Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker

ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were involved in its inception and circulation. This short research targets a specific tier of cybercriminal actors Initial Access Brokers. These are mid-tier actors who specialize in obtaining initial network access from a variety of sources, curating and grooming it into a wider network compromise and then selling them off to ransomware affiliates. With the affiliate ransomware network becoming more and more popular and affecting huge enterprises as well as smaller ones, initial access brokers are rapidly becoming an important part of the affiliate ransomware supply chain. The list leak mentioned above seems to have been circulating between several initial access brokers in cybercrime forums, and have been exposed by a LockBit affiliate who regarded the actors as unprofessional. This event showcases the breadth of information thats exchanged on cybercrime communities and, in KELAs eyes, emphasizes the need for scalable and targeted monitoring of underground communities

Australia’s Cyber Security Strategy 2020

www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020 (3MB PDF). The Australian Cyber Security Strategy 2020 will invest $1.67 billion over 10 years to achieve our vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend. Read also:

www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf

Intel NDA blueprints 20GB of source code, schematics, specs, docs spill onto web from partners-only vault

www.theregister.com/2020/08/06/intel_nda_source_code_leak/ Updated Switzerland-based IT consultant Tillie Kottmann on Thursday published a trove of confidential Intel technical material, code, and documents related to various processors and chipsets. “They were given to me by an anonymous source who breached them earlier this year, more details about this will be published soon, ” Kottmann wrote on Twitter, suggesting someone had broken into Intel’s systems and siphoned off the material. More leaks of secret Intel documents are promised.. Read also:

threatpost.com/hackers-dump-20gb-of-intels-confidential-data-online/158178/. As well as:

arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/

The Current State of Exploit Development, Part 1

www.crowdstrike.com/blog/state-of-exploit-development-part-1/ Memory corruption exploits have historically been one of the strongest accessories in a good red teamer’s toolkit. They present an easy win for offensive security engineers, as well as adversaries, by allowing the attacker to execute payloads without relying on any user interaction.

Exhausted, energised and overwhelmed – but in a good way!

www.ncsc.gov.uk/blog-post/exhausted-energised-and-overwhelmed-in-good-way The Cyber Accelerator Programme, now in its 4th year, was created to grow the UK’s emerging cyber security industry, and provides support to innovative start-up companies aiming to bring better, faster and cheaper’ cyber security products and services to market. The Accelerator does this by offering technical leadership, guidance and mentoring to successful applicants.

Weekly Threat Report 7th August 2020

www.ncsc.gov.uk/report/weekly-threat-report-7th-august-2020 The NCSC’s weekly threat report is drawn from recent open source reporting.

Julys Most Wanted Malware: Emotet Strikes Again After Five-Month Absence

blog.checkpoint.com/2020/08/07/julys-most-wanted-malware-emotet-strikes-again-after-five-month-absence/ Check Point Research finds sharp increase in the Emotet botnet spreading spam campaigns after period of inactivity, aiming to steal banking credentials and spread inside targeted networks

Bulgarian police arrest hacker Instakilla

www.zdnet.com/article/bulgarian-police-arrest-hacker-instakilla/ Hacker accused of hacking and extorting companies, selling stolen data online.

Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry

www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/ A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more. Read also:

www.zdnet.com/article/black-hat-hackers-are-now-using-cobalt-strike-and-skeleton-keys-to-target-semiconductor-firms/

Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs

threatpost.com/black-hat-19-flaws-connected-mercedes-benz-vehicles/158144/ Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

thehackernews.com/2020/08/foreshadow-processor-vulnerability.html The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD previously believed to be unaffected.

Have I Been Pwned to go open source 10bn credentials, not so much, says creator Hunt

www.theregister.com/2020/08/07/hibp_open_source/ Credential breach website Have I Been Pwned (HIBP) will be going open source, site creator and maintainer Troy Hunt has told the world.

You might be interested in …

Daily NCSC-FI news followup 2021-10-07

Tule mukaan Tietoturvaseminaari 2021 -virtuaalitapahtumaan 24.11.2021 klo 11-16 www.traficom.fi/fi/ajankohtaista/tilaisuudet/tietoturva-2021-virtuaaliseminaari-24112021 Liikenne- ja viestintävirasto Traficomin sekä Huoltovarmuuskeskuksen yhteinen Tietoturvaseminaari juhlistaa tänä vuonna Kyberturvallisuuskeskuksen CERT-toiminnon 20-vuotista taivalta. Seminaarissa tarkastellaan kyberturvallisuutta yhteiskunnan toimivuuden ja huoltovarmuuden perustana. Tilaisuuden avaa liikenne- ja viestintäministeri Timo Harakka, ja keynote-puheenvuoron pitää F-Securen tutkimusjohtaja Mikko Hyppönen. Ohjelma ja puhujatiedot tarkentuvat tulevien viikkojen aikana. Lue lisää […]

Read More

Daily NCSC-FI news followup 2020-06-19

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy krebsonsecurity.com/2020/06/fema-it-specialist-charged-in-id-theft-tax-refund-fraud-conspiracy/ An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and […]

Read More

Daily NCSC-FI news followup 2020-12-15

Yhdysvalloissa on hakkeroitu lisää hallinnon järjestelmiä kotimaan turvallisuusvirasto oli viimeisimmän kyberhyökkäyksen uhri yle.fi/uutiset/3-11697114 Yhdysvaltain kotimaan turvallisuusviraston vastuulla on maan suojeleminen perinteisiä sekä verkkohyökkäyksiä vastaan. No One Knows How Deep Russia’s Hacking Rampage Goes www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury/ Dark Halo Leverages SolarWinds Compromise to Breach Organizations www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ Volexity is releasing additional research and indicators associated with compromises impacting customers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.