Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-02-05

Malware infection attempts appear to be shrinking… possibly because miscreants are less spammy and more focused on specific targets

www.theregister.co.uk/2020/02/04/sonicwall_threat_report/ Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.

FBI Warns of DDoS Attack on State Voter Registration Site

www.bleepingcomputer.com/news/security/fbi-warns-of-ddos-attack-on-state-voter-registration-site/ The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today.

Emotet Gets Ready for Tax Season With Malicious W-9 Forms

www.bleepingcomputer.com/news/security/emotet-gets-ready-for-tax-season-with-malicious-w-9-forms/ The Emotet Trojan is getting ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms.

Chrome 80 Released With 56 Security Fixes, Cookie Changes, More

www.bleepingcomputer.com/news/google/chrome-80-released-with-56-security-fixes-cookie-changes-more/ Google has released Chrome 80 today, February 4th, 2020, to the Stable desktop channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms with bug fixes, new features, and 56 security fixes.

Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows

www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/ Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems.

Bitbucket Abused to Infect 500, 000+ Hosts with Malware Cocktail

www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/ Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500, 000 business computers across the world.

Päivitä nämä suositut ohjelmat heti hakkerit hyödyntävät edelleen vanhoja aukkoja

www.tivi.fi/uutiset/tv/839c8f50-628f-4e98-8438-9543d3b7c46c Yli puolet rikollisten käyttämistä yleisimmistä tietoturva-aukoista ovat yli vuoden vanhoja, ZDNet kirjoittaa. Jotkut ovat jopa yli viisi vuotta vanhoja.

Pelkäätkö salasanasi tai kotiosoitteesi vuotaneen nettiin? Asian tarkistamiseen on suomalainen vaihtoehto

www.is.fi/digitoday/tietoturva/art-2000006396447.html F-Securen ensi viikolla julkaistava työkalu kertoo, jos esimerkiksi salasana tai kotiosoite on päässyt vuotamaan. Tietoturvayhtiö F-Secure julkistaa ilmaistyökalun, jolla kuka tahansa voi tarkistaa, onko hänen sähköpostiosoitteensa ja mahdollisesti muutkin tietonsa vuotaneet osana jotain tietoturvamurtoa. Katso:

f-secure.com/en/home/free-tools/identity-theft-checker

Work hard… at not getting your phone compromised

www.zdnet.com/article/work-hard-at-not-getting-your-phone-compromised/ The news concerning the hacking of Amazon CEO Jeff Bezos’ mobile phone demonstrates that corporate executives are perfectly legitimate collection targets for governments. Powerful individuals should expect to be targets of criminals, activists, and governments. Furthermore, anyone in failing relationships could be a target for a partner installing “stalkerware.” To address these emerging threats, adopt a Zero Trust mentality — don’t click links or open attachments until that foreign official proves they deserve your trust.

Researcher: Backdoor mechanism still active in devices using HiSilicon chips

www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/ Russian security researcher Vladislav Yarmak has published today details about a backdoor mechanism he discovered in HiSilicon chips, used by millions of smart devices across the globe, such as security cameras, DVRs, NVRs, and others. In a detailed technical rundown that Yarmak published on Habr earlier today, the security researcher says the backdoor mechanism is actually a mash-up of four older security bugs/backdoors that were initially discovered and made public in March 2013, March 2017, July 2017, and September 2017. Read also:

habr.com/en/post/486856/

Bouygues Construction falls victim to ransomware

www.zdnet.com/article/bouygues-construction-falls-victim-to-ransomware/ Bouygues Construction has confirmed falling victim to ransomware that it detected across its network on January 30. “As a precautionary measure, information systems have been shut down to prevent any propagation, ” the company said in a brief statement.

Malware stew cooked up on Bitbucket, deployed in attacks worldwide

www.zdnet.com/article/malware-stew-cooked-up-on-bitbucket-deployed-in-attacks-worldwide/ Bitbucket is the latest legitimate hosting provider to be abused by cybercriminals to spread malware. In a campaign revealed by Cybereason researchers Lior Rochberger and Assaf Dahan on Wednesday, threat actors are actively delivering an “unprecedented number of malware types” in a new international attack wave. Read also:

www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Two Critical Android Bugs Get Patched in February Update

threatpost.com/critical-android-bugs-patched-in-update/152539/ As part of its February bug fixes, Google is patching a critical severity remote code execution vulnerability and an information disclosure bug.

Toll Group tight-lipped on alleged ransomware attack

www.itnews.com.au/news/toll-group-tight-lipped-on-alleged-ransomware-attack-537437 May have infected over 1000 servers. The logistics giant first reported that it was suffering from the effects of a “cyber security incident” on Friday last week.

5 Zero-day Vulnerabilities in Cisco Discovery Protocol Impacting Tens of Millions of Devices

www.armis.com/cdpwn/ Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction. CDP is a Cisco proprietary Layer 2 (Data Link Layer) network protocol that is used to discover information about locally attached Cisco equipment. CDP is implemented in virtually all Cisco products including switches, routers, IP phones and cameras. All those devices ship from the factory with CDP enabled by default. The CERT Coordination Center has also issued an advisory.. Also:

threatpost.com/critical-cisco-cdpwn-flaws-network-segmentation/152546/.

www.zdnet.com/article/cdpwn-vulnerabilities-impact-tens-of-millions-of-enterprise-devices/

The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb

blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/ Everyone is familiar with the concept of IoT, the Internet of Things, but how many of you have heard of smart lightbulbs? By using a mobile app, or your digital home assistant, you can control the light in your house and even calibrate the color of each lightbulb! These smart lightbulbs are managed over the air using the familiar WiFi protocol or ZigBee, a low bandwidth radio protocol.

WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

threatpost.com/whatsapp-bug-malicious-code-injection-rce/152578/ Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows this could be parlayed into remote code-execution.

Kyberturvallisuuskeskus julkaisi ilmaisen kyberoppaan hyökkäys voi jopa lopettaa yrityksen toiminnan”

www.tivi.fi/uutiset/tv/9baa6664-3bd3-4374-ab26-9527a3164ded Liikenne- ja viestintäviraston Kyberturvallisuuskeskus on julkaissut oppaan Kyberturvallisuus ja yrityksen hallituksen vastuu. Oppaassa luvataan tarjota tietoturvan parantamiseen konkreettisia työkaluja. Menneen vuoden tapahtumat osoittavat, että kyberhyökkäys voi pysäyttää tai jopa lopettaa yrityksen toiminnan. Tietoturva ei ole enää vain tekninen ongelma, vaan se tulee nostaa ylimmän yritysjohdon, hallituksen ja omistajien agendalle, keskeiseksi osaksi yrityksen riskienhallintaa, toteaa Kyberturvallisuuskeskuksen ylijohtaja Kalle Luukkainen tiedotteessa.

New Ransomware Strain Halts Toll Group Deliveries

www.bleepingcomputer.com/news/security/new-ransomware-strain-halts-toll-group-deliveries/ Australian transportation and logistics company Toll Group stated today that systems across multiple sites and business units were encrypted affected by a ransomware called the Mailto ransomware. This ransomware family is known as Mailto but its actual name based on analysis of the ransomware is NetWalker.

Faking e-mails: Why it is even possible

www.kaspersky.com/blog/36c3-fake-emails/32362/ Phishing and business e-mail compromise attacks rely on fake e-mails. But why is it so easy for attackers to make them so convincing?

STOMP 2 DIS: Brilliance in the (Visual) Basics

www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than those weve initially observed in our FireEye product telemetry. At least one campaign targeted South Korean organizations, including a marketing agency.

A Queens Ransom: Varonis Uncovers Fast-Spreading SaveTheQueen Ransomware

www.varonis.com/blog/save-the-queen-ransomware/ A new strain of ransomware encrypts files and appends them with the extension, .SaveTheQueen, and propagates using the SYSVOL share on Active Directory Domain Controllers

Bug hunter finds cryptocurrency-mining botnet on DOD network

www.zdnet.com/article/bug-hunter-finds-cryptocurrency-mining-botnet-on-dod-network/ A security researcher hunting for bug bounties discovered last month that a cryptocurrency-mining botnet had found a home and burrowed inside a web server operated by the US Department of Defense (DOD).

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

threatpost.com/gamaredon-apt-toolset-ukraine/152568/ The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.