Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-31

Trends in Internet Exposure

blog.shodan.io/trends-in-internet-exposure/ More companies are going remote due to COVID-19 and as a result there’s been a lot of speculation around how this impacts the exposure of companies and the Internet as a whole (in terms of publicly-accessible services). I was actually already working on creating trends for various services due to a presentation I gave late last year so let me share with you some updated charts on how the Internet . has evolved over the past few years (up to March 29, 2020).

ZOOM MEETINGS ARENT END-TO-END ENCRYPTED, DESPITE MISLEADING MARKETING

theintercept.com/2020/03/31/zoom-meeting-encryption/ ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

Kwampirs Targeted Attacks Involving Healthcare Sector

isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ There is no honor among thieves. Even after some ransomware gangs claimed to seize targeting the healthcare sector, attacks continue to happen. But ransomware isn’t alone. Last week, the FBI updated an advisory regarding the Kwampirs malware, pointing out the healthcare sector as one of its targets. Kwampirs isn’t picky in its targeting. It has been observed going after various sectors (financial, . energy, software supply chain, and healthcare, among others). One differentiator of Kwampirs is its modular structure. After penetrating a particular target network, the malware will load appropriate modules based on the targets it encounters. In general terms, Kwampirs is a “Remote Admin Tool” (RAT). It provides access to the target and can be used to execute additional payloads at the attacker’s. choosing.

Its Your Money and They Want It Now The Cycle of Adversary Pursuit

www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html To track a fast-moving adversary over time, we exploit organic intrusion data, pivot to other data sets, and make that knowledge actionable for analysts and incident responders, enabling new discoveries and assessments on the actor. The FireEye Advanced Practices team exists to know more about the adversary than anyone else, and by asking and answering questions such as these, we enable analyst . action in security efforts. In this blog post, we highlight how our cycle of identification, expansion, and discovery was used to track a financially motivated actor across FireEyes global data sets.

5 Reasons Why Threat Intel Management Needs to SOAR!

blog.paloaltonetworks.com/2020/03/cortex-threat-intel-management/ Here are 5 reasons why extending SOAR capabilities to threat intel management can help fix broken threat intel management processes:

Millions of Guests Impacted in Marriott Data Breach, Again

threatpost.com/millions-guests-marriott-data-breach-again/154300/ For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.

Zero chance of tackling zero trust without a platform approach

blogs.cisco.com/security/zero-chance-of-tackling-zero-trust-without-a-platform-approach Zero trust has gone mainstream. Everyones either promoting the concept, offering solutions to address the challenge, or just wanting to understand what its all about. And thats the trouble: it means different things to different people, especially the word trust, which is a loaded term in security.

Stealing passwords with credential dumping

blogs.cisco.com/security/stealing-passwords-with-credential-dumping – From a malicious standpoint, stealing and using legitimate credentials to gain access is more likely to go undetected as an attacker attempts to move through a network. Dropping a trojan or exploiting a vulnerability can certainly gain you initial access, but authorized credentials help you navigate laterally under the radar.

Office 365 Rebrands as Microsoft 365 With New Consumer Features

www.bleepingcomputer.com/news/microsoft/office-365-rebrands-as-microsoft-365-with-new-consumer-features/ Microsoft has announced today that they are rebranding the Office 365 service as Microsoft 365 with thelaunch of a new consumer subscription package that includes Office applications, OneDrive, and Outlook. a new Family Safety App, and Teams for Consumer.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.