Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT

blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, Cisco Talos identified around 30 new C2 domains. We assess that PROMETHIUM activity corresponds to five peaks of activity when clustered by the creation date month and year.

Over 100k daily brute-force attacks on RDP in pandemic lockdown

www.bleepingcomputer.com/news/security/over-100k-daily-brute-force-attacks-on-rdp-in-pandemic-lockdown/ The number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows. With the increase of remote workers during the COVID-19 period, many users no longer relied on the infrastructure monitored by the company to access sensitive information on the network.

Roblox accounts being hacked in support of Trump reelection

www.bleepingcomputer.com/news/security/roblox-accounts-being-hacked-in-support-of-trump-reelection/ Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform.

TikTok, Shareit, UC Browser among 59 Chinese apps banned by India as border tensions simmer in Ladakh

www.indiatoday.in/india/story/centre-announces-ban-chinese-apps-privacy-issues-1695265-2020-06-29 As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.

Ransomware is now your biggest online security nightmare. And it’s about to get worse

www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/ Criminals understand our weaknesses and how to exploit them. That means ransomware isn’t going away.

Ransomware: Attacks that start with phishing emails are suddenly back in fashion again

www.zdnet.com/article/ransomware-attacks-that-start-with-phishing-emails-are-suddenly-back-in-fashion-again/ Email was once the mainmethod for delivering ransomware. Now familiar and new forms of ransomware are using it again. Ransomware attacks via email are on the rise again, with several new and familiar forms of ransomware recently being distributed with the aid of malicious payloads in phishing messages.

Beware “secure DNS” scam targeting website owners and bloggers

nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/ If you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners.

Palo Alto Networks patches critical vulnerability in firewall OS

www.bleepingcomputer.com/news/security/palo-alto-networks-patches-critical-vulnerability-in-firewall-os/ Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. Only affects devices where SAML authentication is enabled

Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores

threatpost.com/tuesdays-magento-1-eol-100k-online-stores/157000/ Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.

Unpatched Wi-Fi Extender Opens Home Networks to Remote Control

threatpost.com/unpatched-wi-fi-extender-remote-control/156990/ The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.

Post-Quantum TLS 1.3 and SSH Performance (preliminary results)

blogs.cisco.com/security/tls-ssh-performance-pq-kem-auth As brought up on multiple occasions, if a real-world quantum computer was ever built, it could jeopardize public key exchange, encryption, and digital signature schemes used in secure tunnel protocols today like (D)TLS, SSH, IKEv2/IPsec and more. To prepare for a post-quantum future, NIST has embarked on a journey of standardizing post-quantum algorithms, IETF has seen RFC draft submissions for using these algorithms and multiple vendors like Cisco, Microsoft, Cloudflare, Google, AWS have been looking at post-quantum key exchange or authentication in TLS.

How the founder of the Telegram messaging app stood up to the Kremlin and won

www.washingtonpost.com/world/europe/russia-telegram-kremlin-pavel-durov/2020/06/27/4928ddd4-b161-11ea-98b5-279a6479a1e4_story.html Two years ago, Pavel Durov refused to grant Russian security services access to users’ encrypted messages on his popular Telegram messaging app, then a favorite of Russian opposition groups. The reply from authorities was either submit or become wiped off the country’s digital map.

Huawei data flows under fire in German court case

www.politico.eu/article/huawei-germany-court-case-privacy/ A former manager sued the Chinese firm for breaching GDPR, opening a Pandora’s box on data flowing to China. A little-noticed case at the German court in Dsseldorf could spell trouble for Huawei’s global operations.

Apple strong-arms entire CA industry into one-year certificate lifespans

www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/ Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

You might be interested in …

Daily NCSC-FI news followup 2019-09-04

Satori IoT Botnet Operator Pleads Guilty krebsonsecurity.com/2019/09/satori-iot-botnet-operator-pleads-guilty/ A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the Satori botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms […]

Read More

Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US […]

Read More

Daily NCSC-FI news followup 2020-07-02

Connection discovered between Chinese hacker group APT15 and defense contractor www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/ Lookout said it linked APT15 malware to Xi’an Tianhe Defense Technology, a Chinese defense contractor. In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.