Daily NCSC-FI news followup 2020-02-24

Operation DRBControl

www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-drbcontrol-uncovering-a-cyberespionage-campaign-targeting-gambling-companies-in-southeast-asia Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia. The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns.

EU Commission to staff: Switch to Signal messaging app

www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/ The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

Cybersecurity: Hacking victims are uncovering cyberattacks faster – and GDPR is the reason why

www.zdnet.com/article/cybersecurity-hacking-victims-are-uncovering-cyber-attacks-faster-and-gdpr-is-the-reason-why/ Organisations are still falling victim to hackers, but a new report from FireEye suggests that data protection legislation has improved the response time to cyberattacks.

WhatsApp, Telegram Group Invite Links Leaked in Public Searches

www.bleepingcomputer.com/news/security/whatsapp-telegram-group-invite-links-leaked-in-public-searches/ Invite links for WhatsApp and Telegram groups that may not be intended for public access are available through simple lookups on popular web search engines.

Malvertising in Govt, Enterprise Targets Old Software, Macs

www.bleepingcomputer.com/news/security/malvertising-in-govt-enterprise-targets-old-software-macs/ A new report on malicious advertising underscores the importance of using modern web browsers and making sure your operating system is up to date with the latest security updates to prevent being infected.

Racoon Malware Steals Your Data From Nearly 60 Apps

www.bleepingcomputer.com/news/security/racoon-malware-steals-your-data-from-nearly-60-apps/ An infostealing malware that is relatively new on cybercriminal forums can extract sensitive data from about 60 applications on a targeted computer.

Calling for security research in Azure Sphere, now generally available

msrc-blog.microsoft.com/2020/02/24/calling-for-security-research-in-azure-sphere/ also:

www.theregister.co.uk/2020/02/24/azure_sphere_is_now_generally_available/

Samsung cops to data breach after unsolicited ‘1/1’ Find my Mobile push notification

www.theregister.co.uk/2020/02/24/samsung_data_breach_find_my_mobile/ Samsung has admitted that what it calls a “small number” of users could indeed read other people’s personal data following last week’s unexplained Find my Mobile notification.

Google rolls out Titan keys to Europe, Japan. Plus: Group Policy bug is a feature, not a flaw, says Microsoft

www.theregister.co.uk/2020/02/24/security_roundup_feb_weekthree/

Zyxel Fixes 0day in Network Storage Devices

krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ Patch comes amid active exploitation by ransomware gangs

Google rolls out Titan keys to Europe, Japan. Plus: Group Policy bug is a feature, not a flaw, says Microsoft

www.theregister.co.uk/2020/02/24/security_roundup_feb_weekthree/

Zyxel Fixes 0day in Network Storage Devices

krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ Patch comes amid active exploitation by ransomware gangs

California man arrested on charges his DDoSes took down candidates website

arstechnica.com/information-technology/2020/02/california-man-arrested-on-charges-his-ddoses-took-down-candidates-website/ Feds say defendant used Amazon servers to wage DDoS attacks that cost the rival campaign.

Cisco unveils SecureX cloud platform for improved security visibility

www.zdnet.com/article/cisco-unveils-securex-cloud-platform-for-improved-security-visibility/ Cisco’s new platform aims to give businesses better visibility across their security portfolio via analytics and workflow automation.

Redefining Security Orchestration and Automation with Cortex XSOAR

blog.paloaltonetworks.com/2020/02/cortex-xsoar/ We are proud to introduce Cortex XSOAR, an evolution of Demisto, that continues our tradition of raising the bar for the security orchestration, automation and response (SOAR) category.

Google Cloud unveils new tools for detecting modern threats

www.zdnet.com/article/google-cloud-unveils-new-tools-for-detecting-modern-threats/ Google Cloud on Monday announced a series of new security capabilities, including a new way to detect threats with Chronicle’s security analytics platform. The new security tools line up with Google Cloud’s broader efforts to cater to enterprise customers.

European Union cybersecurity agency ENISA has issued advice on ensuring hospital computer networks are protected against cyber attacks.

www.zdnet.com/article/cybersecurity-do-these-ten-things-to-keep-your-networks-secure-from-hackers-hospitals-told/

iPhone and iPad apps can snoop on everything you copy to the clipboard

www.zdnet.com/article/iphone-and-ipad-apps-can-snoop-on-everything-you-copy-to-the-clipboard/ But Apple doesn’t think that this is a problem.

Cybersecurity alliance launches first open source messaging framework for security tools

www.zdnet.com/article/cybersecurity-alliance-launches-first-open-source-messaging-framework-for-security-tools/ OpenDXL Ontology is designed for data and command sharing between cybersecurity software.

LTE security flaw can be abused to take out subscriptions at your expense

www.zdnet.com/article/lte-security-flaw-can-be-abused-to-take-out-subscriptions-at-your-expense/ Researchers say the vulnerability impacts virtually all smartphones on the market.. report: imp4gt-attacks.net/

You might be interested in …

Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn. threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys ENTSO-E: cyber intrusion on its office […]

Read More

Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that […]

Read More

Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.