Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions

www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included.. Threat Profiles: www.secureworks.com/research/threat-profiles

Over recent years, cybercrime and hacking has become more common we hear of new events almost every day. There are various reasons for this surge in attacks, but one is that hacking is much easier than ever

www.pandasecurity.com/mediacenter/mobile-news/become-a-cybercriminal/ In the past, hacking computer systems required a high degree of expertise. Hackers would spend months and years testing computer systems and looking for ways to break through security. Few people had the time or resources to spend learning these skills, so there weren’t many hackers or attacks. The Internet changed everything when it became the world’s biggest library. Need to change a sparkplug in your car? Check out the tutorials on Youtube. Want to learn a new language? There’s an app for that. Who is the President of Paraguay? Look it up on Wikipedia.

Valkoisen talon mukaan Trump allekirjoittaa pian presidentin asetuksen sosiaalisen median yhtiöistä, mutta mikä on presidentin asetus?

yle.fi/uutiset/3-11372192 Trump on uhannut sosiaalisen median yrityksiä voimakkaalla sääntelyllä tai jopa sulkemisella. Lue myös: yle.fi/uutiset/3-11373991,

yle.fi/uutiset/3-11370820 ja


Remote work and the threat landscape

blogs.cisco.com/security/remote-work-threat-landscape Last month, after the dust had settled from the move from office to remote work, we took a look at ways you could improve your security posture. In it, we discussed how you can shore up older and personal devices now being used for work tasks, how to reduce your security footprint with company-sanctioned software, and ways to ensure that connections back into the company network are secure.

NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

www.wired.com/story/nsa-sandworm-exim-mail-server-warning/ In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim. Read also:

www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/ and


New Octopus Scanner malware spreads via GitHub supply chain attack

www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/ Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

Microsoft IIS servers hacked by Blue Mockingbird to mine Monero

www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/ This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/ Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely. Read also: https://twitter.com/MsftSecIntel/status/1265674287404343297

Three decades of cybersecurity vulnerabilities

www.pandasecurity.com/mediacenter/panda-security/three-decades-vulnerabilities/ Cybercrime trends are always changing. In the 30 years since Panda Security was founded, we’ve seen everything from computer viruses delivered from floppy disks, malicious attachments, Trojans and ransomware, to live hacking and fileless threats. In fact, paradoxically, evolution and change could be seen as the only constants in cybercrime. However, there is one other element that many of the most notorious cyberincindents of the last 30 years have had in common: vulnerabilities.

Hacking Team Founder: Hacking Team is Dead’

www.vice.com/en_us/article/n7wbnd/hacking-team-is-dead The company’s former CEO posted a bizarre obituary on LinkedIn saying the infamous surveillance firm is “definitely dead.”

You might be interested in …

Daily NCSC-FI news followup 2019-12-08

Clever Microsoft Phishing Scam Creates a Local Login Form www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/ A clever phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. A typical credential-stealing phishing scam consists of an email where the attacker tries to convince […]

Read More

Daily NCSC-FI news followup 2021-04-19

Lazarus APT conceals malicious code within BMP image to drop its RAT blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/ Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns […]

Read More

Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. Leaky Gekko Group database exposes info on hotel brands, travelers www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.