Daily NCSC-FI news followup 2020-06-13

Fraudster gets maximum jail time for news site DDoS extortion

www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/ Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500, 000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites.

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

threatpost.com/microsoft-joins-ban-on-sale-of-facial-recognition-tech-to-police/156521/ Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments and pushing for federal laws to regulate the technology.

15 Individuals Plead Guilty to Multimillion-Dollar Online Auction Fraud Scheme

www.darkreading.com/attacks-breaches/15-individuals-plead-guilty-to-multimillion-dollar-online-auction-fraud-scheme/d/d-id/1338082 Fifteen Romanian nationals have pleaded guilty to a variety of charges tied to their participation in a multimillion-dollar online auction fraud scheme targeting Internet users in the US. A Department of Justice (DoJ) statement announcing the pleas described the defendants as participating in a scam where they posted false advertisements, typically for vehicles and other high-priced goods, on popular sites such as eBay and Craigslist.

Lamphone attack lets threat actors recover conversations from your light bulb

www.zdnet.com/article/lamphone-attack-lets-threat-actors-recover-conversations-from-your-light-bulb/ Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away. The technique, which they named Lamphone, revolves around the principle that objects vibrate when soundwave hits their surface. When this happens in a light bulb, academics say the vibrations also create small flickers in light emissions. They say that by using powerful sensors, they can record the light variations and reverse-engineer the sound waves that hit the light bulb’s surface.

Black Kingdom ransomware hacks networks with Pulse VPN flaws

www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.

City of Florence to Pay $300, 000 Ransom after ransomware attack

securityaffairs.co/wordpress/104666/breaking-news/city-of-florence-ransomware.html Florence City in Alabama will pay a $300, 000 ransom worth of Bitcoins after its computer system was infected with a ransomware. “It appears they may have been in our system since early May over a month going through our system, ” Mayor Steve Holt said.Mayor Holt confirmed that the City’s system was infected with the DoppelPaymer ransomware.

Mirai Botnet Activity

isc.sans.edu/forums/diary/Mirai+Botnet+Activity/26234/ This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down ( which appeared multiple times this week including today. . However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor which appear to be linked to XTC IRC Botnet, aka Hoaxcalls.

You might be interested in …

Daily NCSC-FI news followup 2019-09-14

Using Docker to Do Machine Learning at Scale www.crowdstrike.com/blog/using-docker-to-do-machine-learning-at-scale/ One key building block we use for scaling our machine learning models at CrowdStrike® is Docker containers. Docker containers let us construct application environments with all the dependencies, tools and security our teams need in an easy to maintain pipeline. This ensures that everyone on the […]

Read More

Daily NCSC-FI news followup 2021-02-03

Tavoitteena lisää yhteistyötä kyberturvallisuuteen www.maaseuduntulevaisuus.fi/mielipiteet/artikkeli-1.1306798 Erillisverkkojen toimitusjohtaja Timo Lehtimäki kirjoitti Maaseudun Tulevaisuudessa viranomaisyhteistyöstä ja sen tiivistämisestä kyberturvallisuuden saralla (MT 29.1.). Kirjoitus ei olisi voinut olla ajankohtaisempi ja oikeaan osuvampi. Vastaamon häikäilemättömän tietomurron seurauksena liikenne- ja viestintäministeriön johdolla selvitettiin pikatoimeksiannolla tietoturvan ja tietosuojan tilaa yhteiskunnan kriittisillä toimialoilla. Työryhmä jätti raporttinsa Tietoturvan ja tietosuojan parantaminen yhteiskunnan kriittisillä […]

Read More

Daily NCSC-FI news followup 2020-11-24

TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416. Historic campaigns by this actor have also been publicly attributed to Mustang Panda and RedDelta. This new activity appears to be a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.