Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions

www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included.. Threat Profiles: www.secureworks.com/research/threat-profiles

Over recent years, cybercrime and hacking has become more common we hear of new events almost every day. There are various reasons for this surge in attacks, but one is that hacking is much easier than ever

www.pandasecurity.com/mediacenter/mobile-news/become-a-cybercriminal/ In the past, hacking computer systems required a high degree of expertise. Hackers would spend months and years testing computer systems and looking for ways to break through security. Few people had the time or resources to spend learning these skills, so there weren’t many hackers or attacks. The Internet changed everything when it became the world’s biggest library. Need to change a sparkplug in your car? Check out the tutorials on Youtube. Want to learn a new language? There’s an app for that. Who is the President of Paraguay? Look it up on Wikipedia.

Valkoisen talon mukaan Trump allekirjoittaa pian presidentin asetuksen sosiaalisen median yhtiöistä, mutta mikä on presidentin asetus?

yle.fi/uutiset/3-11372192 Trump on uhannut sosiaalisen median yrityksiä voimakkaalla sääntelyllä tai jopa sulkemisella. Lue myös: yle.fi/uutiset/3-11373991,

yle.fi/uutiset/3-11370820 ja


Remote work and the threat landscape

blogs.cisco.com/security/remote-work-threat-landscape Last month, after the dust had settled from the move from office to remote work, we took a look at ways you could improve your security posture. In it, we discussed how you can shore up older and personal devices now being used for work tasks, how to reduce your security footprint with company-sanctioned software, and ways to ensure that connections back into the company network are secure.

NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

www.wired.com/story/nsa-sandworm-exim-mail-server-warning/ In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim. Read also:

www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/ and


New Octopus Scanner malware spreads via GitHub supply chain attack

www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/ Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

Microsoft IIS servers hacked by Blue Mockingbird to mine Monero

www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/ This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/ Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely. Read also: https://twitter.com/MsftSecIntel/status/1265674287404343297

Three decades of cybersecurity vulnerabilities

www.pandasecurity.com/mediacenter/panda-security/three-decades-vulnerabilities/ Cybercrime trends are always changing. In the 30 years since Panda Security was founded, we’ve seen everything from computer viruses delivered from floppy disks, malicious attachments, Trojans and ransomware, to live hacking and fileless threats. In fact, paradoxically, evolution and change could be seen as the only constants in cybercrime. However, there is one other element that many of the most notorious cyberincindents of the last 30 years have had in common: vulnerabilities.

Hacking Team Founder: Hacking Team is Dead’

www.vice.com/en_us/article/n7wbnd/hacking-team-is-dead The company’s former CEO posted a bizarre obituary on LinkedIn saying the infamous surveillance firm is “definitely dead.”

You might be interested in …

Daily NCSC-FI news followup 2019-08-02

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Between July 19 and July 25, 2019, several spear phishing emails were identifiedtargeting three US companies in the utilities sector. . The phishing messages were found to contain a Microsoft Word document attachment that uses VBA macros to installLookBack […]

Read More

Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we […]

Read More

Daily NCSC-FI news followup 2020-03-11

Warning Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. Beware of ‘Coronavirus Maps’ It’s a malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.