Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus

threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week.. My agency has only been around for a year and a half, but we want to take a new approach to cyber, he said from the Sandbox stage at the show. Our top three priorities are cybersecurity for the federal government, election security and ICS. The first two weve been addressing for some time.

Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-posts-alleged-data-of-kenneth-cole-fashion-giant/ The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers’ personal data stolen from giant U.S. fashion house Kenneth Cole Productions.

Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years

www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/#ftag=RSSbaffb68 Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers. Ghostcat is a flaw in the Tomcat AJP protocol.. AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary format. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances.. Tomcat’s AJP connector is enabled by default on all Tomcat servers and listens on the server’s port 8009.. also: www.chaitin.cn/en/ghostcat

Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities

www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/ Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugins settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this . The targeted plugins were Async JavaScript, Modern Events Calendar Lite, and 10Web Map Builder for Google Maps. At this time, we have reached out to each plugins development team in hopes of getting these issues resolved quickly.

How North Korean Hackers Rob Banks Around the World

www.wired.com/story/how-north-korea-robs-banks-around-world/ They scored $80 million by tricking a network into routing funds to Sri Lanka and the Philippines and then using a “money mule” to pick up the cash.

Cyberbullying: How is it different from facetoface bullying?

www.welivesecurity.com/2020/02/28/cyberbullying-how-different-face-to-face-bullying/ The digital age has added a whole new dimension to hurtful behavior, and we look at some of the key features that set in-person and online bullying apart

Educating Educators: Microsoft’s Tips for Security Awareness Training

www.darkreading.com/risk/educating-educators-microsofts-tips-for-security-awareness-training/d/d-id/1337192 Microsoft’s director of security education and awareness shares his approach to helping train employees in defensive practices.

Securing the Internet of Things through Class-Action Lawsuits

www.schneier.com/blog/archives/2020/02/securing_the_in.html Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices before those devices cause unnecessary injury or death. It’s a lot to read, but it’s an interesting take on how to

Congress gives small ISPs $1 billion to rip out Huawei/ZTE network gear

arstechnica.com/tech-policy/2020/02/congress-gives-small-isps-1-billion-to-rip-out-huaweizte-network-gear/ The US House and Senate approved legislation to create a $1 billion fund that will help small telecom providers remove and replace Huawei and ZTE networking equipment.

Show me Your Clipboard Data!

isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/ Yesterday I’ve read an article about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app that discloses the metadata of pictures copied to the clipboard (like the GPS coordinates).. About passwords, many password managers use the clipboard to make the users life easier. You just need to paste data exported by the password manager in the password field. Some of them implement a technique to restore the content of the clipboard with previous data. This is very convenient but it is NOT a security feature. Once data has been copied into the clipboard, it can be considered as

Roaming Mantis, part V

securelist.com/roaming-mantis-part-v/96250/ Distributed in 2019 using SMiShing and enhanced anti-researcher techniques

Stealing advanced nations Mac malware isnt hard. Heres how one hacker did it

arstechnica.com/information-technology/2020/02/why-write-your-own-mac-malware-when-you-can-rip-off-a-competitors-a-how-to/ Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach thats often more effective: stealing and then repurposing a rivals code.. Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by

– From 0 to 1337. brief security analysis of a large service provider

0xsha.io/posts/from-0-to-1337-brief-security-analysis-of-a-large-service-provider Hello luvs, this article is about one of my very recent private security assessments on a gigantic service provider, to keep them safe we use REDACTED whenever we talk about them. Please note that this is in no way a complete security assessment, and my main goal of testing found at least one critical vulnerability to illustrate they are vulnerable to further attack in case of someone really

You might be interested in …

Daily NCSC-FI news followup 2021-07-24

Internet Futures www.ofcom.org.uk/__data/assets/pdf_file/0013/222205/internet-futures.pdf This report should not be seen as an exhaustive list of every innovative technology being developed. Indeed, it can be no more than a sample of the high-quality ongoing research work being conducted in industry and academia. Further, the omission or inclusion of any technology shouldnt be taken as a signal of […]

Read More

Daily NCSC-FI news followup 2020-04-26

Hackers are exploiting a Sophos firewall zero-day www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/ Read also: community.sophos.com/kb/en-us/135412 and www.theregister.co.uk/2020/04/26/security_roundup_240420/. As well as: www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/ Reopen Domains: Shut the Front Dorr www.domaintools.com/resources/blog/reopen-domains-shut-the-front-dorr Update: We noticed that while working on this piece Brian Krebs posted an excellent article on the same. What can we say, but great minds think alike? Since we dug into […]

Read More

Daily NCSC-FI news followup 2021-03-18

Tiedote 18.3.2021: Timanttiteko-palkinto 2020 Kyberturvallisuuskeskukselle www.erillisverkot.fi/timanttiteko-palkinto-2020/ Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien arviointi on välttämätöntä. Suojelupoliisi tunnisti […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.