Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry

www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as the phone numbers and other personal details of some of them.. Also:


Hacker attack on another DAX company detected

www.pandasecurity.com/mediacenter/news/winnti-hacker-attack-dax-company/ A spokesperson for the chemical company LANXESS has confirmed a hacker attack, which was discovered in the middle of last year. The extent of the damage is as yet unknown. According to research by Bayerischen Rundfunks and NDR, a hacker group called WinNTI was behind the attack. According to the company, it is currently not known whether any data has been stolen. The case has been handed over to the law enforcement authorities.


www.saferinternetday.org/ Get set for Safer Internet Day 2020, taking place on Tuesday, 11 February 2020, when – once again – we’ll join forces across the globe to work “Together for a better internet”..


U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

thehackernews.com/2020/02/equifax-chinese-military-hackers.html The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored hacking campaign as the largest hacking case ever uncovered of this type.. Also:






www.darkreading.com/attacks-breaches/chinas-military-behind-2017-equifax-breach-doj/d/d-id/1337009. Myös: yle.fi/uutiset/3-11201881

Current PayPal phishing campaign or “give me all your personal information”

isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/ One of my colleagues sent me a new PayPal phishing e-mail today. Although it was fairly usual, as phishing e-mails go, since the campaign is still active and since it shows the current “lets take all that we can get” mentality of the attackers quite well, I thought it was worth a short diary.

IoT security: Five things to change to make your smart devices really secure

www.zdnet.com/article/iot-security-five-things-to-change-to-make-your-smart-devices-really-secure/ We’re in the middle of an Internet of Things gold rush, with big tech companies racing to persuade us to cram as many smart gadgets as possible into our homes, our offices, our cars. Most of these are cheap, in many cases with the aim of encouraging us to buy as many as we can.

Ragnar Locker Ransomware Targets MSP Enterprise Support Tools

www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/ A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped. Attackers first began using the Ragnar Locker ransomware towards the end of December 2019 as part of attacks against compromised networks.

Nykyauto on pyörillä kulkeva tietokone se voi paljastaa sinusta henkilökohtaisia asioita tietämättäsi

yle.fi/uutiset/3-11200949 Nykyaikaisen auton sisältä löytyy tänä päivänä jopa pariakymmentä kannettavaa tietokonetta vastaava määrä erilaisia laskentatoimintoja, prosessoreita ja antureita. Nykyaikaisessa autossa onkin toistasataa erilaista prosessoria, jotka ohjaavat auton eri osia. Kaikkein pisimmälle kehitetyissä autoissa ohjelmistokoodiakin on reilut kaksisataa miljoonaa riviä.

Altsbit plans exit after hack leaves cryptocurrency exchange out of pocket

www.zdnet.com/article/altsbit-says-hack-has-left-the-cryptocurrency-exchange-with-next-to-no-funds/ Cryptocurrency exchange Altsbit has claimed that a hack has led to the theft of a huge number of customer deposits including Bitcoin (BTC) and Ethereum (ETH). Last week, the Italian cryptocurrency trading post said that on February 5, an “attack by hackers” led to the theft of “almost all funds from BTC, ETH, ARRR, and VRSC,” while a “small part” of customer funds were kept from reach as they were stored in cold wallets.

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to ‘eradicate’ weak HTTPS standard by blocking it

www.theregister.co.uk/2020/02/10/tls_10_11_firefox_complete_eradication/ Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 and plans to eventually block those weak HTTPS connections entirely. We have been hearing about issues with TLS 1.0 and 1.1 for some time. Web servers should really be using TLS 1.2 or 1.3 for their encrypted and secure HTTPS connections.

Why is the healthcare industry still so bad at cybersecurity?

arstechnica.com/information-technology/2020/02/why-is-the-healthcare-industry-still-so-bad-at-cybersecurity/ Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what theyre walking into triaging two patients: one in need of a hospital cardiac catheterization lab after an irregular electrocardiogram (EKG) reading, the other suffering from a stroke and needing a CT scan. All systems are down due to ransomware, so the physician working through the scenario cant access electronic health records or use any of the assessment methods modern medicine is so reliant on. So, what to do?

How North Korea Revolutionized the Internet as a Tool for Rogue Regimes

www.recordedfuture.com/north-korea-internet-tool/ Over the past three years, Recorded Future has published a series of research pieces revealing unique insight into the behavior of North Koreas most senior leadership. Our observations and findings during 2019 expand on these observations and point to broader conclusions about the way that North Korean leaders use the internet. For the North Korean political and military elite, the 2019 data show that the internet is not simply a fascination or leisure activity, but is a critical tool for revenue generation, gaining access to prohibited technologies and knowledge, and operational coordination.

Update: oledump.py Version 0.0.45

blog.didierstevens.com/2020/02/10/update-oledump-py-version-0-0-45/ This new version of oledump.py has a feature to display Ad Hoc YARA rules using option verbose.

You might be interested in …

Daily NCSC-FI news followup 2021-06-09

Summary of June 8 outage www.fastly.com/blog/summary-of-june-8-outage We experienced a global outage due to an undiscovered software bug that surfaced on June 8 when it was triggered by a valid customer configuration change. We detected the disruption within one minute, then identified and isolated the cause, and disabled the configuration. Within 49 minutes, 95% of our […]

Read More

Daily NCSC-FI news followup 2020-01-17

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html As noted in Rough Patch: I Promise It’ll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix […]

Read More

Daily NCSC-FI news followup 2020-05-13

Microsoft Patch Tuesday, May 2020 Edition krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/ Microsoft issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if youre running Windows on any of your machines its time once again to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.