Daily NCSC-FI news followup 2020-02-20

U.S. agency responsible for Trump’s secure communication suffered data breach: letter

www.reuters.com/article/us-usa-defense-breach/u-s-agency-responsible-for-trumps-secure-communication-suffered-data-breach-letter-idUSKBN20E27A The letter, dated Feb. 11, 2020, says that between May and July 2019, personal data may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.. The agency says it provides direct telecommunications and IT support to the president, vice president, their staff, and the U.S. Secret Service.

The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia

www.wired.com/story/us-blames-russia-gru-sweeping-cyberattacks-georgia/ State Department officials today issued a statement blaming the Russian military intelligence agency known as the GRU for cyberattacks that hit Georgia in October. The onslaught took down or defaced thousands of websites, and even disrupted the broadcasts of two television stations.

Croatia’s largest petrol station chain impacted by cyber-attack

www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/ A ransomware attack is believed to have impaired the chain’s ability to issue invoices and accept loyalty cards.. A source familiar with the incident has told ZDNet this week that the ransomware incident has been caused by an infection with the CLOP ransomware strain.

Details of 10.6 million MGM hotel guests posted on a hacking forum

www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/ The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

Proof of Concept for Microsoft SQL Server Reporting Services Vulnerability Available

www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0 On February 11, Microsoft patched a remote code execution vulnerability in Microsoft SQL Server Reporting Services (SSRS). Availability of proof-of-concept (PoC) code for the disclosed remote code execution flaw leaves sites vulnerable to attack.

Microsoft has a subdomain hijacking problem

www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/ Spammers hijack Microsoft subdomains to advertise poker casinos. Many other subdomains have been vulnerable for years.

Hackers can trick a Tesla into accelerating by 50 miles per hour

www.technologyreview.com/s/615244/hackers-can-trick-a-tesla-into-accelerating-by-50-miles-per-hour/ The researchers stuck a tiny and nearly imperceptible sticker on a speed limit sign. The camera read the sign as 85 instead of 35, and in testing, both the 2016 Tesla Model X and that years Model S sped up 50 miles per hour.. Also


Cybergang Favors G Suite and Physical Checks For BEC Attacks

threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec-attacks/153074/ Researchers have uncovered a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Googles cloud-based productivity suite, G Suite, and for its use of physical checks for collecting fraudulent payments as opposed to wire transfers.

New Actors Attack Industrial Control Systems, Old Ones Mature

www.bleepingcomputer.com/news/security/new-actors-attack-industrial-control-systems-old-ones-mature/ ICS security firm Dragos identified three new adversaries last year and an overall increase in the number of threats and their sophistication.. Frequent targets are oil and gas, electric power, and water suppliers, and the nature of the attacks is mainly disruptive or destructive. This requires significant resources, thus indicating a well-funded attacker.

ObliqueRAT: New RAT hits victims endpoints via malicious documents

blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”. This campaign appears to target organizations in Southeast Asia.

Critical Adobe Flaws Fixed in Out-of-Band Update (After Effects and Media Encoder)

threatpost.com/critical-adobe-flaws-fixed-in-out-of-band-update/153060/ Both vulnerabilities can be exploited by a remote, unauthenticated attacker via the internet

You might be interested in …

Daily NCSC-FI news followup 2020-12-18

Kansallinen turvallisuusauditointikriteeristö Katakri 2020 julkaistu valtioneuvosto.fi/-/kansallinen-turvallisuusauditointikriteeristo-katakri-2020-julkaistu Kansallisen turvallisuusviranomainen NSA julkaisee Katakri 2020:n, eli viranomaisten tietoturvallisuuden auditointityökaluksi tarkoitetun kansallisen auditointikriteeristön 18.joulukuuta 2020 verkkoversiona.. Katakrin neljännen version päivitystyön taustalla keskeisimpänä tekijänä on ollut vastaaminen 2020 alusta uusiutuneen kansallisen lainsäädännön muutoksiin.. Painettu julkaisu ja englanninkielinen verkkoversio on saatavilla vuoden 2021 alkupuolella. SolarWinds hackers breach US nuclear weapons agency […]

Read More

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses. Stantinko botnet adds cryptomining to its pool of criminal activities www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.