Daily NCSC-FI news followup 2020-03-31

Trends in Internet Exposure

blog.shodan.io/trends-in-internet-exposure/ More companies are going remote due to COVID-19 and as a result there’s been a lot of speculation around how this impacts the exposure of companies and the Internet as a whole (in terms of publicly-accessible services). I was actually already working on creating trends for various services due to a presentation I gave late last year so let me share with you some updated charts on how the Internet . has evolved over the past few years (up to March 29, 2020).

ZOOM MEETINGS ARENT END-TO-END ENCRYPTED, DESPITE MISLEADING MARKETING

theintercept.com/2020/03/31/zoom-meeting-encryption/ ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

Kwampirs Targeted Attacks Involving Healthcare Sector

isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ There is no honor among thieves. Even after some ransomware gangs claimed to seize targeting the healthcare sector, attacks continue to happen. But ransomware isn’t alone. Last week, the FBI updated an advisory regarding the Kwampirs malware, pointing out the healthcare sector as one of its targets. Kwampirs isn’t picky in its targeting. It has been observed going after various sectors (financial, . energy, software supply chain, and healthcare, among others). One differentiator of Kwampirs is its modular structure. After penetrating a particular target network, the malware will load appropriate modules based on the targets it encounters. In general terms, Kwampirs is a “Remote Admin Tool” (RAT). It provides access to the target and can be used to execute additional payloads at the attacker’s. choosing.

Its Your Money and They Want It Now The Cycle of Adversary Pursuit

www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html To track a fast-moving adversary over time, we exploit organic intrusion data, pivot to other data sets, and make that knowledge actionable for analysts and incident responders, enabling new discoveries and assessments on the actor. The FireEye Advanced Practices team exists to know more about the adversary than anyone else, and by asking and answering questions such as these, we enable analyst . action in security efforts. In this blog post, we highlight how our cycle of identification, expansion, and discovery was used to track a financially motivated actor across FireEyes global data sets.

5 Reasons Why Threat Intel Management Needs to SOAR!

blog.paloaltonetworks.com/2020/03/cortex-threat-intel-management/ Here are 5 reasons why extending SOAR capabilities to threat intel management can help fix broken threat intel management processes:

Millions of Guests Impacted in Marriott Data Breach, Again

threatpost.com/millions-guests-marriott-data-breach-again/154300/ For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.

Zero chance of tackling zero trust without a platform approach

blogs.cisco.com/security/zero-chance-of-tackling-zero-trust-without-a-platform-approach Zero trust has gone mainstream. Everyones either promoting the concept, offering solutions to address the challenge, or just wanting to understand what its all about. And thats the trouble: it means different things to different people, especially the word trust, which is a loaded term in security.

Stealing passwords with credential dumping

blogs.cisco.com/security/stealing-passwords-with-credential-dumping – From a malicious standpoint, stealing and using legitimate credentials to gain access is more likely to go undetected as an attacker attempts to move through a network. Dropping a trojan or exploiting a vulnerability can certainly gain you initial access, but authorized credentials help you navigate laterally under the radar.

Office 365 Rebrands as Microsoft 365 With New Consumer Features

www.bleepingcomputer.com/news/microsoft/office-365-rebrands-as-microsoft-365-with-new-consumer-features/ Microsoft has announced today that they are rebranding the Office 365 service as Microsoft 365 with thelaunch of a new consumer subscription package that includes Office applications, OneDrive, and Outlook. a new Family Safety App, and Teams for Consumer.

You might be interested in …

Daily NCSC-FI news followup 2020-01-08

No, the US Army isnt drafting you for WWIII by text message www.theverge.com/2020/1/7/21055797/us-army-draft-ww3-scam-text-message-fake On Tuesday, the Army put out a news bulletin alerting the public of fraudulent text messages from people claiming to be recruiters. Some texts tell the person receiving them to head to their local recruiting office for immediate departure to Iran. Others […]

Read More

Daily NCSC-FI news followup 2020-09-05

Suomi ennakoi 5g:n tuomia riskejä – Supo mukana arvioimassa laitteita www.kauppalehti.fi/uutiset/suomi-ennakoi-5gn-tuomia-riskeja-supo-mukana-arvioimassa-laitteita/15541875-2408-4a72-9f79-7e8f1922ef38 Tuleva lakimuutos mahdollistaa verkoista kansallisesti vaaralliseksi arvioitavien verkkolaitteiden poistamisen. “Tämä on osittain liitoksissa 5g-turvallisuuteen, mutta laissa ei ole tarkoituksena millään tavalla jonkin verkkolaitevalmistajan säänteleminen tai markkinoilta poistaminen. Laki lähtee aivan neutraalista näkökulmasta”, johtaja Jukka-Pekka Juutinen Traficomista kertoo. Australian Cyber Security Centre (ACSC) releases cyber […]

Read More

Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.