Daily NCSC-FI news followup 2020-05-12

Coronavirus cyber-attacks update: beware of the phish

blog.checkpoint.com/2020/05/12/coronavirus-cyber-attacks-update-beware-of-the-phish/ While we all try to get used to the Covid-19 pandemics new normal in our work and home lives, this year has been a time of unprecedented opportunity for cyber-criminals. The global response to the pandemic, and our desire for the latest information about it, has supercharged criminals and hackers business-as-usual models of phishing emails and fake websites.

Ransomware: Collateral damage

www.kaspersky.com/blog/ransomware-collateral-damage/35330/ You might think a ransomware-infected ATM, a timetable showing an extortionists message at the airport, or a slot machine demanding a ransom in bitcoins would be the stuff of urban legend. Nevertheless, people observed all those things during the WannaCry ransomware epidemic three years ago. Therefore, today, Anti-Ransomware Day, seems like an opportune time to reminisce about those peculiar cases.

Hospitals targeted in ransomware attacks

www.pandasecurity.com/mediacenter/news/hospitals-targeted-ransomware/ Over the last few months, hospitals around the world have had to deal with some of their most difficult moments. The current Covid-19 pandemic has pushed this critical infrastructure to its limits. It is so important that they function properly right now that some cybercriminal groups have even pledged not to attack hospitals during the pandemic. Others, however, have not been so supportive.

How to Prioritize Microsofts Patch Tuesday Updates in Seconds

www.recordedfuture.com/microsoft-patch-tuesday-prioritization/ On the second Tuesday of every month, vulnerability management teams scramble to quickly identify all of the newly announced Microsoft vulnerabilities so they can patch the ones that are relevant to their organizations. However, a relatively small percentage of vulnerabilities released on Patch Tuesday are ever likely to be used to attack your business only 5.5%, according to estimates. For vulnerability management teams looking to issue patches quickly, the most important question to ask is, Where should I start?

Stick the Landing: 6 Steps to Broaden Your Cyber Resilience Web

securityintelligence.com/articles/stick-the-landing-6-steps-to-broaden-your-cyber-resilience-web/ Cyber resilience emerged as a response to the evolving need for information security. Organizations recognized that attacks were a question of when, not if, and adapted security strategy to include orchestrated response and recovery frameworks that could identify critical assets, protect key data, detect potential issues, respond to immediate threats and jump-start recovery to get businesses back on track.

Analyzing Dark Crystal RAT, a C# backdoor

www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities and communication protocol.

Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase Databases

thehackernews.com/2020/05/android-firebase-database-security.html More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

blog.talosintelligence.com/2020/05/vulnerability-spotlight-remote-code.html Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws specifically exist in the way the software handles the destruction of annotations from inside event handlers. An attacker could trigger these exploits by tricking a user into opening a malicious file or web page. The adversary could then use that to obtain the ability to execute arbitrary code on the victim machine.

Astaroths New Evasion Tactics Make It Painful to Analyze

threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/ The operators of the Astaroth infostealer have implemented several new tactics aimed at evading detection, which researchers say have made the malware painful to analyze.. Astaroth first emerged in 2017, but has steadily been used over the years in increasingly sophisticated campaigns aimed at exfiltrating sensitive data. In September, for instance, researchers with Cofense warned that the trojan was being spread via phishing emails, and was using normally trusted sources as a cover for malicious activities to evading usually effective network security layers.

Microsoft May 2020 Patch Tuesday

isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/ This month we got an average Patch Tuesday with patches for 111 vulnerabilities total. Sixteen of them are critical and, according to Microsoft, none of them was previously disclosed or are being exploited. Amongst critical vulnerabilities, there is a remote code execution (RCE) on Media Foundation caused by a memory corruption vulnerability (CVE-2020-1126). To exploit the vulnerability, an attacker has to convince the victim to open a specially crafted document or access a malicious webpage. It affects Windows 10, Windows Server 2016, and 2019.. Also:




Top 10 Routinely Exploited Vulnerabilities

www.us-cert.gov/ncas/alerts/aa20-133a The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors. This alert provides details on vulnerabilities routinely exploited by foreign cyber actorsprimarily Common Vulnerabilities and Exposures (CVEs)[1]to help organizations reduce the risk of these foreign threats.

IoT security: How these unusual attacks could undermine industrial systems

www.zdnet.com/article/iot-security-how-these-unusual-attacks-could-undermine-industrial-systems/ Hackers could target smart manufacturing and other industrial environments with new and unconventional cyber attacks designed to exploit vulnerabilities in ecosystems which are supporting the Industrial Internet of Things (IIoT) according to academics and security company researchers. Researchers at cybersecurity company Trend Micro and experts at the the Polytechnic University of Milan examined how hackers can exploit security flaws in IIoT equipment to break into networks as a gateway for deploying malware, conducting espionage or even conducting sabotage.

RevenueWire to pay $6.7 million to settle FTC charges

blog.malwarebytes.com/tech-support-scams/2020/05/revenuewire-to-pay-6-7-million-to-settle-ftc-charges/ What can you do as a scammer when no legitimate payment provider wants to process your payments anymore? Or, what if you are growing sick and tired of these same payment providers reimbursing disgruntled customers who claim that your products didnt fix computers, likeyou knowyou said they would?. Simple. You rely on some novel help. That is, until you get caught.

Tuhansissa Android-sovelluksissa karmea virhe: Nimet, osoitteet ja jopa henkilötunnukset vaarassa

www.is.fi/digitoday/tietoturva/art-2000006504944.html opa 24 000 Android-sovellusta virallisessa Google Play -latauskaupassa vaarantaa käyttäjien arkaluonteisia tietoja tahattomasti, Comparitech-verkkosivusto selvitti. Syynä on sovelluskehityksessä käytetyn Firebase-työkalun huolimaton käyttö, ja kehittäjien tulisi ensi tilassa tarkistaa asetuksensa.

US govt exposes new North Korean malware, phishing attacks

www.bleepingcomputer.com/news/security/us-govt-exposes-new-north-korean-malware-phishing-attacks/ The US government today released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA. The new malware is being used “for phishing and remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions” according to the information published by Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD).

Out-of-date, insecure open-source software is everywhere

www.zdnet.com/article/out-of-date-insecure-open-source-software-is-everywhere/ Open source rules. Everyone from Apple to Microsoft to Zoom uses it. Don’t believe me? Synopsys, a software and silicon design company, which also covers intellectual property, reported in its 2020 Open Source Security and Risk Analysis (OSSRA) report that nearly all (99%) of audited codebases contained at least one open-source component.

Anubis Malware Upgrade Logs When Victims Look at Their Screens

threatpost.com/anubis-malware-upgrade-victims-screens/155644/ The Anubis malware, which threat actors use to persistently attack Googles Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen.

Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK

www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/ Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products. Of the thirty-six vulnerabilities, sixteen are classified as ‘Critical’ as they allow code execution or the bypassing of security features.

Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic

www.darkreading.com/attacks-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic/d/d-id/1337794 Three years ago, the WannaCry ransomware worm quickly compromised hundreds of thousands of out-of-date, unpatched computers and servers, encrypting data on the systems and often shutting down operations at affected organizations.

Researcher finds 1,236 websites infected with credit card stealers

www.bleepingcomputer.com/news/security/researcher-finds-1-236-websites-infected-with-credit-card-stealers/ A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure webshops. MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit – British Airways, Ticketmaster, OXO, Newegg.

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet

www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/ At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.

You might be interested in …

Daily NCSC-FI news followup 2020-01-15

Hainan Xiandun Technology Company is APT40 intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40/ You knew where this was heading. Facebook to notify users of third-party app logins www.zdnet.com/article/facebook-to-notify-users-of-third-party-app-logins/ Facebook launched a new feature this week that will notify users whenever they (or somebody else) logs into a third-party app or website using their Facebook account. Have an iPhone? Use it to […]

Read More

Daily NCSC-FI news followup 2019-12-06

If there’s somethin’ stored in a secure enclave, who ya gonna call? Membuster! www.theregister.co.uk/2019/12/05/membuster_secure_enclave/ Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus. Read also: arxiv.org/pdf/1912.01701.pdf VCs find exciting […]

Read More

Daily NCSC-FI news followup 2021-05-31

NSA spied on European politicians through Danish telecommunications hub therecord.media/nsa-spied-on-european-politicians-through-danish-telecommunications-hub/ Denmark’s foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe’s biggest news agencies revealed on Sunday. The covert spying […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.