Daily NCSC-FI news followup 2020-03-10

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

thehackernews.com/2020/03/necurs-botnet-takedown.html Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure.

Fingridin kumppani joutui tietomurron uhriksi Verkot ovat hyvin suojassa edelleen

www.is.fi/digitoday/tietoturva/art-2000006434452.html Hyökkäys Entso-E:n tietojärjestelmiin ei aiheuta vaaraa Suomen sähköverkoille, Fingrid vakuuttaa.

NSA Warns About Microsoft Exchange Flaw as Attacks Start

www.bleepingcomputer.com/news/security/nsa-warns-about-microsoft-exchange-flaw-as-attacks-start/ The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency’s Twitter account.

Intel CPUs vulnerable to new LVI attacks

www.zdnet.com/article/intel-cpus-vulnerable-to-new-lvi-attacks/ Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

blog.malwarebytes.com/threat-analysis/2020/03/rocket-loader-skimmer-impersonates-cloudflare-library-in-clever-scheme/ In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme.. This latest skimmer is disguised as a JavaScript file that appears to be CloudFlares Rocket Loader, a library used to improve page load time. The attackers created an almost authentic replica by registering a specially crafted domain name.

Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)

blog.trendmicro.com/trendlabs-security-intelligence/busting-ghostcat-an-analysis-of-the-apache-tomcat-vulnerability-cve-2020-1938-and-cnvd-2020-10487/ Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).

Microsoft shares nightmare tale: 6 sets of hackers on a customer’s network

www.zdnet.com/article/microsoft-shares-nightmare-tale-6-sets-of-hackers-on-a-customers-network/ Microsoft’s first report from its Detection and Response Team (DART), which helps customers in deep cyber trouble, details the case of a large customer with six threat actors simultaneously on its network, including one state-sponsored hacker group that had been stealing data and email for 243 days. . see also


FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

krebsonsecurity.com/2020/03/fbi-arrests-alleged-owner-of-deer-io-a-top-broker-of-stolen-accounts/ FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores.

Paradise Ransomware Distributed via Uncommon Spam Attachment

www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

How poor IoT security is allowing this 12-year-old malware to make a comeback

www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-year-old-malware-to-make-a-comeback/ Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 – and the healthcare sector is where it’s infected the most targets.


www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites.

You might be interested in …

Daily NCSC-FI news followup 2020-11-26

ENISA Report Highlights Resilience of Telecom Sector in Facing the Pandemic www.enisa.europa.eu/news/enisa-news/telecom-security-and-resilience-during-covid19 ENISA is releasing its Telecom Security During a Pandemic report at the 32nd meeting of EU telecom security authorities. Underlining the current strength of the sector in the face of the pandemic, the report also calls for increased cooperation, as telecommunications become more […]

Read More

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Daily NCSC-FI news followup 2021-04-10

FBI arrests man for plan to kill 70% of Internet in AWS bomb attack www.bleepingcomputer.com/news/security/fbi-arrests-man-for-plan-to-kill-70-percent-of-internet-in-aws-bomb-attack/ The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. No password […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.