Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster

www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors.. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.. see also

www.bleepingcomputer.com/news/security/microsoft-shares-tactics-used-in-human-operated-ransomware-attacks/

Zoho zero-day published on Twitter

www.zdnet.com/article/zoho-zero-day-published-on-twitter/ A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product.. The vulnerability impacts the Zoho ManageEngine Desktop Central. According to the Zoho website, this is an endpoint management solution. Companies use the product to control their fleets of devices — such as Android smartphones, Linux servers, or Mac and Windows workstations.

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication

www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ Only 11% of all enterprise accounts use a MFA solution overall.

One billion Android devices at risk of hacking

www.bbc.com/news/technology-51751950 More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested.. Google’s own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below.. According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

Virgin Media Data Breach Exposes Info of 900,000 Customers

www.bleepingcomputer.com/news/security/virgin-media-data-breach-exposes-info-of-900-000-customers/ Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails

www.bleepingcomputer.com/news/security/trickbot-malware-targets-italy-in-fake-who-coronavirus-emails/ A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware.. see also

www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

thehackernews.com/2020/03/ppp-daemon-vulnerability.html The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Emotet Actively Using Upgraded WiFi Spreader to Infect Victims

www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/ Emotets authors have upgraded the malware’s Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by samples recently spotted in the wild.. We previously reported that Emotet is now capable of spreading to new victims via nearby insecure wireless networks using a Wi-Fi worm module.

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

9 Strategies for Retaining Women in Cybersecurity and STEM in 2020

securityintelligence.com/articles/9-strategies-for-retaining-women-in-cybersecurity-and-stem-in-2020/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.