Daily NCSC-FI news followup 2020-03-31

Trends in Internet Exposure

blog.shodan.io/trends-in-internet-exposure/ More companies are going remote due to COVID-19 and as a result there’s been a lot of speculation around how this impacts the exposure of companies and the Internet as a whole (in terms of publicly-accessible services). I was actually already working on creating trends for various services due to a presentation I gave late last year so let me share with you some updated charts on how the Internet . has evolved over the past few years (up to March 29, 2020).

ZOOM MEETINGS ARENT END-TO-END ENCRYPTED, DESPITE MISLEADING MARKETING

theintercept.com/2020/03/31/zoom-meeting-encryption/ ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

Kwampirs Targeted Attacks Involving Healthcare Sector

isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/ There is no honor among thieves. Even after some ransomware gangs claimed to seize targeting the healthcare sector, attacks continue to happen. But ransomware isn’t alone. Last week, the FBI updated an advisory regarding the Kwampirs malware, pointing out the healthcare sector as one of its targets. Kwampirs isn’t picky in its targeting. It has been observed going after various sectors (financial, . energy, software supply chain, and healthcare, among others). One differentiator of Kwampirs is its modular structure. After penetrating a particular target network, the malware will load appropriate modules based on the targets it encounters. In general terms, Kwampirs is a “Remote Admin Tool” (RAT). It provides access to the target and can be used to execute additional payloads at the attacker’s. choosing.

Its Your Money and They Want It Now The Cycle of Adversary Pursuit

www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html To track a fast-moving adversary over time, we exploit organic intrusion data, pivot to other data sets, and make that knowledge actionable for analysts and incident responders, enabling new discoveries and assessments on the actor. The FireEye Advanced Practices team exists to know more about the adversary than anyone else, and by asking and answering questions such as these, we enable analyst . action in security efforts. In this blog post, we highlight how our cycle of identification, expansion, and discovery was used to track a financially motivated actor across FireEyes global data sets.

5 Reasons Why Threat Intel Management Needs to SOAR!

blog.paloaltonetworks.com/2020/03/cortex-threat-intel-management/ Here are 5 reasons why extending SOAR capabilities to threat intel management can help fix broken threat intel management processes:

Millions of Guests Impacted in Marriott Data Breach, Again

threatpost.com/millions-guests-marriott-data-breach-again/154300/ For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected.

Zero chance of tackling zero trust without a platform approach

blogs.cisco.com/security/zero-chance-of-tackling-zero-trust-without-a-platform-approach Zero trust has gone mainstream. Everyones either promoting the concept, offering solutions to address the challenge, or just wanting to understand what its all about. And thats the trouble: it means different things to different people, especially the word trust, which is a loaded term in security.

Stealing passwords with credential dumping

blogs.cisco.com/security/stealing-passwords-with-credential-dumping – From a malicious standpoint, stealing and using legitimate credentials to gain access is more likely to go undetected as an attacker attempts to move through a network. Dropping a trojan or exploiting a vulnerability can certainly gain you initial access, but authorized credentials help you navigate laterally under the radar.

Office 365 Rebrands as Microsoft 365 With New Consumer Features

www.bleepingcomputer.com/news/microsoft/office-365-rebrands-as-microsoft-365-with-new-consumer-features/ Microsoft has announced today that they are rebranding the Office 365 service as Microsoft 365 with thelaunch of a new consumer subscription package that includes Office applications, OneDrive, and Outlook. a new Family Safety App, and Teams for Consumer.

You might be interested in …

Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were […]

Read More

Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals […]

Read More

Daily NCSC-FI news followup 2021-04-05

Supply chain attacks: what we know about the SolarWinds Sunburst’ exploit, and why it still matters blog.checkpoint.com/2021/04/05/supply-chain-attacks-what-we-know-about-the-solarwinds-sunburst-exploit-and-why-it-still-matters/ In a press conference, more than 2 months after the incident, the U.S. deputy national security advisor said that investigators were still in the “beginning stages” of understanding the scope and scale of the attack. What makes the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.