Daily NCSC-FI news followup 2020-03-29

Source code of Dharma ransomware pops up for sale on hacking forums

www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/ The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend.. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative ransomware operation in recent years, having extorted more than $24 million in payments from victims between November 2016 and November 2019.. Now, its source code is being sold for a price as low as $2,000 — which has security researchers on edge.

Legendaarinen suomalaishakkeri pääsi HBO:n dokumenttiin paljastaa USA:n vaalijärjestelmän haavoittuvuuden

www.tivi.fi/uutiset/tv/18cdf05a-2d44-45eb-b6d6-b68f1c63d7b5 HBO:n Harri Hurstista ja Yhdysvaltain äänestysjärjestelmästä kertova Kill Chain on hyytävää katseltavaa. Puolitoistatuntinen dokumentti on nyt katsottavissa HBO Nordicilla.

Microsoft reveals 775 percent Azure surge, quotas on some resources and significant new capacity coming ASAP

www.theregister.co.uk/2020/03/29/microsoft_reveals_775_percent_azure_usage_surge_in_coronavirus_lockdown_zones/ Microsoft has revealed a 775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders and is expediting the addition of significant new capacity that will be available in the weeks ahead, but has already imposed some quotas to cope with huge demand for its cloud.

You might be interested in …

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread […]

Read More

Daily NCSC-FI news followup 2019-11-09

Titanium: the Platinum group strikes again securelist.com/titanium-the-platinum-group-strikes-again/94961/ Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.