Daily NCSC-FI news followup 2020-08-01

Offense and Defense A Tale of Two Sides: Group Policy and Logon Scripts

www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts In this blog, we will look at Group Policy Objects (GPO) in Windows operating systems. Specifically, how they can be used to deploy and execute malicious payloads on target machines within an Active Directory environment. We will also look at ways to reduce the risk of an attacker using this technique. The technique is called Group Policy Modification in the MITRE ATT&CK knowledgebase, and it is being actively used these days in targeted ransomware attacks.

Three Charged in July 15 Twitter Compromise

krebsonsecurity.com/2020/07/three-charged-in-july-15-twitter-compromise/ Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the worlds most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam.. Also:

nakedsecurity.sophos.com/2020/08/01/twitter-hack-three-suspects-charged-in-the-us/.

thehackernews.com/2020/07/twitter-hacker-arrested.html.

threatpost.com/authorities-arrest-alleged-17-year-old-mastermind-behind-twitter-hack/157920/.

www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/.

www.bleepingcomputer.com/news/security/four-suspects-charged-for-roles-in-twitter-hack-bitcoin-scam/.

www.theregister.com/2020/07/31/three_charged_in_twitter_vip/.

www.wired.com/story/how-alleged-twitter-hackers-got-caught-bitcoin/.

www.forbes.com/sites/kellyphillipserb/2020/08/01/irs-ci-announces-charges-against-three-individuals-including-florida-teen-in-twitter-hack/

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

blog.trendmicro.com/trendlabs-security-intelligence/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902/? Following the initial disclosure of two F5 BIG-IP vulnerabilities on the first week of July, we continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, we found an internet of things (IoT) Mirai botnet downloader (detected by Trend Micro as Trojan.SH.MIRAI.BOI) that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion and deliver the malicious payload.

Building a .freq file with Public Domain Data Sources

isc.sans.edu/forums/diary/Building+a+freq+file+with+Public+Domain+Data+Sources/26412/ This diary started out as a frequency analysis of zone files for domains that expire before May 2023. Our intent was to look for frequency of random on all Generic Top-Level Domains (gTLDs). This exercise quickly turned into create the freq file for the analysis.

4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users

threatpost.com/4-unpatched-bugs-grandstream-atas-voip/157927/ Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors (ATAs) threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analog telephone devices to a VoIP network, unified communications system or other IP-based communications infrastructure.

Author of FastPOS malware revealed, pleads guilty

www.zdnet.com/article/author-of-fastpos-malware-revealed-pleads-guilty/ A 30-year-old Moldovan man pleaded guilty on Friday for creating FastPOS, a strain of malware designed to infect computers processing payment card data from Point-of-Sale (POS) systems. Valerian Chiochiu, known in the hacking world as “Onassis” (after the Greek shipping magnate who married Jacqueline Kennedy), was part of the Infraud criminal organization.

10 billion records exposed in unsecured databases, study says

www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/ Researchers have found close to 10.5 billion pieces of consumer data that has been left sitting in almost 10,000 unsecured internet-facing databases hosted across 20 countries. The data is said to include email addresses, passwords, and phone numbers. The study was conducted by NordPass between June 2019 and June 2020 in cooperation with an unnamed white hat hacker, who scanned the web for Elasticsearch and MongoDB libraries in search of misconfigured databases.

Confirmed: Garmin received decryptor for WastedLocker ransomware

www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/ BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack. On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions.

The Garmin Hack Was a Warning

www.wired.com/story/garmin-ransomware-hack-warning/ ITS BEEN OVER a week since hackers crippled Garmin with a ransomware attack, and five days since its services started flickering back to life. The company still hasnt fully recovered, as syncing issues and delays continue to haunt corners of the Garmin Connect platform. Two things, though, are clear: It could have been worse for Garmin. And its only a matter of time before ransomwares big game hunters strike again.

Can This Army Of Hackers Secure The 2020 U.S. Presidential Election?

www.forbes.com/sites/daveywinder/2020/08/01/can-this-army-of-hackers-secure-the-2020-us-presidential-election-trump-vote-cybersecurity/ The 2020 U.S. presidential election clock is ticking, with just 94 days to go, and President Trump has, rather unconvincingly, already called for the election to be postponed. Although this suggestion was quickly dismissed as something that Trump has no authority to make happen, the comments he made when putting forward the idea cannot be quite as easily put to one side.

GandCrab ransomware operator arrested in Belarus

www.bleepingcomputer.com/news/security/gandcrab-ransomware-operator-arrested-in-belarus/ An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to an official release. Authorities were able to identify the individual in cooperation with law enforcement in Romania and the U.K. The cybercriminals identity has not been published but Office K of the Ministry of Internal Affairs in Belarus says that he is a 31-years old living in Gomel, a city in southeastern Belarus.

Phishing campaigns, from first to last victim, take 21h on average

www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/ A mixed team of security researchers from Google, PayPal, Samsung, and Arizona State University has spent an entire year analyzing the phishing landscape and how users interact with phishing pages. In a mammoth project that involved analyzing 22,553,707 user visits to 404,628 phishing pages, the research team has been able to gather some of the deepest insights into how phishing campaigns work.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.