Daily NCSC-FI news followup 2020-08-06

Australia’s 2020 Cyber Security Strategy

www.pm.gov.au/media/australias-2020-cyber-security-strategy The Morrison Governments 2020 Cyber Security Strategy outlines how we will keep Australian families and businesses secure online, protect and strengthen the security and resilience of Australias critical infrastructure and ensure law enforcement agencies have the powers and technical capabilities to detect, target, investigate and disrupt cybercrime, including on the dark web. The 2020 Cyber Security Strategy is the largest ever Australian Government financial commitment to cyber security and builds on the strong foundations established by its predecessor.. (3MB PDF):


Achilles: Small chip, big peril.

blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Over 400 vulnerabilities on Qualcomms Snapdragon chip threaten mobile phones usability worldwide. With over 3 billion users globally, smartphones are an integral, almost inseparable part of our day-to-day lives. As the mobile market continues to grow, vendors race to provide new features, new capabilities and better technological innovations in their latest devices. To support this relentless drive for innovation, vendors often rely on third parties to provide the required hardware and software for phones. One of the most common third-party solutions is the Digital Signal Processor unit, commonly known as DSP chips.

Fake e-mail scanner

www.kaspersky.com/blog/phishing-email-scanner/36661/ A detailed look at a phishing site masquerading as an e-mail scanner and its attempts to snag victims. In recent years, news about e-mail-based infections of corporate networks has been fairly regular (and generally connected with ransomware). So, its no surprise that scammers periodically use the topic to try to extract credentials for corporate mail accounts by persuading company employees to run a scan of their mailbox.

Porn blast disrupts bail hearing of alleged Twitter hacker

nakedsecurity.sophos.com/2020/08/06/porn-blast-disrupts-bail-hearing-of-alleged-twitter-hacker/ One of the alleged Twitter hackers faced a bail hearing in a Florida court yesterday. ICYMI, the Twitter hack were referring to involved the takeover of 45 prominent Twitter accounts, including those of Joe Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a laundry list of others with huge numbers of followers

Incident Response Analyst Report 2019

securelist.com/incident-response-analyst-report-2019/97974/ As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries cyber-incident tactics and techniques used in the wild. In this report, we share our teams conclusions and analysis based on incident responses and statistics from 2019. As well as a range of highlights, this report will cover the affected industries, the most widespread attack tactics and techniques, how long it took to detect and stop adversaries after initial entry and the most exploited vulnerabilities. The report also provides some high-level recommendations on how to increase resilience to attacks.

Shellshock In-Depth: Why This Old Vulnerability Wont Go Away

securityintelligence.com/articles/shellshock-vulnerability-in-depth/ Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise. The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the chaotic landscape, its a good time to look back at this threat and the underlying factors that keep these attacks alive today.

Bypassing MassLogger Anti-Analysis a Man-in-the-Middle Approach

www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. At the time of this writing, there is only one publication discussing the MassLogger obfuscation technique in some detail.

A Fork of the FTCode Powershell Ransomware

isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victims computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that its a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command.

Inter skimming kit used in homoglyph attacks

blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/ As we continue to track web threats and credit card skimming in particular, we often rediscover techniques weve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especially in phishing scams with IDN homograph attacks.

High-Severity Cisco DoS Flaw Plagues Small-Business Switches

threatpost.com/high-severity-cisco-dos-flaw-small-business-switches/158124/ Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service (DoS) attacks. The vulnerability stems from the IPv6 packet processing engine in the switches. IPv6 (also known as Internet Protocol version 6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification system for computers on networks and routes traffic across the Internet.. Also:


Intel investigating breach after 20GB of internal documents leak online

www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/ US chipmaker Intel is investigating a security breach after earlier today 20 GB of internal documents, with some marked “confidential” or “restricted secret,” were uploaded online on file-sharing site MEGA. The data was published by Till Kottmann, a Swiss software engineer, who said he received the files from an anonymous hacker who claimed to have breached Intel earlier this year.. Also:


USA piirsi ison maalitaulun presidentinvaaleihin sotkeutujien otsaan: palkkio jopa 10 miljoonaa dollaria

www.tivi.fi/uutiset/tv/dec0a49d-9a7d-4bbc-8929-470c536f6c26 Yhdysvallat on valmis maksamaan jopa 10 miljoonaa dollaria sellaisesta vihjeestä, joka johtaa ulkomaisen vaaleihin sekaantujan kiinniottoon. ZDNetin mukaan palkkio koskee niin vaalijärjestelmiin, äänestyslaitteisiin, viranomaisiin, ehdokkaisiin kuin kampanjatyötekijöihin kohdistuneita hyökkäyksiä. Palkkio on rajattu kuitenkin koskemaan vain sellaisia tekijöitä, jotka toimivat yhteistyössä ulkomaisten valtioiden kanssa. Yksittäisten kiusantekijöiden nappaamisesta ei siis olla kiinnostuneita.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

krebsonsecurity.com/2020/08/hacked-data-broker-accounts-fueled-phony-covid-loans-unemployment-claims/ A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

Insecure satellite Internet is threatening ship and plane safety

arstechnica.com/information-technology/2020/08/insecure-satellite-internet-is-threatening-ship-and-plane-safety/ More than a decade has passed since researchers demonstrated serious privacy and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020as satellite Internet has grown more popularproviders would have fixed those shortcomings, but youd be wrong.

Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

threatpost.com/black-hat-linux-spyware-stack-chinese-apts/158092/ The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo. A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers.

Canon confirms ransomware attack in internal memo

www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/ Update 08/06/20: BleepingComputer has obtained a screenshot of an internal message sent by Canon to employees that discloses the ransomware attack. his message further states that they have hired an outside cybersecurity company to aid in their recovery.. Related:


Smart locks opened with nothing more than a MAC address

www.zdnet.com/article/smart-locks-opened-with-nothing-more-than-a-mac-address/ A smart lock sold by major US retailers could be opened with no more than a MAC address, researchers say. Smart locks have slowly been adopted as an intelligent, Internet of Things (IoT) alternative to traditional lock-and-key methods to securing a property.

Cyber insurance guidance

www.ncsc.gov.uk/guidance/cyber-insurance-guidance This guidance is for organisations of all sizes who are considering purchasing cyber insurance. It is not intended to be a comprehensive cyber insurance buyers guide, but instead focuses on the cyber security aspects of cyber insurance. If you are considering cyber insurance, these questions can be used to frame your discussions. This guidance focuses on standalone cyber insurance policies, but many of these questions may be relevant to cyber insurance where it is included in other policies.

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

www.theregister.com/2020/08/06/usa_clean_network_plan/ US secretary of state Mike Pompeo has announced a Clean Network plan he says offers a comprehensive approach to guarding our citizens privacy and our companies most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).

New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet

www.darkreading.com/vulnerabilities—threats/new-windows-print-spooler-zero-day-flaws-harken-back-to-stuxnet/d/d-id/1338593 Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch. Ten years after the game-changing Stuxnet attack was first discovered, a Windows printer program it exploited has been found to contain additional dangerous zero-day flaws that could allow an attacker to gain a foothold in the network as a privileged user.

Processing Data to Protect Data: Resolving the Breach Detection Paradox

script-ed.org/article/processing-data-to-protect-data-resolving-the-breach-detection-paradox/ Most privacy laws contain two obligations: that processing of personal data must be minimised, and that security breaches must be detected and mitigated as quickly as possible. These two requirements appear to conflict, since detecting breaches requires additional processing of logfiles and other personal data to determine what went wrong. Fortunately Europes General Data Protection Regulation (GDPR) considered the strictest such law recognises this paradox and suggests how both requirements can be satisfied. This paper assesses security breach detection in the light of the principles of purpose limitation and necessity, finding that properly-conducted breach detection should satisfy both principles,

You might be interested in …

Daily NCSC-FI news followup 2021-04-26

Valtion virastoihin tietomurto Kiina vastaavien iskujen takana, viranomainen vaitelias www.is.fi/digitoday/tietoturva/art-2000007942369.html Ohjelmistoaukon kautta tehty hyökkäys herättää paljon kysymyksiä, mutta vastaukset ovat niukkoja. Petos­tehtailijoiden epäillään käyttäneen hyväkseen OmaPostia ja taksi­sovellusta saaliiksi kymmeniä­tuhansia euroja www.is.fi/digitoday/tietoturva/art-2000007942423.html Kahta vangittuna ollutta miestä epäillään törkeästä tietomurrosta, tietosuojarikoksesta ja yhteensä 46 petosrikoksesta OmaPosti – -sovellukseen liittyen. Despite arrests in Spain, FluBot operations explode […]

Read More

Daily NCSC-FI news followup 2019-09-02

Google White Hat Hackers Say Thousands of iPhones Have Been Hacked for Years www.pandasecurity.com/mediacenter/news/google-iphones-hacked/ Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Googles Project Zero team, a division of […]

Read More

Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also: arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/ Microsoft Uses Trademark Law to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.