Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus

threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week.. My agency has only been around for a year and a half, but we want to take a new approach to cyber, he said from the Sandbox stage at the show. Our top three priorities are cybersecurity for the federal government, election security and ICS. The first two weve been addressing for some time.

Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-posts-alleged-data-of-kenneth-cole-fashion-giant/ The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers’ personal data stolen from giant U.S. fashion house Kenneth Cole Productions.

Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years

www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/#ftag=RSSbaffb68 Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers. Ghostcat is a flaw in the Tomcat AJP protocol.. AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary format. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances.. Tomcat’s AJP connector is enabled by default on all Tomcat servers and listens on the server’s port 8009.. also: www.chaitin.cn/en/ghostcat

Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities

www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/ Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugins settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this . The targeted plugins were Async JavaScript, Modern Events Calendar Lite, and 10Web Map Builder for Google Maps. At this time, we have reached out to each plugins development team in hopes of getting these issues resolved quickly.

How North Korean Hackers Rob Banks Around the World

www.wired.com/story/how-north-korea-robs-banks-around-world/ They scored $80 million by tricking a network into routing funds to Sri Lanka and the Philippines and then using a “money mule” to pick up the cash.

Cyberbullying: How is it different from facetoface bullying?

www.welivesecurity.com/2020/02/28/cyberbullying-how-different-face-to-face-bullying/ The digital age has added a whole new dimension to hurtful behavior, and we look at some of the key features that set in-person and online bullying apart

Educating Educators: Microsoft’s Tips for Security Awareness Training

www.darkreading.com/risk/educating-educators-microsofts-tips-for-security-awareness-training/d/d-id/1337192 Microsoft’s director of security education and awareness shares his approach to helping train employees in defensive practices.

Securing the Internet of Things through Class-Action Lawsuits

www.schneier.com/blog/archives/2020/02/securing_the_in.html Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death. It’s a lot to read, but it’s an interesting take on how to

Congress gives small ISPs $1 billion to rip out Huawei/ZTE network gear

arstechnica.com/tech-policy/2020/02/congress-gives-small-isps-1-billion-to-rip-out-huaweizte-network-gear/ The US House and Senate approved legislation to create a $1 billion fund that will help small telecom providers remove and replace Huawei and ZTE networking equipment.

Show me Your Clipboard Data!

isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Yesterday I’ve read an article about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app that discloses the metadata of pictures copied to the clipboard (like the GPS coordinates).. About passwords, many password managers use the clipboard to make the users life easier. You just need to paste data exported by the password manager in the password field. Some of them implement a technique to restore the content of the clipboard with previous data. This is very convenient but it is NOT a security feature. Once data has been copied into the clipboard, it can be considered as

Roaming Mantis, part V

securelist.com/roaming-mantis-part-v/96250/ Distributed in 2019 using SMiShing and enhanced anti-researcher techniques

Stealing advanced nations Mac malware isnt hard. Heres how one hacker did it

arstechnica.com/information-technology/2020/02/why-write-your-own-mac-malware-when-you-can-rip-off-a-competitors-a-how-to/ Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach thats often more effective: stealing and then repurposing a rivals code.. Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by

– From 0 to 1337. brief security analysis of a large service provider

0xsha.io/posts/from-0-to-1337-brief-security-analysis-of-a-large-service-provider Hello luvs, this article is about one of my very recent private security assessments on a gigantic service provider, to keep them safe we use REDACTED whenever we talk about them. Please note that this is in no way a complete security assessment, and my main goal of testing found at least one critical vulnerability to illustrate they are vulnerable to further attack in case of someone really

You might be interested in …

Daily NCSC-FI news followup 2020-02-20

U.S. agency responsible for Trump’s secure communication suffered data breach: letter www.reuters.com/article/us-usa-defense-breach/u-s-agency-responsible-for-trumps-secure-communication-suffered-data-breach-letter-idUSKBN20E27A The letter, dated Feb. 11, 2020, says that between May and July 2019, personal data may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.. The agency says it provides direct telecommunications and IT support […]

Read More

Daily NCSC-FI news followup 2020-08-08

Small and mediumsized businesses: Big targets for ransomware attacks www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/ Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?. While large enterprises may present themselves as more lucrative prey, SMBs are an attractive target due to their lack of resources to defend against such attacks. Iranians, […]

Read More

Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.