Daily NCSC-FI news followup 2020-02-29

TRICKBOT DELIVERY METHOD GETS A NEW UPGRADE FOCUSING ON WINDOWS 10

blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the OSTAP javascript downloader.. This time we have identified the use of the latest version of the remote desktop activeX control class that was introduced for Windows 10. The attackers utilize the activeX control for automatic execution of the malicious Macro following an enable of the Document content.. also:

www.bromium.com/deobfuscating-ostap-trickbots-javascript-downloader/

Meet the white-hat group fighting Emotet, the world’s most dangerous malware

www.zdnet.com/article/meet-the-white-hat-group-fighting-emotet-the-worlds-most-dangerous-malware/#ftag=RSSbaffb68 A private group of 20+ security researchers and system administrators have been waging a silent war against Emotet, today’s most dangerous malware operation.

TA505 hacking crew spent much of 2019 trying to breach South Korea’s financial sector

www.cyberscoop.com/ta505-south-korea-bank-phishing/ A gang of hackers with a long history of financially motivated attacks increased its targeting of businesses in South Korea last year, using a combination of malicious attachments and ransomware to haunt victims, according to new findings.

US Railroad Contractor Reports Data Breach After Ransomware Attack

www.bleepingcomputer.com/news/security/us-railroad-contractor-reports-data-breach-after-ransomware-attack/ RailWorks Corporation, one of North Americas leading railroad track and transit system providers, disclosed a ransomware attack that led to the exposure of personally identifiable information of current and former employees, their beneficiaries and dependents, as well as that of independent contractors.

The Long Path out of the Vulnerability Disclosure Dark Ages

www.wired.com/story/vulnerability-disclosure-bug-bounties/ Letting a company know about flaws in their products has gotten easier since 2003but not by much.

Domen toolkit gets back to work with new malvertising campaign

blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/ Last year, we documented a new social engineering toolkit we called Domen being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font.. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year, often reusing the same infrastructure that had already been partially disrupted. However, we recently came across a new malvertising campaign with brand new infrastructure that shows Domen is still being used by threat actors.. Even though Domen shares similarities with other social engineering templates, it is unique in its own ways. The client-side JavaScript responsible for the fake updates is one of the most thorough and professional coding jobs we had ever seen.

NVIDIA Fixes High Severity Flaw in Windows GPU Display Driver

www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaw-in-windows-gpu-display-driver/ NVIDIA has released a GPU display driver security update today, February 28, 2020, that fixes high and medium severity vulnerabilities that might lead to code execution, local escalation of privileges, information disclosure, and denial of service on unpatched Windows computers.

Käytätkö Windows-konettasi järjestelmänvalvojana? Näin luot itsellesi turvallisemman tilin

www.tivi.fi/uutiset/kaytatko-windows-konettasi-jarjestelmanvalvojana-nain-luot-itsellesi-turvallisemman-tilin/de2ebb88-5fba-4a42-b724-93215b9ab1b9 Tietokoneen käyttö on myös turvallisempaa, kun oma käyttäjä ei ole järjestelmänvalvoja. Uuden tietokoneen käyttöönoton yhteydessä kannattaa järjestelmänvalvojan lisäksi tehdä itselle peruskäyttäjätili, jolla ei ole järjestelmänvalvojan oikeuksia. Tällöin mahdolliset haittaohjelmat eivät voi itsestään rellestää tietokoneella, vaan laajoja oikeuksia vaativissa . Kommentti: Tilaajille

Hazelcast IMDG Discover Scan

isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/ Today my honeypot has been capturing scans for the Hazelcast REST API. I checked my logs for the past 2 years and these only started today. The last vulnerability published for Hazelcast was CVE-2018-10654 and related to “There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.”

You might be interested in …

Daily NCSC-FI news followup 2020-08-17

Hackers Stole 1 Terabyte Of Data From Billion-Dollar U.S. Liquor Maker www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/ The REvil ransomware gang has struck again. This time the victim is Brown-Forman, the 150-year-old Kentucky-based company behind such brands as Jack Daniels, Finlandia vodka and Korbel champagne.. see also www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/ Tea at the Ritz soured by credit card scammers www.bbc.co.uk/news/technology-53793922 Diners at […]

Read More

Daily NCSC-FI news followup 2019-10-11

Hakkeriryhmä testasi Jyväskylän yliopiston tietoturvaa www.jyu.fi/fi/ajankohtaista/arkisto/2019/10/hakkeriryhma-testasi-jyvaskylan-yliopiston-tietoturvaa Useiden Jyväskylän yliopiston tietojärjestelmien tietoturvaa testattiin syyskuussa normaalista poikkeavalla tavalla, kun valkohattuhakkeriryhmä Team ROT etsi niistä tietoturvaongelmia toteuttamassaan tietoturvatestauksessa.. Tietoturvatestaus toteutettiin viikonlopun aikana niin, että se haittasi mahdollisimman vähän yliopiston normaalia toimintaa. Testaajilla ei ollut fyysistä pääsyä yliopiston järjestelmiin, vaan yhteys niihin muodostettiin etäältä avoimen verkon kautta juuri niin […]

Read More

Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi: yle.fi/uutiset/3-11637719 Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.