Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster

www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors.. They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.. see also

www.bleepingcomputer.com/news/security/microsoft-shares-tactics-used-in-human-operated-ransomware-attacks/

Zoho zero-day published on Twitter

www.zdnet.com/article/zoho-zero-day-published-on-twitter/ A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product.. The vulnerability impacts the Zoho ManageEngine Desktop Central. According to the Zoho website, this is an endpoint management solution. Companies use the product to control their fleets of devices — such as Android smartphones, Linux servers, or Mac and Windows workstations.

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication

www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ Only 11% of all enterprise accounts use a MFA solution overall.

One billion Android devices at risk of hacking

www.bbc.com/news/technology-51751950 More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested.. Google’s own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below.. According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

Virgin Media Data Breach Exposes Info of 900,000 Customers

www.bleepingcomputer.com/news/security/virgin-media-data-breach-exposes-info-of-900-000-customers/ Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

TrickBot Malware Targets Italy in Fake WHO Coronavirus Emails

www.bleepingcomputer.com/news/security/trickbot-malware-targets-italy-in-fake-who-coronavirus-emails/ A new spam campaign is underway that is preying on the fears of Coronavirus (COVID-19) to target people in Italy with the TrickBot information-stealing malware.. see also

www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

thehackernews.com/2020/03/ppp-daemon-vulnerability.html The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Emotet Actively Using Upgraded WiFi Spreader to Infect Victims

www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/ Emotets authors have upgraded the malware’s Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by samples recently spotted in the wild.. We previously reported that Emotet is now capable of spreading to new victims via nearby insecure wireless networks using a Wi-Fi worm module.

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/ A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

9 Strategies for Retaining Women in Cybersecurity and STEM in 2020

securityintelligence.com/articles/9-strategies-for-retaining-women-in-cybersecurity-and-stem-in-2020/

You might be interested in …

Daily NCSC-FI news followup 2019-06-28

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.. The malware, […]

Read More

Daily NCSC-FI news followup 2020-08-31

Bluetoothin turvallinen käyttö älylaitteissa www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/bluetoothin-turvallinen-kaytto-alylaitteissa Suomen korona-altistuksia jäljittävä sovellus auttaa katkaisemaan tartuntaketjuja ja hillitsemään viruksen leviämistä. Jäljittäminen perustuu Bluetooth Low Energy (BLE) -tekniikkaan: laitteet tunnistavat olevansa toisen laitteen lähellä BLE-signaalien voimakkuuden perusteella. Tässä artikkelissa korjaamme oletuksia ja vastaamme kysymyksiin, jotka liittyvät Bluetoothin käytön tietoturvariskeihin. Cisco warns of actively exploited bug in carrier-grade routers www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/ Cisco […]

Read More

Daily NCSC-FI news followup 2019-12-29

UK Government exposes addresses of new year honours recipients www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients More than 1,000 celebrities, government employees and politicians recognized in the U.K.’s traditional New Year’s Honours list this year “have had their home and work addresses posted on a government website.” IoT vendor Wyze confirms server leak www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/ Wyze, a company that sells smart devices […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.