Daily NCSC-FI news followup 2020-03-27

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more

www.zdnet.com/article/best-password-managers/ Everyone needs a password manager. Period, full stop. It’s the only possible way to maintain unique, hard-to-guess credentials for every secure site you, your family members, and your team access daily.

Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics

www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/ Booz Allen Hamilton, the largest private contractor for the US intelligence community, has published a comprehensive report this week detailing 15 years (2004 to 2019) of cyber operations carried out by Russia’s military hackers.. Alkuperäinen raportti:

www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html

Identifying vulnerabilities and protecting you from phishing

blog.google/technology/safety-security/threat-analysis-group/identifying-vulnerabilities-and-protecting-you-phishing/ Googles Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and the people who use our products. Following our November update, today were sharing the latest insights to fight phishing, and for security teams, providing more details about our work identifying attacks against zero-day vulnerabilities

Group-IB: new financially motivated attacks in Western Europe traced to Russian-speaking threat actors

www.group-ib.com/media/silence_ta505_attacks_in_europe/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected successful attacks in Western Europe carried out in late January 2020. At least two companies operating in pharmaceutical and manufacturing sectors have been affected. Group-IB has immediately contacted the victims upon discovery. The tools used in the attacks were traced to Silence and TA505

Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic

www.bleepingcomputer.com/news/security/ryuk-ransomware-keeps-targeting-hospitals-during-the-pandemic/ The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic.

Malicious JavaScript Dropping Payload in the Registry

isc.sans.edu/forums/diary/Malicious+JavaScript+Dropping+Payload+in+the+Registry/25954/ When we speak about “fileless” malware, it means that the malware does not use the standard filesystem to store temporary files or payloads. But they need to write data somewhere in the system for persistence or during the infection phase. If the filesystem is not used, the classic way to store data is to use the registry. Here is an example of a malicious JavaScript code that uses a temporary

You might be interested in …

Daily NCSC-FI news followup 2020-12-30

DHS orders federal agencies to update SolarWinds Orion platform www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. Microsoft: SolarWinds hackers’ goal was the victims’ cloud data www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/ Microsoft says […]

Read More

Daily NCSC-FI news followup 2020-11-27

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark […]

Read More

Daily NCSC-FI news followup 2020-07-29

www.zdnet.com/article/hacker-gang-behind-garmin-attack-doesnt-have-a-history-of-stealing-user-data ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot The vulnerability, codenamed BootHole, allows attackers to tamper with the boot-loading process that precedes starting up the actual operating system (OS). Lisäksi: kb.cert.org/vuls/id/174059 ja www.openwall.com/lists/oss-security/2020/07/29/3. Lisäksi: www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/ ja www.theregister.com/2020/07/29/grub2_code_exec_flaw/ ja eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ APT reports – APT trends report Q2 2020 securelist.com/apt-trends-report-q2-2020/97937/ For […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.