Daily NCSC-FI news followup 2020-06-09

CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans

www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/ A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks.

US energy providers hit with new malware in targeted attacks

www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/ U.S. energy providers were targeted by spear-phishing campaigns delivering a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets

thehackernews.com/2020/06/magecart-skimmer-amazon.html Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns.

IoT Security Is a Mess. Privacy ‘Nutrition’ Labels Could Help

www.wired.com/story/iot-security-privacy-labels/ Just like foods that display health information the package, researchers are exploring a tool that details how connected devices manage data.. At the IEEE Symposium on Security & Privacy last month, researchers from Carnegie Mellon University presented a prototype security and privacy label they created based on interviews and surveys of people who own IoT devices as well as privacy and security experts.

Singapores Contact Tracing Wearable Causes Privacy Backlash

threatpost.com/singapore-contact-tracing-wearable-privacy/156397/ Thousands have signed a petition that underscores data privacy issues with Singapores newly announced contact-tracing wearable, in development.

Securing the new normal protecting the post Covid-19 world

blog.checkpoint.com/2020/06/09/securing-the-new-normal-protecting-the-post-covid-19-world/ Its only 20 weeks since the first lockdown measures were implemented in Wuhan, in January 2020, but since then the emergence of the Covid-19 pandemic has reshaped our entire working culture. The changes were global, rapid and widespread, compressing several years worth of IT changes into just a few weeks

Maze Ransomware adds Ragnar Locker to its extortion cartel

www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/ A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

New Avaddon Ransomware launches in massive smiley spam campaign

www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/ With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.

Spotlight on incident reporting of telecom security and trust services

www.enisa.europa.eu/news/enisa-news/spotlight-on-incident-reporting-of-telecom-security-and-trust-services The European Agency for Cybersecurity releases today a new visual tool to increase transparency about cybersecurity incidents.

Play stupid games, win stupid prizes: UK man gets 3 years for torching 4G phone mast over 5G fears

www.theregister.com/2020/06/09/arsonist_sentencing/ A Merseyside man has been sentenced to three years in jail by a beak in Liverpool Crown Court after torching a Vodafone-owned phone mast.

Looking at Big Threats Using Code Similarity. Part 1

securelist.com/big-threats-using-code-similarity-part-1/97239/ Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. You can read more about KTAE in our official press release, or go directly to its info page on the Kaspersky Enterprise site.

Data breach leads to the theft of $10M from a Norwegian investment fund

www.pandasecurity.com/mediacenter/business/data-breach-theft-norfund/ On May 13, Norways sovereign wealth fund, Norfund, announced that it had lost $10 million in an advanced data breach. In a statement, the fund said that it was closely collaborating with the police and other relevant authorities after a series of events allowed cybercriminals to steal $10 million from the organization.

Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years

threatpost.com/dark-basin-hack-hire-group/156407/ Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.

Valak malware gets new plugin to steal Outlook login credentials

www.bleepingcomputer.com/news/security/valak-malware-gets-new-plugin-to-steal-outlook-login-credentials/ Authors of Valak information stealer are focusing more and more on stealing email credentials as researchers find a new module specifically built for this purpose.. Access to user inboxes enables threat actors to run so-called reply chain attacks, where they sneak a malicious message into an email thread to deliver malware.

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

krebsonsecurity.com/2020/06/florence-ala-hit-by-ransomware-12-days-after-being-alerted-by-krebsonsecurity/ In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin.

Ethernet Vulnerabilities in Safety Instrumented Systems (SIS): A Key Difference

www.dragos.com/blog/industry-news/ethernet-vulnerabilities-in-safety-instrumented-systems-sis-a-key-difference/ Dragos reported issues to Schneider Electric concerning security defects in the Triconex Safety Instrumented System (SIS) network communication module. These modules, sold under the name Tricon Communication Module (TCM), are used to connect the SIS to Ethernet networks. The defects can be used to deny service to the SIS or to pre-stage future logic attacks.

Windows 10 Cumulative Updates KB4557957 & KB4560960 Released

www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4557957-and-kb4560960-released/ The June 2020 Patch Tuesday updates are now rolling out and you can download and install the latest security fixes on supported versions of Windows 10.. see also

www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.