Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster

www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors.. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.. see also

www.bleepingcomputer.com/news/security/microsoft-shares-tactics-used-in-human-operated-ransomware-attacks/

Zoho zero-day published on Twitter

www.zdnet.com/article/zoho-zero-day-published-on-twitter/ A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product.. The vulnerability impacts the Zoho ManageEngine Desktop Central. According to the Zoho website, this is an endpoint management solution. Companies use the product to control their fleets of devices — such as Android smartphones, Linux servers, or Mac and Windows workstations.

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication

www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ Only 11% of all enterprise accounts use a MFA solution overall.

One billion Android devices at risk of hacking

www.bbc.com/news/technology-51751950 More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested.. Google’s own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below.. According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

Virgin Media Data Breach Exposes Info of 900,000 Customers

www.bleepingcomputer.com/news/security/virgin-media-data-breach-exposes-info-of-900-000-customers/ Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails

www.bleepingcomputer.com/news/security/trickbot-malware-targets-italy-in-fake-who-coronavirus-emails/ A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware.. see also

www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

thehackernews.com/2020/03/ppp-daemon-vulnerability.html The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Emotet Actively Using Upgraded WiFi Spreader to Infect Victims

www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/ Emotets authors have upgraded the malware’s Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by samples recently spotted in the wild.. We previously reported that Emotet is now capable of spreading to new victims via nearby insecure wireless networks using a Wi-Fi worm module.

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

9 Strategies for Retaining Women in Cybersecurity and STEM in 2020

securityintelligence.com/articles/9-strategies-for-retaining-women-in-cybersecurity-and-stem-in-2020/

You might be interested in …

Daily NCSC-FI news followup 2021-07-15

Brand Phishing Report Q2 2021: Microsoft Continues Reign blog.checkpoint.com/2021/07/15/brand-phishing-report-q2-2021-microsoft-continues-reign/ Our latest Brand Phishing Report for Q2 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals personal information or payment credentials during April, May and June 2021. In a quarter that saw Microsoft warn of a new Russian […]

Read More

Daily NCSC-FI news followup 2020-02-29

TRICKBOT DELIVERY METHOD GETS A NEW UPGRADE FOCUSING ON WINDOWS 10 blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the OSTAP javascript downloader.. This time we have identified the use of the latest version of the remote desktop activeX control class that was introduced for Windows 10. […]

Read More

Daily NCSC-FI news followup 2021-05-06

Syväteknologiaa kehittävä Unikie kyberturvallisuusjärjestö FISCin jäseneksi: “Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton” www.epressi.com/tiedotteet/ohjelmistoteollisuus/syvateknologiaa-kehittava-unikie-kyberturvallisuusjarjesto-fiscin-jaseneksi-kaiken-internet-ioe-ilman-salattua-tietoliikennetta-on-vastuuton.html tsuNAME – New DNS bug allows attackers to DDoS authoritative DNS servers www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/ “What makes TsuNAME particularly dangerous is that it can be exploited to carry out DDoS attacks against critical DNS infrastructure like large TLDs or ccTLDs, potentially affecting […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.