Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker

ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were involved in its inception and circulation. This short research targets a specific tier of cybercriminal actors Initial Access Brokers. These are mid-tier actors who specialize in obtaining initial network access from a variety of sources, curating and grooming it into a wider network compromise and then selling them off to ransomware affiliates. With the affiliate ransomware network becoming more and more popular and affecting huge enterprises as well as smaller ones, initial access brokers are rapidly becoming an important part of the affiliate ransomware supply chain. The list leak mentioned above seems to have been circulating between several initial access brokers in cybercrime forums, and have been exposed by a LockBit affiliate who regarded the actors as unprofessional. This event showcases the breadth of information thats exchanged on cybercrime communities and, in KELAs eyes, emphasizes the need for scalable and targeted monitoring of underground communities

Australia’s Cyber Security Strategy 2020

www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020 (3MB PDF). The Australian Cyber Security Strategy 2020 will invest $1.67 billion over 10 years to achieve our vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend. Read also:

www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf

Intel NDA blueprints 20GB of source code, schematics, specs, docs spill onto web from partners-only vault

www.theregister.com/2020/08/06/intel_nda_source_code_leak/ Updated Switzerland-based IT consultant Tillie Kottmann on Thursday published a trove of confidential Intel technical material, code, and documents related to various processors and chipsets. “They were given to me by an anonymous source who breached them earlier this year, more details about this will be published soon, ” Kottmann wrote on Twitter, suggesting someone had broken into Intel’s systems and siphoned off the material. More leaks of secret Intel documents are promised.. Read also:

threatpost.com/hackers-dump-20gb-of-intels-confidential-data-online/158178/. As well as:

arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/

The Current State of Exploit Development, Part 1

www.crowdstrike.com/blog/state-of-exploit-development-part-1/ Memory corruption exploits have historically been one of the strongest accessories in a good red teamer’s toolkit. They present an easy win for offensive security engineers, as well as adversaries, by allowing the attacker to execute payloads without relying on any user interaction.

Exhausted, energised and overwhelmed – but in a good way!

www.ncsc.gov.uk/blog-post/exhausted-energised-and-overwhelmed-in-good-way The Cyber Accelerator Programme, now in its 4th year, was created to grow the UK’s emerging cyber security industry, and provides support to innovative start-up companies aiming to bring better, faster and cheaper’ cyber security products and services to market. The Accelerator does this by offering technical leadership, guidance and mentoring to successful applicants.

Weekly Threat Report 7th August 2020

www.ncsc.gov.uk/report/weekly-threat-report-7th-august-2020 The NCSC’s weekly threat report is drawn from recent open source reporting.

Julys Most Wanted Malware: Emotet Strikes Again After Five-Month Absence

blog.checkpoint.com/2020/08/07/julys-most-wanted-malware-emotet-strikes-again-after-five-month-absence/ Check Point Research finds sharp increase in the Emotet botnet spreading spam campaigns after period of inactivity, aiming to steal banking credentials and spread inside targeted networks

Bulgarian police arrest hacker Instakilla

www.zdnet.com/article/bulgarian-police-arrest-hacker-instakilla/ Hacker accused of hacking and extorting companies, selling stolen data online.

Chinese Hackers Have Pillaged Taiwan’s Semiconductor Industry

www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/ A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more. Read also:

www.zdnet.com/article/black-hat-hackers-are-now-using-cobalt-strike-and-skeleton-keys-to-target-semiconductor-firms/

Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs

threatpost.com/black-hat-19-flaws-connected-mercedes-benz-vehicles/158144/ Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

thehackernews.com/2020/08/foreshadow-processor-vulnerability.html The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD previously believed to be unaffected.

Have I Been Pwned to go open source 10bn credentials, not so much, says creator Hunt

www.theregister.com/2020/08/07/hibp_open_source/ Credential breach website Have I Been Pwned (HIBP) will be going open source, site creator and maintainer Troy Hunt has told the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.