NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-24

New Training: on orchestration of CSIRT Tools The EU agency for Cybersecurity introduces new training materials to support Member States’ CSIRTs. ENISA puts great effort into supporting the development of EU Member States’ national incident response preparedness. To that purpose, ENISA updated its CSIRT training material aimed at improving the skills of CSIRT teams. The scope of this new training is to adapt to new technologies and best practices in a fast changing domain. Courses:

CTI League Inaugural Report (March 2020) The CTI-League, an all-volunteer non-profit group, issued its Inaugural Report on its efforts aggressively dismantling cyber criminal infrastructure and protecting healthcare organizations against cyber attacks. Report: Read also:

Nintendo confirms 160, 000 Nintendo Accounts accessed in hacking attempts Nintendo is disabling the ability to log into a Nintendo Account through a Nintendo Network ID (NNID), after 160, 000 accounts have been affected by hacking attempts. Nintendo says login IDs and passwords “obtained illegally by some means other than our service, ” have been used since the beginning of April to gain access to the accounts. Read also:

SeaChange video platform allegedly hit by Sodinokibi ransomware A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.

New GreyNoise free service alerts you when your devices get hacked Cyber-security firm GreyNoise Intelligence today announced the launch of GreyNoise Alerts, a new free service that will automatically notify you via email when any devices on your organization’s IP address range get hacked and start exhibiting potentially malicious behavior. Read also:

Apple says ‘no evidence’ iPhone mail flaw used against customers Apple Inc said on Thursday it has found “no evidence” a flaw in its email app for iPhones and iPads has been used against customers, and that it believes the flaw does “not pose an immediate risk to our users”. Read also: and As well as:

HUS hyödyntää Elisan rakentamaa ainutlaatuista älykästä tilannekuvaa ja liikkumisdataa koronaviruspandemian leviämisen ennustamisessa… HUS Helsingin yliopistollinen sairaala hyödyntää Elisan toteuttamaa älykästä tilannekuvaa sekä ihmisvirtojen liikkumisdataa koronavirustilanteen entistä syvällisemmän ymmärtämisen ja johtamisen tukena. Tilannekuvaratkaisun ja liikkumisdatan avulla koronaviruspandemian etenemisen ennustaminen on reaaliaikaista. Elisa luovuttaa HUSille anonyymiä ihmismassojen liikkumisdataa ja on myös kehittänyt tilannekuvan hahmottamiseen tarkoitetun työkalun HUSille. HUSin johdon käyttöön tarkoitettu tilannekuvaratkaisu hyödyntää tiedon keräämistä, yhdistämistä, analysointia, automatisointia ja visualisointia. Lue myös:

Näin toimisi paljon puhuttu koronasovellus kovin haaste on saada tarpeeksi käyttäjiä Koronaseurantasovellukset hyödyntäisivät bluetooth-tekniikkaa eikä käyttäjien sijainteja pystyttäisi jäljittämään.

Following ESET’s discovery, a Monero mining botnet is disrupted ESET researchers discover, and play a key role in the disruption of, a 35, 000-strong botnet spreading in Latin America via infected USB drives. ESET researchers recently discovered a previously undocumented botnet that we have named VictoryGate. It has been active since at least May 2019 and, since then, three different variants of the initial module have been identified, in addition to approximately 10 secondary payloads that are downloaded from file hosting websites. The initial module is detected by ESET security products as MSIL/VictoryGate. Report contains also Indicators of Compromise (IOCs). Read also: and

New iPhone text-bomb bug: Just receiving this Sindhi character notification crashes iPhones Turn off notifications for messaging and social-media apps until Apple has released a fix. Read also:

Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them I’ve been following the MITRE ATT&CK Framework for a while, and this week the results were released of the most recent evaluation using APT29 otherwise known as COZY BEAR. Read also: and

Threat Spotlight: MedusaLocker MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension used for encrypted files and the look and feel of the ransom note that is left on systems following the encryption process.

Cracking the Netatmo Smart Indoor Security Camera CVE-2019-17101 Command execution due to unsanitized input. Indoor video surveillance has become one of the most frequent applications for IoT devices. In public places, offices or private homes, video surveillance helps deter crime and detect accidents before they become uncontainable. Security cameras have become a necessity but, in the IoT world, any new gadget added to a network can turn into a liability.

Detect and prevent web shell malware Malicious web shells are a type of software uploaded to a compromised web server to enable remote access by an attacker. While web shells may be benign, their use by cyber adversaries is becoming more frequent due to the increasing use of web-facing services by organisations across the world. The Australian Signals Directorate and counterparts at the US National Security Agency (NSA) have for the first time jointly published new guidance on mitigating the threat of web shell malware. Read also: and

US universities targeted with malware used by state-backed actors Faculty and students at several U.S. colleges and universities were targeted in phishing attacks with a remote access Trojan (RAT) previously used by Chinese state-sponsored threat actors.

BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.

Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address Facebook fights to keep the lawsuit on track after NSO filed a motion to dismiss the case earlier this month. “In 720 instances of the attack, the remote server’s IP address was In 3 instances of the attack, the remote server’s IP address was, ” Gheorghe added.

A Dozen Nation-Backed APTs Tap COVID-19 to Cover Spy Attacks Iran’s Charming Kitten and other nation-state actors are using the coronavirus pandemic to their advantage, for espionage. Cybercriminals have seized on the novel coronavirus as a theme in their attacks, and it turns out that the most sophisticated players on that scene are no exception. According to Google’s Threat Analysis Group (TAG), more than a dozen nation-state-backed APTs are using the COVID-19 pandemic as a cover for their various cyberespionage and malware activities.

Update #3: Business continuity with Azure Read also:

Security alert: ‘Dramatic’ increase in cyber attacks says WHO, after passwords leaked online Five times as many attacks against the World Health Organisation as hackers look to exploit the coronavirus outbreak.

Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak Leaked source code for Counter-Strike: Global Offensive and Team Fortress 2 has led to widespread gamer worries about security and cheating.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.