Daily NCSC-FI news followup 2020-05-05

How Many Engineers Does It Take to Digitally Secure a Solar Panel?

www.nist.gov/blogs/cybersecurity-insights/how-many-engineers-does-it-take-digitally-secure-solar-panel The headline for this blog post is not a trick question or the beginning of a bad joke. I asked this question maybe a bit facetiously when I met the National Cybersecurity Center of Excellence (NCCoE) energy sector team in late 2018. The NCCoE had just purchased a solar panel to install in the lab. I genuinely wanted to know: what vulnerabilities exist when solar panels connect to the distribution grid, and how can we mitigate them?

New Kaiji malware targets IoT devices via SSH brute-force attacks

www.zdnet.com/article/new-kaiji-malware-targets-iot-devices-via-ssh-brute-force-attacks/#ftag=RSSbaffb68 Security researchers say they’ve discovered yet another strain of malware that was specifically built to infect Linux-based servers and smart Internet of Things (IoT) devices, and then abuse these systems to launch DDoS attacks. Named Kaiji, this new malware was spotted last week by a security researcher named MalwareMustDie and the team at Intezer Labs. also:

intezer.com/blog/research/kaiji-chinese-iot-malware-turning-to-golang/

New VCrypt Ransomware locks files in password-protected 7ZIPs

www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-files-in-password-protected-7zips/ A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.

GoDaddy reports data breach involving SSH access on hosting accounts

www.zdnet.com/article/godaddy-reports-data-breach-involving-ssh-access-on-hosting-accounts/#ftag=RSSbaffb68 GoDaddy on Tuesday reported an October data breach to Californian authorities, stating that an unauthorised individual was able to access SSH accounts used in its hosting environment. “The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”

US financial industry regulator warns of widespread phishing campaign

www.zdnet.com/article/us-financial-industry-regulator-warns-of-widespread-phishing-campaign/#ftag=RSSbaffb68 FINRA warns of phishing campaign aimed at stealing members’ Microsoft Office or SharePoint passwords.

Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

threatpost.com/airplane-hack-exposes-weaknesses-of-alert-and-avoidance-systems/155451/ The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft. “We have shown that careful placing of fake aircraft through rogue transponder broadcasts can cause an aircraft under autopilot control to climb or descend towards legitimate traffic, ” wrote Pen Test Partners’ Ken Munro in a blog post outlining his research. also:

www.pentestpartners.com/security-blog/jeopardising-aircraft-through-tcas-spoofing/

Lessons learned from the Microsoft SOCPart 3c: A day in the life part 2

www.microsoft.com/security/blog/2020/05/04/lessons-learned-microsoft-soc-part-3c/ This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center (SOC) protecting Microsoft and our Detection and Response Team (DART) helping our customers with their incidents.

Mitigating vulnerabilities in endpoint network stacks

www.microsoft.com/security/blog/2020/05/04/mitigating-vulnerabilities-endpoint-network-stacks/ One aspect of our proactive security work is finding vulnerabilities and fixing them before they can be exploited. Innovations we’ve made in our fuzzing technology have made it possible to get deeper coverage than ever before, resulting in the discovery of new bugs, faster. One such vulnerability is the remote code vulnerability (RCE) in Microsoft Server Message Block version 3 (SMBv3) tracked as CVE-2020-0796 and fixed on March 12, 2020. In the following sections, we will share the tools and techniques we used to fuzz SMB, the root cause of the RCE vulnerability, and relevant mitigations to exploitation.

Changes in REvil ransomware version 2.2

blog.intel471.com/2020/05/04/changes-in-revil-ransomware-version-2-2/ The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in detail in an earlier blog post

Sddeutsche Zeitung: Saksa antoi pidätysmääräyksen venäläishakkerista, jonka epäillään murtautuneen valtiopäivien tietojärjestelmään

yle.fi/uutiset/3-11335433 Saksan liittovaltion syyttäjät ovat antaneet kansainvälisen pidätysmääräyksen miehestä, jonka he epäilevät murtautuneen Saksan valtiopäivien tietojärjestelmään viisi vuotta sitten. Syyttäjät epäilevät venäläisen Dmitri Badinin tehneen tietomurron Venäjän sotilastiedustelun lukuun osana Fancy Bear -hakkeriryhmää, raportoi saksalaislehti Sddeutsche Zeitung selvityksensä perusteella(siirryt toiseen palveluun). also:

www.sueddeutsche.de/politik/hack-bundestag-angriff-russland-1.4891668. also:

www.bellingcat.com/news/2020/05/05/who-is-dmitry-badin-the-gru-hacker-indicted-by-germany-over-the-bundestag-hacks/

Expert released PoC exploit for CVE-2020-1967 DoS flaw in OpenSSL

securityaffairs.co/wordpress/102763/hacking/cve-2020-1967-dos-openssl-exploit.html Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. News of the day is that the security researcher Imre Rad has published a PoC exploit code for the CVE-2020-1967, he also provided technical details on the way on how to exploit it.

APT Groups Target Healthcare and Essential Services – Alert (AA20-126A)

www.us-cert.gov/ncas/alerts/AA20126A CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. This joint alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses. It describes some of the methods these actors are using to target organizations and provides mitigation advice.

Europol arrests hackers behind Infinity Black hacker group

www.zdnet.com/article/europol-arrests-hackers-behind-infinity-black-hacker-group/ Europol announced today the arrest of five Polish hackers who were part of the Infinity Black hacking group. The group formed in late 2018 and was primarily known for operating the Infinity[.]black website, where they sold access to “collections” of user credentials. also:

www.europol.europa.eu/newsroom/news/hacker-group-selling-databases-millions-of-user-credentials-busted-in-poland-and-switzerland

Toll Group hit by ransomware a second time, deliveries affected

www.bleepingcomputer.com/news/security/toll-group-hit-by-ransomware-a-second-time-deliveries-affected/ The Toll Group has suffered its second ransomware cyberattack in three months, with the latest one conducted by the operators of the Nefilim Ransomware. Toll Group is Asia Pacific’s leading provider of trans portion and logistics services, employing roughly 44, 000 people at 1, 200 locations in more than 50 countries. also:

www.tollgroup.com/toll-it-systems-updates

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

thehackernews.com/2020/05/citrix-sharefile-vulnerability.html Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The newly identified security issues (CTX-CVE-2020-7473) specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.

Google Android RCE Bug Allows Attacker Full Device Access

threatpost.com/google-android-rce-bug-full-device-access/155460/ The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.

Azure Sphere Security Research Challenge Now Open

msrc-blog.microsoft.com/2020/05/05/azure-sphere-security-research-challenge/ This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud. This new research challenge is a three-month, application-only security research challenge offering special bounty awards and providing additional research resources to program participants.

Malicious Use of AI Poses a Real Cybersecurity Threat

www.darkreading.com/vulnerabilities—threats/malicious-use-of-ai-poses-a-real-cybersecurity-threat/a/d-id/1337690 We should prepare for a future in which artificially intelligent cyberattacks become more common. also:

www.foi.se/report-summary?reportNo=FOI-R–4947–SE

Designing Firmware Resilience for 3 Top Attack Vectors

www.darkreading.com/attacks-breaches/designing-firmware-resilience-for-3-top-attack-vectors/a/d-id/1337682 Let’s take a look at the three major attack vectors and how to build more resilient firmware against each

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.