Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry

www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as the phone numbers and other personal details of some of them.. Also:


Hacker attack on another DAX company detected

www.pandasecurity.com/mediacenter/news/winnti-hacker-attack-dax-company/ A spokesperson for the chemical company LANXESS has confirmed a hacker attack, which was discovered in the middle of last year. The extent of the damage is as yet unknown. According to research by Bayerischen Rundfunks and NDR, a hacker group called WinNTI was behind the attack. According to the company, it is currently not known whether any data has been stolen. The case has been handed over to the law enforcement authorities.


www.saferinternetday.org/ Get set for Safer Internet Day 2020, taking place on Tuesday, 11 February 2020, when – once again – we’ll join forces across the globe to work “Together for a better internet”..


U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

thehackernews.com/2020/02/equifax-chinese-military-hackers.html The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored hacking campaign as the largest hacking case ever uncovered of this type.. Also:






www.darkreading.com/attacks-breaches/chinas-military-behind-2017-equifax-breach-doj/d/d-id/1337009. Myös: yle.fi/uutiset/3-11201881

Current PayPal phishing campaign or “give me all your personal information”

isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/ One of my colleagues sent me a new PayPal phishing e-mail today. Although it was fairly usual, as phishing e-mails go, since the campaign is still active and since it shows the current “lets take all that we can get” mentality of the attackers quite well, I thought it was worth a short diary.

IoT security: Five things to change to make your smart devices really secure

www.zdnet.com/article/iot-security-five-things-to-change-to-make-your-smart-devices-really-secure/ We’re in the middle of an Internet of Things gold rush, with big tech companies racing to persuade us to cram as many smart gadgets as possible into our homes, our offices, our cars. Most of these are cheap, in many cases with the aim of encouraging us to buy as many as we can.

Ragnar Locker Ransomware Targets MSP Enterprise Support Tools

www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/ A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped. Attackers first began using the Ragnar Locker ransomware towards the end of December 2019 as part of attacks against compromised networks.

Nykyauto on pyörillä kulkeva tietokone se voi paljastaa sinusta henkilökohtaisia asioita tietämättäsi

yle.fi/uutiset/3-11200949 Nykyaikaisen auton sisältä löytyy tänä päivänä jopa pariakymmentä kannettavaa tietokonetta vastaava määrä erilaisia laskentatoimintoja, prosessoreita ja antureita. Nykyaikaisessa autossa onkin toistasataa erilaista prosessoria, jotka ohjaavat auton eri osia. Kaikkein pisimmälle kehitetyissä autoissa ohjelmistokoodiakin on reilut kaksisataa miljoonaa riviä.

Altsbit plans exit after hack leaves cryptocurrency exchange out of pocket

www.zdnet.com/article/altsbit-says-hack-has-left-the-cryptocurrency-exchange-with-next-to-no-funds/ Cryptocurrency exchange Altsbit has claimed that a hack has led to the theft of a huge number of customer deposits including Bitcoin (BTC) and Ethereum (ETH). Last week, the Italian cryptocurrency trading post said that on February 5, an “attack by hackers” led to the theft of “almost all funds from BTC, ETH, ARRR, and VRSC,” while a “small part” of customer funds were kept from reach as they were stored in cold wallets.

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to ‘eradicate’ weak HTTPS standard by blocking it

www.theregister.co.uk/2020/02/10/tls_10_11_firefox_complete_eradication/ Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 and plans to eventually block those weak HTTPS connections entirely. We have been hearing about issues with TLS 1.0 and 1.1 for some time. Web servers should really be using TLS 1.2 or 1.3 for their encrypted and secure HTTPS connections.

Why is the healthcare industry still so bad at cybersecurity?

arstechnica.com/information-technology/2020/02/why-is-the-healthcare-industry-still-so-bad-at-cybersecurity/ Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what theyre walking into triaging two patients: one in need of a hospital cardiac catheterization lab after an irregular electrocardiogram (EKG) reading, the other suffering from a stroke and needing a CT scan. All systems are down due to ransomware, so the physician working through the scenario cant access electronic health records or use any of the assessment methods modern medicine is so reliant on. So, what to do?

How North Korea Revolutionized the Internet as a Tool for Rogue Regimes

www.recordedfuture.com/north-korea-internet-tool/ Over the past three years, Recorded Future has published a series of research pieces revealing unique insight into the behavior of North Koreas most senior leadership. Our observations and findings during 2019 expand on these observations and point to broader conclusions about the way that North Korean leaders use the internet. For the North Korean political and military elite, the 2019 data show that the internet is not simply a fascination or leisure activity, but is a critical tool for revenue generation, gaining access to prohibited technologies and knowledge, and operational coordination.

Update: oledump.py Version 0.0.45

blog.didierstevens.com/2020/02/10/update-oledump-py-version-0-0-45/ This new version of oledump.py has a feature to display Ad Hoc YARA rules using option verbose.

You might be interested in …

Daily NCSC-FI news followup 2020-06-08

German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign securityintelligence.com/posts/german-task-force-for-covid-19-medical-equipment-targeted-in-ongoing-phishing-campaign/ During the course of ongoing research on coronavirus-related cyber activity, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a COVID-19 related phishing campaign targeting a German multinational corporation (MNC), associated with a German government-private sector task force to procure personal protective […]

Read More

Daily NCSC-FI news followup 2019-08-31

VLAN as an additional security layer www.kaspersky.com/blog/vlan-security/28253/ Every company has employees who handle large volumes of external e-mail. HR officers, PR managers, and salespeople are a few common examples. In addition to their regular mail, they receive a lot of spam, phishing messages, and malicious attachments. Moreover, the nature of their work requires them to […]

Read More

Daily NCSC-FI news followup 2020-04-01

Holy water: ongoing targeted water-holing attack in Asia securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/ The threat actors unsophisticated but creative toolset has been evolving a lot since the inception date, may still be in development, and leverages Sojson obfuscation, NSIS installer, Python, open-source code, GitHub distribution, Go language, as well as Google Drive-based C2 channels. Zoom Client Leaks Windows Login […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.