Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster

www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors.. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.. see also

www.bleepingcomputer.com/news/security/microsoft-shares-tactics-used-in-human-operated-ransomware-attacks/

Zoho zero-day published on Twitter

www.zdnet.com/article/zoho-zero-day-published-on-twitter/ A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product.. The vulnerability impacts the Zoho ManageEngine Desktop Central. According to the Zoho website, this is an endpoint management solution. Companies use the product to control their fleets of devices — such as Android smartphones, Linux servers, or Mac and Windows workstations.

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication

www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ Only 11% of all enterprise accounts use a MFA solution overall.

One billion Android devices at risk of hacking

www.bbc.com/news/technology-51751950 More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested.. Google’s own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below.. According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

Virgin Media Data Breach Exposes Info of 900,000 Customers

www.bleepingcomputer.com/news/security/virgin-media-data-breach-exposes-info-of-900-000-customers/ Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails

www.bleepingcomputer.com/news/security/trickbot-malware-targets-italy-in-fake-who-coronavirus-emails/ A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware.. see also

www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

thehackernews.com/2020/03/ppp-daemon-vulnerability.html The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Emotet Actively Using Upgraded WiFi Spreader to Infect Victims

www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/ Emotets authors have upgraded the malware’s Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by samples recently spotted in the wild.. We previously reported that Emotet is now capable of spreading to new victims via nearby insecure wireless networks using a Wi-Fi worm module.

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

9 Strategies for Retaining Women in Cybersecurity and STEM in 2020

securityintelligence.com/articles/9-strategies-for-retaining-women-in-cybersecurity-and-stem-in-2020/

You might be interested in …

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the […]

Read More

Daily NCSC-FI news followup 2020-01-23

Increased Emotet Malware Activity www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.