Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies

www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks.

Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026)

blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January 2020, Mozilla released an advisory regarding a vulnerability in Firefox. On 17 January, Microsoft reported that 0-day attacks exploiting a vulnerability in Internet Explorer (IE) had been seen in the wild. JPCERT/CC confirmed attacks exploiting both vulnerabilities at once and issued a security alert.. This article explains the details of these attacks.

Interpol: Ransomware attacks on hospitals are increasing

www.bleepingcomputer.com/news/security/interpol-ransomware-attacks-on-hospitals-are-increasing/ According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies. At least 200 VPN servers connecting to multiple endpoints were compromised as of the first week of April, they added.. Following this trend, INTERPOLs Cybercrime Threat Response team at its Cyber Fusion Centre said over the weekend that it “has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill Intelligence for Vulnerability Management, Part One

www.fireeye.com/blog/threat-research/2020/04/zero-day-exploitation-demonstrates-access-to-money-not-skill.html FireEye Mandiant Threat Intelligence documented more zero-days exploited in 2019 than any of the previous three years. While not every instance of zero-day exploitation can be attributed to a tracked group, we noted that a wider range of tracked actors appear to have gained access to these capabilities. . Furthermore, we noted a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber capabilities, as well as an increase in zero-days used against targets in the Middle East, and/or by groups with suspected ties to this region.. Going forward, we are likely to see a greater variety of actors using zero-days, especially as private vendors continue feeding the demand for offensive cyber weapons.. Also


Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

threatpost.com/beyond-zoom-safe-slack-collaboration-apps/154446/ As the coronavirus pandemic continues to worsen, remote-collaboration platforms now fixtures in many workers new normal are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention.

Malware found in BB server, again

thefinancialexpress.com.bd/trade/malware-found-in-bb-server-again-1585541440 “the internet protocol used by the network of Bangladesh Bank is sending and receiving info to suspicious internet protocol infected with malware and botnet,” BCC director Tarique M Barkatullah wrote in a recent letter to the central bank.

Cyber criminals are trying a new trick to cash in on Zoom’s popularity

www.zdnet.com/article/cyber-criminals-are-trying-a-new-trick-to-cash-in-on-zooms-popularity/#ftag=RSSbaffb68 Now researchers at Trend Micro have uncovered cyber criminals looking to exploit Zoom by bundling cryptocurrency mining malware inside a legitimate installer for the video conferencing software.

Password Protected Malicious Excel Files

isc.sans.edu/diary/rss/25990 A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm).

Coronavirus-related cyberattacks surge in Brazil

www.zdnet.com/article/coronavirus-related-cyberattacks-surge-in-brazil/#ftag=RSSbaffb68 During the months of February and March, the cybersecurity company detected an increase of 124% in this type of scam. According to the study, this growth in cyberattacks is directly related to a surge in malicious messages sent through WhatsApp taking advantage of the Covid-19 situation.

Analyzing & Decrypting L4NC34s Simple Ransomware

blog.sucuri.net/2020/04/analyzing-decrypting-l4nc34s-simple-ransomware.html Were constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the affected website is the webmasters only source of income or a business relies entirely on its website and online presence.. We recently came across a case where all of the website files were seemingly encrypted and had their file names changed to append a .crypt.

Enabling security research & hunting with open source IoT attack data

techcommunity.microsoft.com/t5/azure-sentinel/enabling-security-research-amp-hunting-with-open-source-iot/ba-p/1279037# When researching and developing detection techniques, sourcing attack data: to train machine learning models and for use as test data, can be a challenge. To help drive pro-defence research and innovation in this area, Microsoft is releasing data from attacks against our IoT honeypot sensor network from a four-month period in 2019. We are releasing this under the in the hope that this enabled

NASA sees an exponential jump in malware attacks as personnel work from home

arstechnica.com/information-technology/2020/04/nasa-sees-an-exponential-jump-in-malware-attacks-as-personnel-work-from-home/ NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agencys Office of the Chief Information Officer said on Monday.

You might be interested in …

Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS. 8 U.S. City Websites Targeted in Magecart Attacks threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. Admin of carding portal behind $568M […]

Read More

Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, […]

Read More

Daily NCSC-FI news followup 2021-07-27

Microsoft Teams now automatically blocks phishing attempts www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/ Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.. This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.