survey.xls), purporting to be an employee satisfaction survey for Westat employees and customers. The emails contain Excel spreadsheets that, once downloaded, at first appear to be blank, according to the analysis Only after victims enable macros on the spreadsheet does the survey appear asking whether victims are satisfied by career-development opportunities and job-related training, for instance but in the background, unbeknownst to them, malicious Visual Basic for Applications (VBA)

Why Public Wi-Fi is a Lot Safer Than You Think

www.eff.org/deeplinks/2020/01/why-public-wi-fi-lot-safer-you-think If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks” in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was.

Abusing DLL Misconfigurations Using Threat Intelligence to Weaponize R&D

www.fireeye.com/blog/threat-research/2020/01/abusing-dll-misconfigurations.html Dynamic-link library (DLL) side-loading occurs when Windows Side-by-Side (WinSxS) manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious DLL. If you are interested in learning more about how DLL side-loading works and how we see attackers using this technique, read through our whitepaper. DLL hijacking occurs when an attacker is able to take advantage of the Windows search and load order, allowing the execution of a malicious DLL, rather than the legitimate DLL.

71% of ransomware attacks target SMEs

www.pandasecurity.com/mediacenter/business/cybersecurity-smes/ Cybercrime is an undeniable constant in the business landscape these days. The cost of cybercrime is constantly risingit is estimated that by 2021, it will have reached $6 trillion. Cyberattacks on large companies tend to grab headlines all around the world because of their spectacular impact. However, there is one sector that, though it doesn’t normally generate headlines when it suffers a cyberattack: SMEs.

Three suspects arrested in Maltese bank cyber-heist

www.zdnet.com/article/three-suspects-arrested-in-maltese-bank-cyber-heist/ British police have arrested yesterday three individuals that they believe are involved in the February 2019 hack of Bank of Valletta (BOV), one of Malta’s biggest banks. The three were arrested on money laundering charges. At the time of writing, it is unclear if the three orchestrated the Malta BOV cyber-heyst, or were just helping the hackers launder the stolen funds.

Cybersecurity lacking at most of the world’s major airports

www.scmagazine.com/home/security-news/cybersecurity-lacking-at-most-of-the-worlds-major-airports/ When it comes to cybersecurity Amsterdam, Helsinki and Dublin were ranked the three safest airports by Immuniweb, but overall these facilities fared poorly when it came to protecting their websites, mobile platforms and systems. The study found 97 of the world’s 100 largest airports have have security risks related to vulnerable web and mobile applications, misconfigured public cloud, dark web exposure or code repositories leaks.

Android Malware Targets Diabetic Patients

www.fortinet.com/blog/threat-research/android-malware-targets-diabetic-patients.html I recently ran across an Android app named “Treatment for Diabetes.” With such a title, many would intuitively think this Android application is safe. However, at the recent Virus Bulletin 2019 conference I have showed that malware can be hidden in any application medical applications included to enable criminals to generate revenue through aggressive advertisements. While this compromised app does not generate false advertisements, the issue is the same: almost any application can be infected with malware. Read also:


You might be interested in …

Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers. French CERT (ANSSI) releases Active Directory Security Assessment Checklist www.cert.ssi.gouv.fr/uploads/guide-ad.html U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III […]

Read More

Daily NCSC-FI news followup 2020-10-08

Saitko tekstiviestin Postin nimissä? Varothan, viesti voi olla huijaus www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Päivitetty 07.10.2020 14:28. Uudessa huijaustyypissä tekstiviestillä lähetetystä linkistä aukeava kalastelusivu muuntautuu päätelaitteesi mukaan: iOS-laitteilta kalastellaan iCloud-tunnuksia, Androideille tarjotaan haitallista sovellusta (.apk-paketti). Android Users Beware: Delete These 240 Malicious Apps Now www.forbes.com/sites/kateoflahertyuk/2020/10/08/android-users-beware-delete-these-240-malicious-apps-now/ Android users need to check their devices today after security researchers revealed 240 malicious […]

Read More

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.