Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions

www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat Groups are included.. Threat Profiles: www.secureworks.com/research/threat-profiles

Over recent years, cybercrime and hacking has become more common we hear of new events almost every day. There are various reasons for this surge in attacks, but one is that hacking is much easier than ever

www.pandasecurity.com/mediacenter/mobile-news/become-a-cybercriminal/ In the past, hacking computer systems required a high degree of expertise. Hackers would spend months and years testing computer systems and looking for ways to break through security. Few people had the time or resources to spend learning these skills, so there weren’t many hackers or attacks. The Internet changed everything when it became the world’s biggest library. Need to change a sparkplug in your car? Check out the tutorials on Youtube. Want to learn a new language? There’s an app for that. Who is the President of Paraguay? Look it up on Wikipedia.

Valkoisen talon mukaan Trump allekirjoittaa pian presidentin asetuksen sosiaalisen median yhtiöistä, mutta mikä on presidentin asetus?

yle.fi/uutiset/3-11372192 Trump on uhannut sosiaalisen median yrityksiä voimakkaalla sääntelyllä tai jopa sulkemisella. Lue myös: yle.fi/uutiset/3-11373991,

yle.fi/uutiset/3-11370820 ja


Remote work and the threat landscape

blogs.cisco.com/security/remote-work-threat-landscape Last month, after the dust had settled from the move from office to remote work, we took a look at ways you could improve your security posture. In it, we discussed how you can shore up older and personal devices now being used for work tasks, how to reduce your security footprint with company-sanctioned software, and ways to ensure that connections back into the company network are secure.

NSA: Russia’s Sandworm Hackers Have Hijacked Mail Servers

www.wired.com/story/nsa-sandworm-exim-mail-server-warning/ In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim. Read also:

www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/ and


New Octopus Scanner malware spreads via GitHub supply chain attack

www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/ Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).

Microsoft IIS servers hacked by Blue Mockingbird to mine Monero

www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/ This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

threatpost.com/ponyfinal-ransomware-enterprise-servers/156083/ Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely. Read also: https://twitter.com/MsftSecIntel/status/1265674287404343297

Three decades of cybersecurity vulnerabilities

www.pandasecurity.com/mediacenter/panda-security/three-decades-vulnerabilities/ Cybercrime trends are always changing. In the 30 years since Panda Security was founded, we’ve seen everything from computer viruses delivered from floppy disks, malicious attachments, Trojans and ransomware, to live hacking and fileless threats. In fact, paradoxically, evolution and change could be seen as the only constants in cybercrime. However, there is one other element that many of the most notorious cyberincindents of the last 30 years have had in common: vulnerabilities.

Hacking Team Founder: Hacking Team is Dead’

www.vice.com/en_us/article/n7wbnd/hacking-team-is-dead The company’s former CEO posted a bizarre obituary on LinkedIn saying the infamous surveillance firm is “definitely dead.”

You might be interested in …

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2019-11-24

CNAME Cloaking, the dangerous disguise of third-party trackers medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a What has started to happen in the last few months in the world of third-party tracking is having a major impact on peoples privacy, and it all stayed pretty much under the radar. How to Avoid Black Friday Scams Online www.wired.com/story/how-to-avoid-black-friday-scams-online/ Black Friday attracts crowds, and […]

Read More

Daily NCSC-FI news followup 2021-09-09

GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI www.bleepingcomputer.com/news/security/github-finds-7-code-execution-vulnerabilities-in-tar-and-npm-cli/ GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI. Zoho patches actively exploited critical ADSelfService Plus bug www.bleepingcomputer.com/news/security/zoho-patches-actively-exploited-critical-adselfservice-plus-bug/ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.