Daily NCSC-FI news followup 2020-03-26

Coronavirus as a hook

www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/ We tell how the coronavirus scare is being exploited by phishers to attack companies and install malware. E-mails imitating business correspondence with malicious attachments are nothing new. Weve been observing them in junk traffic for the last three years at least. The more precise the fake, the higher the likelihood that the victim will not suspect anything.

Russians Shut Down Huge Card Fraud Ring

krebsonsecurity.com/2020/03/russians-shut-down-huge-card-fraud-ring/ Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.

4G networks vulnerable to denial of service attacks, subscriber tracking

www.zdnet.com/article/100-of-4g-networks-vulnerable-to-denial-of-service-attacks-researchers-claim/ Every 4G network is susceptible to a form of denial-of-service (DoS) attack, researchers say. We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads — and Positive Technologies (PT)’s latest Diameter networks’ report reveals a serious issue in 4G networking.

Thousands Of UK Loyalty Club Members Hacked

www.pandasecurity.com/mediacenter/mobile-news/loyalty-club-members-hacked/ Customer loyalty programs are great for providers and customers. In return for regular shopping, members receive various discounts and perks. At the same time, the shop gains all kinds of valuable data about your buying habits which they can use for targeted marketing purposes. Depending on the scheme they may also be able to re-sell some of that information to third parties.

Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface

www.recordedfuture.com/remote-attack-surface/ In response to the COVID-19 pandemic, many organizations have shifted to working from home for the foreseeable future this means that organizations will have a largely (or entirely) remote workforce for the first time. This creates a situation that is ripe for cybercriminals and nation-state actors to exploit. As we have observed with the rapid adoption of COVID-19-themed scams and attacks against the Olympics, threat actors both nation-state and cybercriminal are quick to exploit new and evolving situations.

Cyber Warranties: Market Fix or Marketing Trick?

cacm.acm.org/magazines/2020/4/243648-cyber-warranties/fulltext When buying a second-hand car you are at the mercy of the dealer. The dealer knows which cars were treated well by past owners and which are likely to break down within a few months. When buying an information security product, the vendor has a better idea of how effective the product truly is. In both cases, the seller has information the buyer lacks.. Will cyber warranties better align incentives in the market for information security products? Or are they marketing tricks riddled with coverage exclusions hidden in the fine print of the terms and conditions?

iOS exploit chain deploys LightSpy feature-rich malware

securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/ A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrastructure and LightSpy implants.

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

thehackernews.com/2020/03/coronavirus-covid-apps-android.html Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Store searches related to the topic.. Report:


Coronavirus Bitcoin scam promises millions working from home

blog.malwarebytes.com/scams/2020/03/coronavirus-bitcoin-scam-promises-millions-working-from-home/ In the last week, weve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoin missives landing in your inbox.

Very Large Sample as Evasion Technique?

isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for performance reasons. Can we consider a very big file as a technique to bypass security controls? Yesterday, while hunting, I spotted a very interesting malware sample. The malicious PE file was delivered via multiple stages but the final dropped file was large… very large!

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

threatpost.com/hackers-hijack-routers-to-spread-malware-via-coronavirus-apps/154170/ Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware.

Would You Exchange Your Security for a Gift Card?

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/ We often talk about attackers targeting companies with social engineering attacks. These usually take the form of phishing attacks that attempt to trick the recipient into opening a malicious attachment or clicking on a malicious link. Less discussed are targeted attacks using physical media. Penetration Testers that perform physical “pentests” are well versed in dropping “malicious” USB sticks in a target’s parking lot or waiting room. More complex are so-called “Rubber Ducky” attacks, where what looks like a USB stick is actually, in effect, a malicious USB keyboard preloaded with keystrokes.

Cyber Security Breaches Survey 2020

www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020 The Cyber Security Breaches Survey is a quantitative and qualitative study of UK businesses and charities. It helps these organisations understand the nature and significance of the cyber security threats they face, and what others are doing to stay secure. It also supports the government to shape future policy in this area.

Singapore most exposed, but also most prepared in cybersecurity: Deloitte

www.zdnet.com/article/singapore-most-exposed-but-also-most-prepared-in-cybersecurity-deloitte/ With a high internet adoption rate, the city-state faces the highest cybersecurity risk in Asia-Pacific, but also is the most prepared to deal with it in terms of policies and organisational readiness, according to Deloitte’s Cyber Smart Index, which assesses 12 markets across the region.

Critical CODESYS Bug Allows Remote Code Execution

threatpost.com/critical-codesys-bug-remote-code-execution/154213/ CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit. A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit, the company said.

Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic

www.bleepingcomputer.com/news/security/unpatched-ios-bug-blocks-vpns-from-encrypting-all-traffic/ A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses.

Threat Update: COVID-19

blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not yet observed any new techniques during this event. Rather, we have seen malicious actors shift the subject matter of their attacks to focus on COVID themes. We continue to monitor the situation and are sharing intel with the security community, customers, law enforcement, and governments.

Dark web hosting provider hacked again — 7,600 sites down

www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/ Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, has shut down today after getting hacked for the second time in 16 months, ZDNet has learned. Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal’s entire database.

Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack

www.bleepingcomputer.com/news/security/chubb-cyber-insurer-allegedly-hit-by-maze-ransomware-attack/ Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020. Chubb is one of the leading insurance carriers in the world with an extensive line of cyber insurance products that include incident response, forensics, legal teams, and even public relations.

Organizations struggle with patching endpoints against critical vulnerabilities

www.helpnetsecurity.com/2020/03/26/patching-endpoints/ Less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years, according to Automox. The research surveyed 560 IT operations and security professionals at enterprises with between 500 and 25,000 employees, across more than 15 industries to benchmark the state of endpoint patching and hardening.

You might be interested in …

Daily NCSC-FI news followup 2021-02-21

Experian challenged over massive data leak in Brazil www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens. After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and […]

Read More

Daily NCSC-FI news followup 2021-01-08

Sealed U.S. Court Records Exposed in SolarWinds Breach krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/ The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) […]

Read More

Daily NCSC-FI news followup 2019-07-16

Commando VM: The Complete Mandiant Offensive VM isc.sans.edu/diary/Commando+VM%3A+The+Complete+Mandiant+Offensive+VM/25136 Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments. Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests. The benefits of using a Windows machine include native support for Windows and Active Directory, using […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.