Daily NCSC-FI news followup 2020-08-08

Small and mediumsized businesses: Big targets for ransomware attacks

www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/ Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?. While large enterprises may present themselves as more lucrative prey, SMBs are an attractive target due to their lack of resources to defend against such attacks.

Iranians, Russians receive text messages seeking U.S. election hacking info

www.reuters.com/article/us-cyber-iran-text-messages/iranians-russians-receive-text-messages-seeking-u-s-election-hacking-info-idUSKCN2522Z0 Written in Farsi, the Iran text messages say: “The United States pays up to $10 million for any information on foreign interference in American elections.” They carry a link to the U.S. Rewards for Justice Program, which offers cash bounties in return for information on threats to American national security.

Capital One to pay $80 million fine after data breach

www.reuters.com/article/us-usa-banks-capital-one-fin/capital-one-to-pay-80-million-fine-after-data-breach-idUSKCN2522DA Capital One Financial Corp (COF.N) will pay an $80 million penalty to a U.S. bank regulator after the bank suffered a massive data breach one year ago. The fine, announced Thursday by the Office of the Comptroller of the Currency, punishes the bank for failing to adequately identify and manage risk as it moved significant portions of its technological operations to the cloud. Read also:


Blackbaud data breach: What you should know

www.welivesecurity.com/2020/08/06/blackbaud-data-breach-what-you-should-know/ Blackbaud, a cloud software company, disclosed that they had been the victim of an attempted ransomware attack. Between their cybersecurity team, a forensics expert and law enforcement it was successfully thwarted. Unfortunately, the perpetrator, before being locked out, copied a subset of data which they then offered to delete for an undisclosed sum of money. Blackbaud paid the ransom-to-delete and received confirmation the data had been destroyed. They claim to have taken this action because “protecting our customers’ data is our top priority”. Read also: www.blackbaud.com/securityincident

Threat Roundup for July 31 to August 7

blog.talosintelligence.com/2020/08/tru-0731-0807.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 31 and Aug. 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Dutch Hackers Found a Simple Way to Mess With Traffic Lights

www.wired.com/story/hacking-traffic-lights-netherlands/ By reverse engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Beyond KrØØk: Even more WiFi chips vulnerable to eavesdropping

www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought. KrØØk (formally CVE-2019-15126) is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Specifically, the bug has led to wireless network data being encrypted with a WPA2 pairwise session key that is all zeros instead of the proper session key that had previously been established in the 4-way handshake. This undesirable state occurs on vulnerable Broadcom and Cypress chips following a Wi-Fi disassociation.

DEF CON: New tool brings back ‘domain fronting’ as ‘domain hiding’

www.zdnet.com/article/def-con-new-tool-brings-back-domain-fronting-as-domain-hiding/ After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as “domain hiding.”. At the DEF CON 28 security conference this week, a security researcher has released a new tool that can help the makers of sensitive applications evade censorship and bypass firewalls to keep services up inside problematic areas of the globe. Domain fronting is a technique that has been made popular by mobile app developers in the 2010s and has been used to allow apps to bypass censorship attempts in oppressive countries.

Researchers found another way to hack Android cellphones via Bluetooth

www.cyberscoop.com/bluetooth-vulnerability-android-dbappsecurity-black-hat-2020/ Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. These exploits, one of which takes advantage of a zero-day vulnerability, could also allow hackers to send fake text messages if manipulated properly, researchers found. The other attack allows researchers to take advantage of an authentication bypass vulnerability, dubbed “BlueRepli.” Would-be attackers can bypass authentication by imitating a device that has previously been connected with a target. Victims do not need to give permission to a device for the exploit to work. Read also:


Hacking the PLC via Its Engineering Software

www.darkreading.com/vulnerabilities—threats/hacking-the-plc-via-its-engineering-software/d/d-id/1338612 Researcher will demonstrate at DEF CON an emerging threat to industrial control networks. Attackers don’t need to directly hack into a programmable logic controller (PLC) to wreak havoc on an industrial process: they can target its configuration files and pivot from there.

Käytätkö yhä vanhaa Windowsia? FBI:n varoitus pätee myös Suomessa

www.is.fi/digitoday/tietoturva/art-2000006594380.html Yhdysvaltain liittovaltion poliisi FBI julkaisi varoituksen (pdf) Windows 7 -käyttöjärjestelmästä, joka julkaistiin vuonna 2009. Se lakkasi saamasta tietoturvakorjauksia viime tammikuussa, ellei niistä erikseen makseta. FBI:n varoitus on suunnattu yrityksille, mutta viesti on selvä kaikille Windows 7:n käyttäjille. Käyttöjärjestelmästä pitäisi luopua pikimmiten. FBI sanoo havainneensa, että rikolliset tähtäävät sellaisiin tietokoneisiin joiden käyttöjärjestelmä on saavuttanut elinkaarensa päätepisteen. Ajan myötä Windows 7:stä tulee aina vain haavoittuvampi hyökkäyksille, kun siitä löydetään uusia ja ilman korjausta jääviä haavoittuvuuksia. Lue myös itse varoitus:

assets.documentcloud.org/documents/7013778/FBI-PIN-alert-on-Windows-7-End-of-Life.pdf. Sekä


Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs

csirt.cy/nearly-50-of-all-smartphones-affected-by-qualcomm-snapdragon-bugs/ Several security vulnerabilities found in Qualcomm’s Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of almost 40% of all smartphones, spy on their users, and create un-removable malware capable of evading detection. Read also:

www.kauppalehti.fi/uutiset/tietoturvatutkijat-lahes-kaikki-android-puhelimet-ovat-alttiita-hyokkayksille/3c34aa45-c575-4b84-aa82-b34b2b638c81. As well as:

www.darkreading.com/vulnerabilities—threats/400+-qualcomm-chip-vulnerabilities-threaten-millions-of-android-phones/d/d-id/1338613. And:


Why You Should Stop Sending SMS MessagesEven On Apple iMessage

www.forbes.com/sites/zakdoffman/2020/08/08/apple-iphone-ipad-imessage-security-update-sms-rcs-google-whatsapp-encryption/ SMS is at the other end of the security spectrum, built on an archaic architecture that sits inside the many cellular networks around the world. When you send an SMS, while it might be secure between your phone and your network, once there it can be easily intercepted and collected. Last year I reported on hackers compromising global telcos to collect SMS traffic between targeted senders and recipients. As FireEye warned at the time, “users and organizations must consider the risk of unencrypted data being intercepted several layers upstream in their cellular communication chain.”

Whoops, our bad, we just may have ‘accidentally’ left Google Home devices recording your every word, sound, sorry

www.theregister.com/2020/08/08/ai_in_brief/ Your Google Home speaker may have been quietly recording sounds around your house without your permission or authorization, it was revealed this week.

The Quest to Liberate $300, 000 of Bitcoin From an Old Zip File

www.wired.com/story/quest-to-liberate-bitcoin-from-old-zip-file/ The story of a guy who wouldn’t let a few quintillion possible decryption keys stand between him and his cryptocurrency.

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

thehackernews.com/2020/08/magecart-homograph-phishing.html Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. Read also:


WastedLocker’s techniques point to a familiar heritage

news.sophos.com/en-us/2020/08/04/wastedlocker-techniques-point-to-a-familiar-heritage/ WastedLocker’s evades detection by performing most operations in memory, and shares several characteristics with a more well known ransomware family

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/ A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1, 000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada.

Fake e-mail scanner

www.kaspersky.com/blog/phishing-email-scanner/36661/ A detailed look at a phishing site masquerading as an e-mail scanner and its attempts to snag victims. This scam message employs the time-honored trick of victim intimidation. You can see it right in the header, which reads “Virus Alert” followed by three exclamation points. However trifling punctuation may seem, it’s the first thing that should tip off the recipient that something may be wrong. Unnecessary punctuation in a work e-mail is a sign of drama or unprofessionalism. Either way, it’s inappropriate in a notification supposedly intended to convey information about a threat.

Security News This Week: The NSA’s Tips to Keep Your Phone From Tracking You

www.wired.com/story/nsa-tips-smartphone-data-canon-ransomware-twitter-bug-security-news/ Plus: A Canon ransomware hack, a nasty Twitter bug, and more of the week’s top security news.

How COVID-19 Has Changed Business Cybersecurity Priorities Forever

thehackernews.com/2020/08/covid-19-cybersecurity.html And hackers all over the world knew it. Almost immediately, Google reported a significant increase in malicious activity, and Microsoft noted trends that appeared to back that up. The good news is that the wave of cyberattacks unleashed by the pandemic peaked in April and has since died down. Fortunately, that’s allowing IT professionals and network administrators everywhere to take a deep breath and take stock of the new security environment they’re now operating in.

GEC Special Report: Russia’s Pillars of Disinformation and Propaganda

www.state.gov/russias-pillars-of-disinformation-and-propaganda-report/ The Department’s Global Engagement Center (GEC) is leading and coordinating efforts of the U.S. Federal Government to recognize, understand, expose, and counter foreign propaganda and disinformation. In line with its congressional mandate, the GEC is releasing a special report that provides an overview of Russia’s disinformation and propaganda ecosystem. The report outlines the five pillars of Russia’s disinformation and propaganda ecosystem and how these pillars work together to create a media multiplier effect. In particular, it details how the tactics of one pillar, proxy sources, interact with one another to elevate malicious content and create an illusion of credibility. Read also:


We’ve got you covered: experts produce first-ever technical advice on cyber insurance

www.ncsc.gov.uk/news/experts-first-advice-on-cyber-insurance New guidance highlights the 7 cyber security questions organisations should be asking if they are considering purchasing cyber insurance. Read also: www.ncsc.gov.uk/guidance/cyber-insurance-guidance and

www.ncsc.gov.uk/blog-post/is-cyber-insurance-right-for-you. As well as:


Australia to spend $1.2 billion on cyber security for private sector after rise in attacks

www.reuters.com/article/us-australia-cyber/australia-to-spend-1-2-billion-on-cyber-security-for-private-sector-after-rise-in-attacks-idUSKCN25204O Australia will spend A$1.66 billion ($1.19 billion) over the next 10 years to strengthen the cyber defences of companies and households after a rise in cyber attacks, Prime Minister Scott Morrison said on Thursday. Cyber attacks on businesses and households are costing about A$29 billion $20.83 billion) or 1.5% of Australia’s gross domestic product (GDP), Morrison told reporters in Canberra.

You might be interested in …

Daily NCSC-FI news followup 2021-05-22

Crypto-mining gangs are abusing the free tiers of cloud computing platforms therecord.media/crypto-mining-gangs-are-running-amok-on-free-cloud-computing-platforms/ Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider’s free tier infrastructure. Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/ Air […]

Read More

Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two […]

Read More

Daily NCSC-FI news followup 2020-07-08

Redirect auction securelist.com/redirect-auction/ Razor Enhanced, a legitimate assistant tool for Ultima Online, caught our eye when it started trying to access a malicious URL.. The WHOIS data told us that its owner had stopped paying for the domain name, and that it had been purchased using a service for tracking released domains, and then put […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.