Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies

www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks.

Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026)

blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January 2020, Mozilla released an advisory regarding a vulnerability in Firefox. On 17 January, Microsoft reported that 0-day attacks exploiting a vulnerability in Internet Explorer (IE) had been seen in the wild. JPCERT/CC confirmed attacks exploiting both vulnerabilities at once and issued a security alert.. This article explains the details of these attacks.

Interpol: Ransomware attacks on hospitals are increasing

www.bleepingcomputer.com/news/security/interpol-ransomware-attacks-on-hospitals-are-increasing/ According to security analysts from Chinese firm Qihoo 360, attacks began in March on a Chinese VPN provider called SangFor, used by a number of Chinese governmental agencies. At least 200 VPN servers connecting to multiple endpoints were compromised as of the first week of April, they added.. Following this trend, INTERPOLs Cybercrime Threat Response team at its Cyber Fusion Centre said over the weekend that it “has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill Intelligence for Vulnerability Management, Part One

www.fireeye.com/blog/threat-research/2020/04/zero-day-exploitation-demonstrates-access-to-money-not-skill.html FireEye Mandiant Threat Intelligence documented more zero-days exploited in 2019 than any of the previous three years. While not every instance of zero-day exploitation can be attributed to a tracked group, we noted that a wider range of tracked actors appear to have gained access to these capabilities. . Furthermore, we noted a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber capabilities, as well as an increase in zero-days used against targets in the Middle East, and/or by groups with suspected ties to this region.. Going forward, we are likely to see a greater variety of actors using zero-days, especially as private vendors continue feeding the demand for offensive cyber weapons.. Also


Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

threatpost.com/beyond-zoom-safe-slack-collaboration-apps/154446/ As the coronavirus pandemic continues to worsen, remote-collaboration platforms now fixtures in many workers new normal are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention.

Malware found in BB server, again

thefinancialexpress.com.bd/trade/malware-found-in-bb-server-again-1585541440 “the internet protocol used by the network of Bangladesh Bank is sending and receiving info to suspicious internet protocol infected with malware and botnet,” BCC director Tarique M Barkatullah wrote in a recent letter to the central bank.

Cyber criminals are trying a new trick to cash in on Zoom’s popularity

www.zdnet.com/article/cyber-criminals-are-trying-a-new-trick-to-cash-in-on-zooms-popularity/#ftag=RSSbaffb68 Now researchers at Trend Micro have uncovered cyber criminals looking to exploit Zoom by bundling cryptocurrency mining malware inside a legitimate installer for the video conferencing software.

Password Protected Malicious Excel Files

isc.sans.edu/diary/rss/25990 A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm).

Coronavirus-related cyberattacks surge in Brazil

www.zdnet.com/article/coronavirus-related-cyberattacks-surge-in-brazil/#ftag=RSSbaffb68 During the months of February and March, the cybersecurity company detected an increase of 124% in this type of scam. According to the study, this growth in cyberattacks is directly related to a surge in malicious messages sent through WhatsApp taking advantage of the Covid-19 situation.

Analyzing & Decrypting L4NC34s Simple Ransomware

blog.sucuri.net/2020/04/analyzing-decrypting-l4nc34s-simple-ransomware.html Were constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the affected website is the webmasters only source of income or a business relies entirely on its website and online presence.. We recently came across a case where all of the website files were seemingly encrypted and had their file names changed to append a .crypt.

Enabling security research & hunting with open source IoT attack data

techcommunity.microsoft.com/t5/azure-sentinel/enabling-security-research-amp-hunting-with-open-source-iot/ba-p/1279037# When researching and developing detection techniques, sourcing attack data: to train machine learning models and for use as test data, can be a challenge. To help drive pro-defence research and innovation in this area, Microsoft is releasing data from attacks against our IoT honeypot sensor network from a four-month period in 2019. We are releasing this under the in the hope that this enabled

NASA sees an exponential jump in malware attacks as personnel work from home

arstechnica.com/information-technology/2020/04/nasa-sees-an-exponential-jump-in-malware-attacks-as-personnel-work-from-home/ NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agencys Office of the Chief Information Officer said on Monday.

You might be interested in …

Daily NCSC-FI news followup 2020-02-08

Dangerous Domain Corp.com Goes Up for Sale krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in […]

Read More

Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of […]

Read More

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.