Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT

blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, Cisco Talos identified around 30 new C2 domains. We assess that PROMETHIUM activity corresponds to five peaks of activity when clustered by the creation date month and year.

Over 100k daily brute-force attacks on RDP in pandemic lockdown

www.bleepingcomputer.com/news/security/over-100k-daily-brute-force-attacks-on-rdp-in-pandemic-lockdown/ The number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows. With the increase of remote workers during the COVID-19 period, many users no longer relied on the infrastructure monitored by the company to access sensitive information on the network.

Roblox accounts being hacked in support of Trump reelection

www.bleepingcomputer.com/news/security/roblox-accounts-being-hacked-in-support-of-trump-reelection/ Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform.

TikTok, Shareit, UC Browser among 59 Chinese apps banned by India as border tensions simmer in Ladakh

www.indiatoday.in/india/story/centre-announces-ban-chinese-apps-privacy-issues-1695265-2020-06-29 As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.

Ransomware is now your biggest online security nightmare. And it’s about to get worse

www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/ Criminals understand our weaknesses and how to exploit them. That means ransomware isn’t going away.

Ransomware: Attacks that start with phishing emails are suddenly back in fashion again

www.zdnet.com/article/ransomware-attacks-that-start-with-phishing-emails-are-suddenly-back-in-fashion-again/ Email was once the mainmethod for delivering ransomware. Now familiar and new forms of ransomware are using it again. Ransomware attacks via email are on the rise again, with several new and familiar forms of ransomware recently being distributed with the aid of malicious payloads in phishing messages.

Beware “secure DNS” scam targeting website owners and bloggers

nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/ If you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners.

Palo Alto Networks patches critical vulnerability in firewall OS

www.bleepingcomputer.com/news/security/palo-alto-networks-patches-critical-vulnerability-in-firewall-os/ Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. Only affects devices where SAML authentication is enabled

Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores

threatpost.com/tuesdays-magento-1-eol-100k-online-stores/157000/ Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.

Unpatched Wi-Fi Extender Opens Home Networks to Remote Control

threatpost.com/unpatched-wi-fi-extender-remote-control/156990/ The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.

Post-Quantum TLS 1.3 and SSH Performance (preliminary results)

blogs.cisco.com/security/tls-ssh-performance-pq-kem-auth As brought up on multiple occasions, if a real-world quantum computer was ever built, it could jeopardize public key exchange, encryption, and digital signature schemes used in secure tunnel protocols today like (D)TLS, SSH, IKEv2/IPsec and more. To prepare for a post-quantum future, NIST has embarked on a journey of standardizing post-quantum algorithms, IETF has seen RFC draft submissions for using these algorithms and multiple vendors like Cisco, Microsoft, Cloudflare, Google, AWS have been looking at post-quantum key exchange or authentication in TLS.

How the founder of the Telegram messaging app stood up to the Kremlin and won

www.washingtonpost.com/world/europe/russia-telegram-kremlin-pavel-durov/2020/06/27/4928ddd4-b161-11ea-98b5-279a6479a1e4_story.html Two years ago, Pavel Durov refused to grant Russian security services access to users’ encrypted messages on his popular Telegram messaging app, then a favorite of Russian opposition groups. The reply from authorities was either submit or become wiped off the country’s digital map.

Huawei data flows under fire in German court case

www.politico.eu/article/huawei-germany-court-case-privacy/ A former manager sued the Chinese firm for breaching GDPR, opening a Pandora’s box on data flowing to China. A little-noticed case at the German court in Dsseldorf could spell trouble for Huawei’s global operations.

Apple strong-arms entire CA industry into one-year certificate lifespans

www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/ Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

You might be interested in …

Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials. SolarWinds hack analysis reveals 56% boost […]

Read More

Daily NCSC-FI news followup 2021-07-27

Microsoft Teams now automatically blocks phishing attempts www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/ Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.. This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 […]

Read More

Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.