Daily NCSC-FI news followup 2020-02-07

Backing up is no panacea when blackmailers publish stolen data

www.kaspersky.com/blog/ransomware-data-disclosure/32410/ Backing up data has been one of the most effective, though labor-intensive, safeguards against encrypting ransomware so far. Now, malefactors seem to have caught up with those who rely on backups. The creators of several ransomware programs, confronted with victims refusing to pay the ransom, shared their data online.

Adposhel adware takes over browser push notifications administration

blog.malwarebytes.com/adware/2020/02/adware-adposhel-takes-over-your-web-push-notifications-administration/ Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the administrator level.

Seniors Complete Guide to Internet Scams

www.pandasecurity.com/mediacenter/mobile-news/senior-scams/ Seniors have become the main target of cybercriminals. A report by the Consumer Financial Protection Bureau found that Suspicious Activity Reports for elder financial exploitation quadrupled from 2013 to 2017.

Critical Bluetooth bug leaves Android users open to attack

www.welivesecurity.com/2020/02/07/google-critical-android-bluetooth-flaw-attack/ Google has rolled out a security update to address a critical flaw in Androids Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two-thirds of Android devices in use, the flaw is rated critical by Google.

Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/ I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms.

Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs

threatpost.com/critical-citrix-rce-flaw-corporate-lans/152677/ About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway are still at risk from a trivial attack on their internal operations. If exploited, the flaw could allow unauthenticated attackers to gain remote access to a companys local network and carry out arbitrary code-execution.

Malaysia warns of Chinese hacking campaign targeting government projects

www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/ A Chinese state-sponsored hacking group has been targeting Malaysian government officials, computer experts with the Malaysian government said on Wednesday. The purpose of the attacks has been to infect computers of government officials with malware and then steal confidential documents from government networks, Malaysia’s Computer Emergency Response Team (MyCERT) said in a security advisory.

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

threatpost.com/olympic-ticket-survival-sites-hit-by-cyberattack/152648/ A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Over the past few weeks, the group has targeted two ticket sales websites one called Olympic Tickets is a re-seller of tickets to the upcoming 2020 summer Olympic games and the second, Euro 2020 Tickets, is selling tickets for the 2020 UEFA, a European football championship that takes place in June.

F-Secure: Nämä olivat 2010-luvun pahimmat kyberkatastrofit, joista kannattaa ottaa opiksi

www.tivi.fi/uutiset/tv/619a5165-bf12-40a0-a2bf-eb293347c0b1 Tietoturvan merkitys on kirkastunut monille viimeisen kymmenen vuoden aikana, kun monet scifiltä kuulostaneen uhkakuvat ovat toteutuneet. Tietoturvatalo F-Secure pikakelasi muistin virkistämiseksi, mitä kaikkea uutta konnuutta tietoturvassa nähtiin vuosina 2010-2019.

Emotet Evolves With New Wi-Fi Spreader

www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. ecently, Binary Defense has identified a new loader type that takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks, infecting all devices that it can access in the process.

Unit 42 CTR: Leaked Code from Docker Registries

unit42.paloaltonetworks.com/leaked-docker-code/ The Unit 42 Cloud Threat Report: Spring 2020 focused on the practices of DevOps to determine where misconfigurations are happening in the cloud. Our research found a large number of DevOps services (e.g., SSH, Database, Code Repository) inadvertently exposed to the internet due to misconfigured infrastructure. This blog offers a detailed analysis of leaked code from Docker registries and how this, and other insecure infrastructure of misconfigurations, can lead to compromises in an organizations security posture.

Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches

www.bleepingcomputer.com/news/security/japanese-defense-contractors-kobe-steel-pasco-disclose-breaches/ Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) today disclosed security breaches that happened in May 2018 and in June 2015/August 2016, respectively. The geospatial provider and the major steel manufacturer also confirmed unauthorized access to their internal network during the two incidents, as well as malware infections affecting their computing systems following the attacks.

Threat Spotlight: Email Account Takeover

blog.barracuda.com/2020/02/06/threat-spotlight-email-account-takeover/ Researchers from Barracuda and UC Berkeley, conducting a large-scale analysis of email account takeover and the timeline of attacks, recently highlighted the behaviors hackers are using to try to avoid detection, ways to identify suspicious activity that could indicate an email account has been compromised, and precautions you can take to protect your business.

You might be interested in …

Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix-pulse-secure-and-exchange-bugs/ Magecart Attack […]

Read More

Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more […]

Read More

Daily NCSC-FI news followup 2020-07-20

Cybersecurity basics more important then ever in the new normal of remote work says Salesforce Chief Trust Officer www.zdnet.com/article/cybersecurity-basics-more-important-then-ever-in-the-new-normal-of-remote-work-says-salesforce-chief-trust-officer/ Jim Alkove, Chief Trust Officer at Salesforce, talks security in the new normal of remote work, cybersecurity best practices, and how security jobs can be a way to increase diversity in IT. BadPower attack corrupts fast […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.