Daily NCSC-FI news followup 2020-06-30

Yes, Apple/Google COVID-19 Tracking Is Now On Your PhoneHere’s The Problem

www.forbes.com/sites/zakdoffman/2020/06/29/serious-new-blow-for-apple-and-google-as-covid-19-phone-tracking-is-rejected/ Australia has now rejected the Apple and Google framework embedded in the latest versions of Android and iOS, deciding to keep its COVIDSafe app independent. The reason is simple, the Apple/Google model “fundamentally changes the locus of control and takes out the middle person, ” Australia’s Deputy Chief Medical Officer Nick Coatsworth complains. That middle person is criticalit’s the manual contact tracer, the expert, “the people who have kept us safe, ” as Coatsworth puts it.

COVID-19 Breach Bubble’ Waiting to Pop?

krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/ The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change and likely for the worse.

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

threatpost.com/strongpity-kurdish-watering-hole-attacks/157029/ The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.

Stinker, emailer, trawler, spy: How an engineer stole top US chip designs, smuggled them to China to set up a rival fab

www.theregister.com/2020/06/30/avago_spying_guilty/ Chinese chap swiped communications blueprints from what-is-now-Broadcom on behalf of Beijing. An engineer-turned-spy stole confidential blueprints of American wireless electronics on behalf of the Chinese government to run a rival factory churning out the components in the Middle Kingdom.

DDoS and dingoes: Australia to bolster cyber-defences with 500 hackers amid China spat

www.theregister.com/2020/06/30/australia_cyber_defence_fund/ Australia will hire 500 hackers as part of a AU$1.35bn (£754m, $925m) boost to protect the nation’s networks from a wave of cyber attacks.

How public safety systems can be abused by nation state actors

www.bleepingcomputer.com/news/security/how-public-safety-systems-can-be-abused-by-nation-state-actors/ Open systems, open data, and open-source software provide a means to promote greater transparency, public trust, and user participation. But what happens when adversaries can abuse the same systems?

US designates China’s Huawei and ZTE as national security threats

www.bleepingcomputer.com/news/security/us-designates-chinas-huawei-and-zte-as-national-security-threats/ The U.S. Federal Communications Commission (FCC) today formally designated the Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE) as national security threats to the integrity of U.S. communications networks or the communications supply chain.

Ransomware Crooks Start Selling Victims’ Secrets To The Highest Bidder

www.forbes.com/sites/leemathews/2020/06/30/revil-ransomware-auctions-victim-data/ Being struck by ransomware used to mean that data would be lost forever unless you paid up. Those days are long gone. Today ransomware gangs are also stealing their victims’ data… and in some cases auctioning it off on Dark Web markets.

Näin hakkerit kiristivät yliopistolta miljoonan “pitäkää tuo pikkusumma ja viekää työntekijänne McDonaldsiin”

www.tivi.fi/uutiset/tv/b5e08d5b-c248-42a7-9c54-ad3ec485db85 Kalifornialainen yliopisto joutui kesäkuussa Netwalker-rikollisjoukon uhriksi.

UC San Francisco pays $1.14 million for ransomware decryptor

www.bleepingcomputer.com/news/security/uc-san-francisco-pays-114-million-for-ransomware-decryptor/ The University of California San Francisco (UCSF) says that it paid $1.14 million to the Netwalker ransomware operators who successfully breached the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

Business giant Xerox allegedly suffers Maze Ransomware attack

www.bleepingcomputer.com/news/security/business-giant-xerox-allegedly-suffers-maze-ransomware-attack/ Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25.

REvil Ransomware Gang Adds Auction Feature for Stolen Data

threatpost.com/revil-ransomware-gang-auction-stolen-data/157006/ An anonymous bidding mechanism enhances the REvil group’s double-extortion game.

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/ Ransom notes signed by ‘Cl0ud SecuritY’ hacker group are being found on old LenovoEMC NAS devices.

Seller floods hacker forum with data stolen from 14 companies

www.bleepingcomputer.com/news/security/seller-floods-hacker-forum-with-data-stolen-from-14-companies/ A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020.

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

blog.trendmicro.com/trendlabs-security-intelligence/us-local-government-services-targeted-by-new-magecart-credit-card-skimming-attack/ Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals.

EvilQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts

www.zdnet.com/article/new-evilquest-ransomware-discovered-targeting-macos-users/New Security researchers have discovered this week a new ransomware strain targeting macOS users.

Google removes 25 Android apps caught stealing Facebook credentials

www.zdnet.com/article/google-removes-25-android-apps-caught-stealing-facebook-credentials/ The malicious apps were downloaded more than 2.34 million times.

EINSTEIN Data Trends 30-day Lookback

www.us-cert.gov/ncas/alerts/aa20-182a Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is meant to give the reader a closer look into what analysts are seeing at the national level and provide technical details on some of the most active threats. 1. NetSupport Manager RAT, 2. Kovter, 3. XMRig

US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug

www.zdnet.com/article/us-cyber-command-says-foreign-hackers-will-most-likely-exploit-new-pan-os-security-bug/ Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products. also:


Living on a prayer? Netgear not quite halfway there with patches for 28 out of 79 vulnerable router models

www.theregister.com/2020/06/30/netgear_router_patches_28_of_79_done/ Netgear has now patched 28 out of 79 vulnerable router models, six months after infosec researchers first noticed security problems potentially allowing an attacker to remotely execute code as root.

System hardening in Android 11

security.googleblog.com/2020/06/system-hardening-in-android-11.html In Android 11 we continue to increase the security of the Android platform. We have moved to safer default settings, migrated to a hardened memory allocator, and expanded the use of compiler mitigations that defend against classes of vulnerabilities and frustrate exploitation techniques.

Remote access at risk: Pandemic pulls more cybercrooks into the bruteforcing game

www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/ Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too

You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS

www.theregister.com/2020/06/30/aircraft_traffic_collision_avoidance_systems/ Easy to fool safety system, in theory in practice, well… Traffic Collision Avoidance Systems (TCAS) are used in aircraft to avoid hitting other aircraft in flight. And like many electronic systems, they weren’t designed for security.

New TikTok Ban Suddenly Hits Millions Of Users As Serious Problems Get Worse

www.forbes.com/sites/zakdoffman/2020/06/30/tiktoks-worst-nightmare-has-just-come-true/ Security concerns are nothing new to TikTokthe Chinese viral sensation that has grown fast enough to compete with the likes of WhatsApp, YouTube and Instagram for downloads. Few if any apps better reflect our time in coronavirus lockdowns than this bitesize video sharing platform, but with great power comes great responsibility, and, so the arguments run, TikTok has totally failed the test.

India’s App Ban Threatens China’s Rise as a Global Tech Power

www.bloomberg.com/news/articles/2020-06-30/india-s-app-ban-threatens-china-s-rise-as-a-global-tech-power China over the past decade built an alternate online reality where Google and Facebook barely exist. Now its own largest tech corporations from Alibaba Group Holding Ltd. to Tencent Holdings Ltd. are getting a taste of what a shutout feels like.

China’s influence via WeChat is ‘flying under the radar’ of most Western democracies

www.zdnet.com/article/chinas-influence-via-wechat-is-flying-under-the-radar-of-most-western-democracies/ China’s United Front Work Department performs its ‘biggest magic’ through WeChat. Is it time to rein in its covert influence? Should it even be banned?

CodeGuru, AWS’s AI code reviewer and performance profiler, is now generally available

techcrunch.com/2020/06/29/codeguru-awss-ai-code-reviewer-and-performance-profiler-is-now-generally-available/ AWS today announced that CodeGuru, a set of tools that use machine learning to automatically review code for bugs and suggest potential optimizations, is now generally available. The tool launched into preview at AWS re:Invent last December.

Apple: We’re defending your privacy by nixing 16 browser APIs. Rivals: You mean defending your bottom line

www.theregister.com/2020/06/29/apple_web_developers/ iGiant accused of holding back web progress to protect its 30% app cut

Under the Hood of a Security Platform


Suomalainen keksintö pelastaa sisällä pätkivät mobiiliyhteydet: antennikuvio ikkunassa auttaa

www.tivi.fi/uutiset/tv/8282135b-e42e-426f-b223-d7a8ce1aa9ff Ikkunoita valmistava Pihla on tuonut markkinoille lasiin integroidun antennin, jonka tehtävänä on parantaa mobiiliverkon kuuluvuutta ja datan siirtoa sisätiloissa.

You might be interested in …

Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, […]

Read More

Daily NCSC-FI news followup 2020-10-16

Microsoft issues out-of-band Windows security updates for RCE bugs www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/ Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library. Alert: Risk of SharePoint vulnerability to UK organisations www.ncsc.gov.uk/news/sharepoint-vulnerability-uk-organisations The NCSC is raising awareness of a new remote […]

Read More

Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.