Daily NCSC-FI news followup 2020-02-20

U.S. agency responsible for Trump’s secure communication suffered data breach: letter

www.reuters.com/article/us-usa-defense-breach/u-s-agency-responsible-for-trumps-secure-communication-suffered-data-breach-letter-idUSKBN20E27A The letter, dated Feb. 11, 2020, says that between May and July 2019, personal data may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.. The agency says it provides direct telecommunications and IT support to the president, vice president, their staff, and the U.S. Secret Service.

The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia

www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/ State Department officials today issued a statement blaming the Russian military intelligence agency known as the GRU for cyberattacks that hit Georgia in October. The onslaught took down or defaced thousands of websites, and even disrupted the broadcasts of two television stations.

Croatia’s largest petrol station chain impacted by cyber-attack

www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/ A ransomware attack is believed to have impaired the chain’s ability to issue invoices and accept loyalty cards.. A source familiar with the incident has told ZDNet this week that the ransomware incident has been caused by an infection with the CLOP ransomware strain.

Details of 10.6 million MGM hotel guests posted on a hacking forum

www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/ The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

Proof of Concept for Microsoft SQL Server Reporting Services Vulnerability Available

www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0 On February 11, Microsoft patched a remote code execution vulnerability in Microsoft SQL Server Reporting Services (SSRS). Availability of proof-of-concept (PoC) code for the disclosed remote code execution flaw leaves sites vulnerable to attack.

Microsoft has a subdomain hijacking problem

www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/ Spammers hijack Microsoft subdomains to advertise poker casinos. Many other subdomains have been vulnerable for years.

Hackers can trick a Tesla into accelerating by 50 miles per hour

www.technologyreview.com/s/615244/hackers-can-trick-a-tesla-into-accelerating-by-50-miles-per-hour/ The researchers stuck a tiny and nearly imperceptible sticker on a speed limit sign. The camera read the sign as 85 instead of 35, and in testing, both the 2016 Tesla Model X and that years Model S sped up 50 miles per hour.. Also


Cybergang Favors G Suite and Physical Checks For BEC Attacks

threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec-attacks/153074/ Researchers have uncovered a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Googles cloud-based productivity suite, G Suite, and for its use of physical checks for collecting fraudulent payments as opposed to wire transfers.

New Actors Attack Industrial Control Systems, Old Ones Mature

www.bleepingcomputer.com/news/security/new-actors-attack-industrial-control-systems-old-ones-mature/ ICS security firm Dragos identified three new adversaries last year and an overall increase in the number of threats and their sophistication.. Frequent targets are oil and gas, electric power, and water suppliers, and the nature of the attacks is mainly disruptive or destructive. This requires significant resources, thus indicating a well-funded attacker.

ObliqueRAT: New RAT hits victims endpoints via malicious documents

blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”. This campaign appears to target organizations in Southeast Asia.

Critical Adobe Flaws Fixed in Out-of-Band Update (After Effects and Media Encoder)

threatpost.com/critical-adobe-flaws-fixed-in-out-of-band-update/153060/ Both vulnerabilities can be exploited by a remote, unauthenticated attacker via the internet

You might be interested in …

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Daily NCSC-FI news followup 2020-05-13

Microsoft Patch Tuesday, May 2020 Edition krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/ Microsoft issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if youre running Windows on any of your machines its time once again to […]

Read More

Daily NCSC-FI news followup 2021-05-01

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.