Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.. Also:


A hacker group is selling more than 73 million user records on the dark web

www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/ A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products. The hackers are the same group who breached last week Tokopedia, Indonesia’s largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company’s entire database of 91 million user records on sale for $5,000.. Also:


Rail vehicle manufacturer Stadler hit by cyberattack, blackmailed

www.bleepingcomputer.com/news/security/rail-vehicle-manufacturer-stadler-hit-by-cyberattack-blackmailed/ International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. Stadler manufactures a wide range of railway vehicles from high-speed trains to tramways and trams, and it is the worlds leading service provider in the rack-and-pinion rail vehicle industry.

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

www.theregister.co.uk/2020/05/08/samsung_android_patches/ Samsung has patched a serious security hole in its smartphones that can be exploited by maliciously crafted text messages to hijack devices. It appears no user interaction is required: if Samsung’s messaging app bundled with phones since 2015 receives a booby-trapped MMS, it will parse it automatically before the user even opens it. This will trigger a vulnerability in the Skia graphics library, used by the app to decode the message’s embedded Qmage image.

North Korean hackers infect real 2FA app to compromise Macs

www.bleepingcomputer.com/news/security/north-korean-hackers-infect-real-2fa-app-to-compromise-macs/ Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT variant for macOS borrows from them much of the functionality and code.

Companies Struggle for Effective Cybersecurity

www.darkreading.com/operations/companies-struggle-for-effective-cybersecurity/d/d-id/1337779?_mc The money companies are spending on cybersecurity tools doesn’t necessarily result in better security, a new survey shows. Organizations of all sizes are under near-constant attack from cybercriminals that we know. And of course they must defend themselves against attacks. But there are some huge questions about just how effective their ability to do so is. A new report by Mandiant Security Validation aims to address those questions.

Scams to watch out for not just this Mothers Day

www.welivesecurity.com/2020/05/08/scams-watch-out-mothers-day/ As it is with every special occasion, large or small, in the run-up to Mothers Day retailers are promoting special offers to honor all mothers around the world. That provides ample opportunity for cybercriminals to pull out all the stops in their mission to make money off of everything. even a kind occasion like this. Scammers wont just be focusing on masquerading as vendors; they will probably stoop as low as possible and try to woo single mothers in search of romance and swindle them out of their money.

Hackers Target WHO by Posing as Think Tank, Broadcaster

www.bloomberg.com/news/articles/2020-05-07/hackers-target-who-by-posing-as-think-tank-broadcaster The messages began arriving in World Health Organization employees inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers. But a close examination revealed that they contained malicious links, and some security experts have traced the emails to a hacking group in Iran believed to be sponsored by the government.

You might be interested in …

Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials. SolarWinds hack analysis reveals 56% boost […]

Read More

Daily NCSC-FI news followup 2021-07-18

Japan Has Shattered the Internet Speed Record at 319 Terabits per Second interestingengineering.com/japan-shattered-internet-speed-record-319-terabits The new record was made on a line of fibers more than 3, 000 km long. It’s nearly double the previous record of 178 Tb/s, which was set in 2020. And it’s seven times the speed of the earlier record of 44.2 […]

Read More

Daily NCSC-FI news followup 2021-09-27

AWS EC2 North Virginia outage makes the net blippy www.zdnet.com/article/aws-ec2-north-virginia-outage-makes-the-net-blippy/ Signal falls over while Xero and Nest got a bit iffy when the main AWS EC2 region had degraded performance. FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/ NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.