Daily NCSC-FI news followup 2020-03-23

Protecting health care

www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch a cyberattack. Right now, medical organizations need qualified information infrastructure protection as never before.

An APT exploits coronavirus to spread malware

www.pandasecurity.com/mediacenter/news/apt-coronavirus-malware/ The world is currently living through an exceptional situation due to the current Covid-19 coronavirus pandemic. To try to stop the spread of the virus, a large number of companies all over the world have started a new regime of telework. This circumstance has significantly increased the attack surface, representing a great challenge for companies when it comes to cybersecurity, as they need to establish protocols and follow a series of measures to ensure that their business and IT systems work properly.

Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

www.fireeye.fr/blog/threat-research/2020/03/monitoring-ics-cyber-operation-tools-and-software-exploit-modules.html There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource . allocation.

The good, the bad and the plain ugly

www.welivesecurity.com/2020/03/23/good-bad-plain-ugly/ When ransomware attacks a healthcare establishment, it can have a devastating effect. This was witnessed in 2017, when WannaCryptor.D (aka WannaCry) hit multiple sites across the United Kingdoms National Health Service, limiting their ability to provide services and causing nearly 20,000 appointments to be cancelled. The COVID-19 pandemic is stretching the resources of health services to their maximum, across the globe. This includes not only the courageous frontline healthcare professionals but all the support teams that create the environment for them to work in, such as IT security teams.

Warning Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

thehackernews.com/2020/03/windows-adobe-font-vulnerability.html Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating systemincluding Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020. Also:





Fake Coronavirus Vaccine Website Busted in DoJ Takedown

threatpost.com/fake-coronavirus-vaccine-website-busted-in-doj-takedown/154031/ Authorities have cracked down on a website that claimed to give out coronavirus vaccine kits but that was actually stealing victims payment card data and personal information. The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines.

How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls

www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/ The coronavirus outbreak has seen an unprecedented number of people working and learning from home, and one of the tools that is making that possible is Zoom. But if you don’t take care, you could find your meetings being gate-crashed or Zoom-bombed, potentially causing havoc and mayhem.

Ikäviä löydöksiä roppakaupalla: Turvallisena pidetty tapa käyttää salasanoja onkin haavoittuvainen

www.tivi.fi/uutiset/tv/5859eb99-b782-4140-ab99-38da185faaba Lukuisia erilaisia pitkiä ja monimutkaisia salasanoja on vaikea muistaa. Niinpä niiden muistaminen kannattaa jättää salasananhallintasovelluksen huoleksi. Valitettavasti nekään eivät tuoreimman tiedon valossa ole aukottomia.

Fake Corona Antivirus distributes BlackNET remote administration tool

blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/ Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your computer, especially if you are connecting to your companys network, becomes more important. However, you should be extra careful of bogus security software, especially if it tries to use the coronavirus as a selling point.

Inside an Instagram Celebrity Hacking Campaign

www.vice.com/en_us/article/z3bkjy/inside-instagram-celebrity-hacking “Hello. We just hacked your account,” the text message read. The hackers had just taken over the Instagram account of an adult entertainment star with nearly two million followers, and were now asking her for $5,000 to hand the account back to its owner, according to screenshots of the messages obtained by Motherboard

Pwn2Own contest yields 13 bugs, as virtual format expands talent pool

www.scmagazine.com/home/security-news/vulnerabilities/pwn2own-contest-yields-13-bugs-as-virtual-format-expands-talent-pool/ Research teams at the Pwn2Own 2020 competition successfully exploited 13 software vulnerabilities this past week, including bugs found in products from Adobe, Apple, Microsoft, Oracle and Ubuntu. Participants earned $270,000 over the two-day event the first Pwn2Own ever to be held virtually, as a measure to combat the rapid spread of the novel coronavirus.

Operaattoreille lupa rajoittaa nettiliikennettä

www.tivi.fi/uutiset/tv/43fe2f4b-a587-468c-a1cf-a6aff5535e2b Verkkopalvelut ovat jo enemmän tai vähemmän vapaaehtoisesti pudottaneet videoiden kuvanlaatua, mutta jyrkempiinkin toimiin on valmiuksia.

HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/ An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims’ systems with the help of coronavirus-themed phishing emails. Open redirects are web addresses that automatically redirect users between a source website and a target site, and are regularly used by malicious actors to send their targets to phishing landing pages or to deliver malware payloads under the guise of legitimate services.

Hackers Actively Exploit 0-Day in CCTV Camera Hardware

threatpost.com/hackers-exploited-0-day-cctv-camera/154051/ Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the companys DVR hardware. Once commandeered, hackers then planted malware on devices to run botnets Chalubo, FBot and Moobot.

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/ Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised machines. The updated attack chain, which we started seeing in late 2019, maintains Astaroths complex, multi-component nature and continues its pattern of detection evasion.

Ameren Missouri Equipment Supplier Targeted In Ransomware Attack

news.stlpublicradio.org/post/ameren-missouri-equipment-supplier-targeted-ransomware-attack Ransomware attackers have stolen data from a third-party vendor that supplies utility equipment to Ameren Missouri power plants. Dozens of data files from Ohio-based LTI Power Systems appeared on a ransomware server in late February, including equipment diagrams and schematics from two Ameren Missouri facilities. No customer information appears to have been involved in the data breach.

You might be interested in …

Daily NCSC-FI news followup 2021-03-05

PLEASE LEAVE AN EXPLOIT AFTER THE BEEP www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep In January 2021, Dubex investigated suspicious activity on a set of Exchange servers. Generic post exploitation activity was seen, and many POST requests were sent to webshells hosted in the OWA directory. It was initially suspected the servers might be backdoored directly through the OWA and that […]

Read More

Daily NCSC-FI news followup 2021-10-23

Popular NPM library hijacked to install password-stealers, miners www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/ Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. The UA-Parser-JS library is used to parse a browser’s user agent to identify a visitor’s browser, engine, OS, […]

Read More

Daily NCSC-FI news followup 2019-12-05

Suojelupoliisi: Ulkomaiset vakoojat entistä kiinnostuneempia Suomen kriittisestä infrasta mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work.. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.