Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions

www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included.. Threat Profiles: www.secureworks.com/research/threat-profiles

Over recent years, cybercrime and hacking has become more common we hear of new events almost every day. There are various reasons for this surge in attacks, but one is that hacking is much easier than ever

www.pandasecurity.com/mediacenter/mobile-news/become-a-cybercriminal/ In the past, hacking computer systems required a high degree of expertise. Hackers would spend months and years testing computer systems and looking for ways to break through security. Few people had the time or resources to spend learning these skills, so there weren’t many hackers or attacks. The Internet changed everything when it became the world’s biggest library. Need to change a sparkplug in your car? Check out the tutorials on Youtube. Want to learn a new language? There’s an app for that. Who is the President of Paraguay? Look it up on Wikipedia.

Valkoisen talon mukaan Trump allekirjoittaa pian presidentin asetuksen sosiaalisen median yhtiöistä, mutta mikä on presidentin asetus?

yle.fi/uutiset/3-11372192 Trump on uhannut sosiaalisen median yrityksiä voimakkaalla sääntelyllä tai jopa sulkemisella. Lue myös: yle.fi/uutiset/3-11373991,

yle.fi/uutiset/3-11370820 ja


Remote work and the threat landscape

blogs.cisco.com/security/remote-work-threat-landscape Last month, after the dust had settled from the move from office to remote work, we took a look at ways you could improve your security posture. In it, we discussed how you can shore up older and personal devices now being used for work tasks, how to reduce your security footprint with company-sanctioned software, and ways to ensure that connections back into the company network are secure.

NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

www.wired.com/story/nsa-sandworm-exim-mail-server-warning/ In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim. Read also:

www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/ and


New Octopus Scanner malware spreads via GitHub supply chain attack

www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/ Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

Microsoft IIS servers hacked by Blue Mockingbird to mine Monero

www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/ This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/ Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely. Read also: https://twitter.com/MsftSecIntel/status/1265674287404343297

Three decades of cybersecurity vulnerabilities

www.pandasecurity.com/mediacenter/panda-security/three-decades-vulnerabilities/ Cybercrime trends are always changing. In the 30 years since Panda Security was founded, we’ve seen everything from computer viruses delivered from floppy disks, malicious attachments, Trojans and ransomware, to live hacking and fileless threats. In fact, paradoxically, evolution and change could be seen as the only constants in cybercrime. However, there is one other element that many of the most notorious cyberincindents of the last 30 years have had in common: vulnerabilities.

Hacking Team Founder: Hacking Team is Dead’

www.vice.com/en_us/article/n7wbnd/hacking-team-is-dead The company’s former CEO posted a bizarre obituary on LinkedIn saying the infamous surveillance firm is “definitely dead.”

You might be interested in …

Daily NCSC-FI news followup 2019-11-15

Clampdown on US border device searches not such a big deal www.zdnet.com/article/clampdown-on-us-border-device-searches-not-such-a-big-deal/#ftag=RSSbaffb68 Alasaad v. Mcaleenan acknowledges the intrusiveness of digital searches, but it’s only about “contraband” and falls short of requiring a warrant. It’s time for SCOTUS and Congress to dig deeper, say experts. New Emotet Report Details Threats From One of the Worlds Most […]

Read More

Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers. French CERT (ANSSI) releases Active Directory Security Assessment Checklist www.cert.ssi.gouv.fr/uploads/guide-ad.html U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III […]

Read More

Daily NCSC-FI news followup 2020-10-17

Google warned users of 33,000 state-sponsored attacks in 2020 www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/ Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. Political campaign emails contain dark patterns to manipulate donors, voters www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/ Princeton researchers analyzed 100,000 different campaign emails from more […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.