Daily NCSC-FI news followup 2020-02-20

U.S. agency responsible for Trump’s secure communication suffered data breach: letter

www.reuters.com/article/us-usa-defense-breach/u-s-agency-responsible-for-trumps-secure-communication-suffered-data-breach-letter-idUSKBN20E27A The letter, dated Feb. 11, 2020, says that between May and July 2019, personal data may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.. The agency says it provides direct telecommunications and IT support to the president, vice president, their staff, and the U.S. Secret Service.

The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia

www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/ State Department officials today issued a statement blaming the Russian military intelligence agency known as the GRU for cyberattacks that hit Georgia in October. The onslaught took down or defaced thousands of websites, and even disrupted the broadcasts of two television stations.

Croatia’s largest petrol station chain impacted by cyber-attack

www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/ A ransomware attack is believed to have impaired the chain’s ability to issue invoices and accept loyalty cards.. A source familiar with the incident has told ZDNet this week that the ransomware incident has been caused by an infection with the CLOP ransomware strain.

Details of 10.6 million MGM hotel guests posted on a hacking forum

www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/ The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

Proof of Concept for Microsoft SQL Server Reporting Services Vulnerability Available

www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0 On February 11, Microsoft patched a remote code execution vulnerability in Microsoft SQL Server Reporting Services (SSRS). Availability of proof-of-concept (PoC) code for the disclosed remote code execution flaw leaves sites vulnerable to attack.

Microsoft has a subdomain hijacking problem

www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/ Spammers hijack Microsoft subdomains to advertise poker casinos. Many other subdomains have been vulnerable for years.

Hackers can trick a Tesla into accelerating by 50 miles per hour

www.technologyreview.com/s/615244/hackers-can-trick-a-tesla-into-accelerating-by-50-miles-per-hour/ The researchers stuck a tiny and nearly imperceptible sticker on a speed limit sign. The camera read the sign as 85 instead of 35, and in testing, both the 2016 Tesla Model X and that years Model S sped up 50 miles per hour.. Also


Cybergang Favors G Suite and Physical Checks For BEC Attacks

threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec-attacks/153074/ Researchers have uncovered a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Googles cloud-based productivity suite, G Suite, and for its use of physical checks for collecting fraudulent payments as opposed to wire transfers.

New Actors Attack Industrial Control Systems, Old Ones Mature

www.bleepingcomputer.com/news/security/new-actors-attack-industrial-control-systems-old-ones-mature/ ICS security firm Dragos identified three new adversaries last year and an overall increase in the number of threats and their sophistication.. Frequent targets are oil and gas, electric power, and water suppliers, and the nature of the attacks is mainly disruptive or destructive. This requires significant resources, thus indicating a well-funded attacker.

ObliqueRAT: New RAT hits victims endpoints via malicious documents

blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”. This campaign appears to target organizations in Southeast Asia.

Critical Adobe Flaws Fixed in Out-of-Band Update (After Effects and Media Encoder)

threatpost.com/critical-adobe-flaws-fixed-in-out-of-band-update/153060/ Both vulnerabilities can be exploited by a remote, unauthenticated attacker via the internet

You might be interested in …

Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware […]

Read More

Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a […]

Read More

Daily NCSC-FI news followup 2019-09-27

Some Voting Machines Still Have Decade-Old Vulnerabilities www.wired.com/story/voting-village-results-hacking-decade-old-bugs/ The results of the 2019 Defcon Voting Village are inand they paint an ugly picture for voting machine security.. In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.