Daily NCSC-FI news followup 2020-02-13

US says it can prove Huawei has backdoor access to mobile-phone networks

arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/ “We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” US National Security Adviser Robert O’Brien told the Journal.. The US kept the intelligence highly classified until late last year, when American officials provided details to allies including the UK and Germany, according to officials from the three countries. That was a tactical turnabout by the US, which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.. Also:


January 2020s Most Wanted Malware: Coronavirus-themed spam spreads malicious Emotet malware

blog.checkpoint.com/2020/02/13/january-2020s-most-wanted-malware-coronavirus-themed-spam-spreads-malicious-emotet-malware/ While the threat of Coronavirus grabs the attention of the world, our latest Global Threat Index for January 2020 shows cyber-criminals are also exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus. The most prominent Coronavirus-themed campaign targeted Japan, distributing Emotet the leading malware type for the 4th month running in malicious email attachments feigning to be sent by a Japanese disability welfare service provider.

How we fought bad apps and malicious developers in 2019

security.googleblog.com/2020/02/how-we-fought-bad-apps-and-malicious.html Google Play connects users with great digital experiences to help them be more productive and entertained, as well as providing app developers with tools to reach billions of users around the globe. Such a thriving ecosystem can only be achieved and sustained when trust and safety is one of its key foundations. Over the last few years weve made the trust and safety of Google Play a top priority, and have continued our investments and improvements in our abuse detection systems, policies, and teams to fight against bad apps and malicious actors.. Also:


5 Ransomware Trends to Watch in 2020

www.recordedfuture.com/ransomware-trends-2020/ This is the fourth year that Recorded Future has asked me to write up my predictions for where ransomware is headed in the coming year. Trying to predict the future when it comes to these attacks is always a challenge. Unfortunately, the one prediction that I am confident in is that ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their . In fact, two verticals that we are following closely state and local governments, and healthcare have both seen a 20% increase in ransomware attacks over this time last year (with the caveat that the numbers are small this early in the year).

DDoS attacks in Q4 2019

securelist.com/ddos-report-q4-2019/96154/ In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. The first attacks using ARMS were registered back in June 2019, and by early October the protocol was being used by DDoS-as-a-service providers; such attacks have since become widespread. According to the BinaryEdge portal, at the beginning of the quarter, nearly 40,000 systems running macOS with ARMS were available online.

Will Weak Passwords Doom the Internet of Things (IoT)?

securityintelligence.com/articles/will-weak-passwords-doom-the-internet-of-things-iot/ Weak passwords can hurt any organizations security efforts and make any device easily hackable, but could they also be the greatest point of failure for internet of things (IoT) security? Weak passwords certainly put companies deploying IoT devices at greater risk of falling victim to a cyberattack.

An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601/ The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or Chain of Fools, an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default.

March Patch Tuesday is Coming – the LDAP Changes will Change Your Life!

isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/ Next month Microsoft will be changing the default behaviour for LDAP – Cleartext, unsigned LDAP queries against AD (over port 389) will be disabled by default. You’ll still be able to over-ride that using registry keys or group policy, but the best advice is to configure all LDAP clients to use encrypted, signed LDAPS queries (over port 636)..


Puerto Rico Gov Hit By $2.6M Phishing Scam

threatpost.com/puerto-rico-gov-hit-by-2-6m-phishing-scam/152856/ A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Ricos Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors.

Florida county election office hit by ransomware before 2016 presidential election

www.zdnet.com/article/florida-county-election-office-hit-by-ransomware-before-2016-presidential-election/ In long belated news, it was reported today that a Florida county’s election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections. News of the ransomware attack was reported today by the Palm Beach Post after an interview with Wendy Sartory Link, the current election supervisor of the Palm Beach County election office.

Nasty Android malware reinfects its targets, and no one knows how

arstechnica.com/information-technology/2020/02/researcher-says-nasty-android-infection-survived-a-factory-reset/ A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off. xHelper came to light last May when a researcher from security firm Malwarebytes published this brief profile. Three months later, Malwarebytes provided a deeper analysis after the companys Android antivirus app detected xHelper on 33,000 devices mostly located in the US, making the malware one of the top Android threats.

WordPress Cookie Consent Plugin Fixes Critical Flaw for 700K Users

www.bleepingcomputer.com/news/security/wordpress-cookie-consent-plugin-fixes-critical-flaw-for-700k-users/ Critical bugs found in the WordPress GDPR Cookie Consent plugin used by over 700,000 websites allow potential attackers to delete and change content and inject malicious JavaScript code due to improper access controls. The GDPR Cookie Consent plugin is designed to allow site admins to display customizable header or footer cookie banners to show their website’s EU Cookie Law (GDPR) compliance.. Also:


SweynTooth Bug Collection Affects Hundreds of Bluetooth Products

www.bleepingcomputer.com/news/security/sweyntooth-bug-collection-affects-hundreds-of-bluetooth-products/ Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in Bluetooth range can crash affected devices, force a reboot by sending them into a deadlock state, or bypass the secure BLE pairing mode and access functions reserved for authorized users.. Report: asset-group.github.io/disclosures/sweyntooth/. Also: www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

MIT researchers disclose vulnerabilities in Voatz mobile voting election app

www.zdnet.com/article/mit-researchers-disclose-vulnerabilities-in-voatz-mobile-voting-election-app/ Academics from MIT’s computer science laboratory have published a security audit today of Voatz, a mobile app used for online voting during the 2018 US midterm elections and scheduled to be used again in the upcoming 2020 presidential election. MIT academics claim they identified bugs that could allow hackers to “alter, stop, or expose how an individual user has voted.”

Varo huijausta Suomen Pankin ja Finanssivalvonnan nimissä älä missä nimessään klikkaa

www.is.fi/digitoday/tietoturva/art-2000006406401.html Suomen Pankki ja Finanssivalvonta varoittavat nimissään lähetetyistä huijaus- ja kalasteluviesteistä. Viesteihin ei tule reagoida eikä niiden sisältämiä linkkejä tule missään tapauksessa avata, Suomen Pankki opastaa. Finanssivalvonta antaa saman neuvon ja korostaa, ettei sillä ole mitään tekemistä näiden viestien kanssa.

Varo Veikkauksen mobiilisovellusta huijarin sivuilla ympäripyöreä selitys

www.tivi.fi/uutiset/tv/ea037db8-e817-438e-8689-b998491aace3 Google Play -kaupassa on ollut ladattavissa 27. tammikuuta lähtien Veikkaus-niminen huijaussovellus, jonka kehittäjänä näkyy Studio FWB. Sovelluksessa on käytetty Veikkauksen virallisia logoja. Veikkauksen turvallisuusjohtaja Elias Alanko vahvistaa Iltalehdelle, että kyseessä on huijaussovellus.

Third-Party Breaches and the Number of Records Exposed Increased Sharply in 2019

www.darkreading.com/attacks-breaches/third-party-breaches—and-the-number-of-records-exposed—increased-sharply-in-2019/d/d-id/1337037 Third-party risks are quickly mounting for enterprise organizations if the number of data breaches and total number of records exposed as a result are any indication. In a recent analysis of data pertaining to security breaches in 2019, Risk Based Security uncovered a sharp increase in incidents involving companies handling sensitive data for business partners and other clients. The total number of such third-party breaches hit 368 in 2019, up from 328 in 2018 and 273 in 2017 a 35% increase in two years.

Threat actors attempt to capitalize on coronavirus outbreak

blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html Using the news to try and increase clicks and drive traffic is nothing new for malicious actors. We commonly see actors leveraging current news stories or events to try and increase the likelihood of infection. The biggest news currently is focused on the new virus affecting the world, with a focus on China: the coronavirus. There are countless news articles and email-based marketing campaigns going at full throttle right now, as such, we wanted to take a deeper look at how this is manifesting itself on the threat landscape.

People Are Jailbreaking Used Teslas to Get the Features They Expect

www.vice.com/en_us/article/y3mb3w/people-are-jailbreaking-used-teslas-to-get-the-features-they-expect People have certain expectations when they buy a car. For example, they expect it to work for years afterwards needing only basic maintenance. They also expect that the purchase price includes ownership of not only the physical car itself but all the software that runs it.. Tesla doesnt agree. But that doesnt mean Tesla owners are helpless. Sadow and others have ways to push back against Tesla by jailbreaking the cars and getting the features owners feel are rightfully theirs.

You might be interested in …

Daily NCSC-FI news followup 2020-08-05

Defending the Oil and Gas Industry Against Cyber Threats securityintelligence.com/posts/oil-gas-security/ The oil and gas industry is one of the most powerful financial sectors in the world, critical to global and national economies. Therefore, this industry is a valuable target for adversaries seeking to exploit Industrial Control Systems (ICS) vulnerabilities. As the recent increase in attacks […]

Read More

Daily NCSC-FI news followup 2019-07-12

Buhtrap group uses zeroday in latest espionage campaigns www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/ ESET research reveals notorious crime group also conducting espionage campaigns for the past five years Over 17,000 Domains Infected with Code that Steals Card Data www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/ Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured […]

Read More

Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.