Daily NCSC-FI news followup 2020-03-20


www.cisa.gov/publication/guidance-essential-critical-infrastructure-workforce MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/ Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums.

Coronavirus Poll: Cyberattacks Ramp Up as Work from Home Takes Hold

threatpost.com/coronavirus-poll-cyberattacks-work-from-home/153958/ A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.

Positive Technologies says 97% of Company Networks Carry Traces of Compromise

www.ptsecurity.com/ww-en/about/news/97-percent-of-company-networks-carry-traces-of-compromise/ Positive Technologies experts have analysed network activity of large companies (with over 1000 employees) in the key economic areas of Eastern European countries 1. Advanced network traffic analysis revealed suspicious activity in 97 percent of companies, and malware activity in 81 percent of companies.

Zyxel Flaw Powers New Mirai IoT Botnet Strain

krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/ In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai.. Also:



7 Spring Cleaning Tasks to Improve Data Security

securityintelligence.com/articles/7-spring-cleaning-tasks-to-improve-data-security/ This year, March 19 ushered in spring in the Northern Hemisphere the first time since 1896 that the season has started so early. So why not take advantage of the seasons early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically improve data security as well.

Hackers breach FSB contractor and leak details about IoT hacking project

www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/ Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.”

FBI Warning: Phishing Emails Push Fake Govt Stimulus Checks

www.bleepingcomputer.com/news/security/fbi-warning-phishing-emails-push-fake-govt-stimulus-checks/ FBI’s Internet Crime Complaint Center (IC3) today warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. “Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” IC3’s alert says.

TrickBot banking trojan introduces RDP brute forcing module

www.scmagazine.com/home/security-news/malware/trickbot-banking-trojan-introduces-rdp-brute-forcing-module/ Malicious actors have created a new module for the TrickBot banking trojan that allows the malware to perform brute force attacks on Microsofts Remote Desktop Protocol, specifically targeting U.S. and Hong Kong IP addresses.

Coronavirus scams, found and explained

blog.malwarebytes.com/scams/2020/03/coronavirus-scams-found-and-explained/ Coronavirus has changed the face of the world, restricting countless individuals from dining at restaurants, working from cafes, and visiting their loved ones. But for cybercriminals, this global pandemic is expanding their horizons. In the past week, Malwarebytes discovered multiple email scams that prey on the fear, uncertainty, and confusion regarding COVID-19, the illness caused by the novel coronavirus.

WHO chief emails claiming to offer coronavirus drug advice plant keyloggers on your PC

www.zdnet.com/article/who-chief-emails-claiming-to-offer-coronavirus-drug-advice-plant-keyloggers-on-your-pc/ Emails claiming to be from the leader of the World Health Organization (WHO) are making the rounds in new phishing campaigns designed to plant keyloggers on your PC. A new campaign spotted by IBM X-Force researchers this week is ongoing and involves a new variant of HawkEye malware.

Fintech company Finastra announces mysterious security breach

www.zdnet.com/article/fintech-company-finastra-announces-mysterious-security-breach/ Finastra, a London-based company that provides financial software and adjacent services to the world’s banking sector, has disclosed a security breach today. In a statement posted on its website, the fintech giant described the incident as “potentially anomalous activity” on its systems.. Also:


Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis

www.darkreading.com/vulnerabilities—threats/attack-surface-vulnerabilities-increase-as-orgs-respond-to-covid-19-crisis/d/d-id/1337369 In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic. The speed at which organizations are being forced to respond to the unfolding COVID-19 health crisis could be leaving many of them vulnerable to attack by threat actors rushing to exploit the situation.

Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

pandaily.com/weibo-confirms-538-million-user-records-leaked-listed-for-sale-on-dark-web/ Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibabas Security Research Lab posted on Weibo that millions of Weibo users data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on phone number search.

You might be interested in …

Daily NCSC-FI news followup 2021-01-26

Poliisi tutkii jälleen huijauksia Mieheltä vietiin lähes 300 000 euroa poliisi.fi/-/poliisi-tutkii-jalleen-huijauksia-miehelta-vietiin-lahes-300-000-euroa Helsingin poliisi tutkii kahta erillistä tapausta, joissa uhreilta huijattiin puhelimitse ja sähköpostitse rahaa. Also: www.is.fi/digitoday/art-2000007763427.html CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Daily NCSC-FI news followup 2019-07-13

Brazil is at the forefront of a new type of router attack www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/ On these sites, malicious ads (malvertising) run special code inside users’ browsers to search and detect the IP address of a home router, the router’s model. When they detect the router’s IP and model, the malicious ads then use a list of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.