Daily NCSC-FI news followup 2020-02-26

Iranian APT Targets Govs With New Malware

threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/ A new campaign is targeting governments with the ForeLord malware, which steals credentials.. A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat (APT) group.

Internal Docs Show Why the U.S. Military Publishes North Korean and Russian Malware

www.vice.com/en_us/article/5dmwyx/documents-how-cybercom-publishes-russian-north-korean-malware-virustotal A previously secret document obtained by Motherboard shows how, and why, CYBERCOM is publicly releasing malware from adversaries.

Zyxel 0day Affects its Firewall Products, Too

krebsonsecurity.com/2020/02/zyxel-0day-affects-its-firewall-products-too/ On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware.. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Flaw in billions of Wi-Fi devices left communications open to eavesdropping

arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/ Cypress and Broadcom chip bug bit iPhones, Macs, Android devices, Echoes, and more.. also:

www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/. also:


Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

www.bleepingcomputer.com/news/security/hackers-scanning-for-vulnerable-microsoft-exchange-servers-patch-now/ Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago.. To exploit this flaw attackers only have to find vulnerable servers that are accessible on the Internet, search for email addresses they collect from the Outlook Web Access (OWA) portal URL, and get relevant dumps from previous data breaches.. Next, they only have to launch a credential stuffing attack and keep at it until they get a

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw

www.bleepingcomputer.com/news/security/doppelpaymer-hacked-bretagne-t-l-com-using-the-citrix-adc-flaw/ Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability.

Admins beware! Microsoft gives heads-up for ‘disruptive’ changes to authentication in Office 365 email service

www.theregister.co.uk/2020/02/26/disruptive_authentication_change_coming_to_exchange_online_microsoft_details_help_for_admins/ Basic authentication will be OFF for Exchange Online email and other services from October 2020

New CWE List of Common Security Weaknesses

www.us-cert.gov/ncas/current-activity/2020/02/26/new-cwe-list-common-security-weaknesses-0 With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information.

Suomalaisten puhelimiin tulee huijausviestejä älä klikkaa linkkiä

www.is.fi/digitoday/tietoturva/art-2000006419704.html?ref=rss Ainakin viikon verran jatkunutta huijausta tehdään PostNordin nimissä.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet

www.theregister.co.uk/2020/02/26/cloudflare_isc_f_dns_root/ A bug in software pushed out by Cloudflare resulted in failures at the heart of the web’s infrastructure, according to a report published this week by the Internet Systems Consortium (ISC).

Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online

www.theregister.co.uk/2020/02/26/rotherwood_healthcare_data_leak_10k_records_aws/ Plus birth certificates, job interview data and more

Chrome 80 update cripples top cybercrime marketplace

www.zdnet.com/article/chrome-80-update-cripples-top-cybercrime-marketplace/#ftag=RSSbaffb68 90% of all stolen credentials on the Genesis Store came from the AZORult malware. Now, the malware doesn’t work in Chrome 80.

Stalkerware Attacks Increased 50 Percent Last Year, Report

threatpost.com/stalkerware-attacks-increased-50-percent/153248/ Research puts the emerging mobile threatwhich monitors the whereabouts and device activity of devices users as well as collects personal datainto clearer focus.

Unpatched Security Flaws Open Connected Vacuum to Takeover

threatpost.com/unpatched-security-flaws-open-connected-vacuum-to-takeover/153142/ A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks.

Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen


Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) [With IOCs]

www.carbonblack.com/2020/02/20/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0/ The new command and control (C2) protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol.. TAU is providing this analysis as well as the investigation results of discovered C2s or victim hosts infected with the server variants on the Internet.

Tracking Kimsuky, the North Korea-based cyber espionage group: Part 1

www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html For years, we have tracked the espionage threat actor we call Black Banshee (also known in open source as Kimsuky). In 2019, it launched multiple parallel cyber espionage campaigns, from large-scale credential harvesting to narrowly targeted espionage and exfiltration operations.

You might be interested in …

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2020-06-18

Car autopilot security www.kaspersky.com/blog/protecting-adas/35961/ Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). . The main issue that autopilot manufacturers must address is guaranteeing reliability and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.