Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.. see also


MAR-10295134-1.v1 North Korean Remote Access Trojan: BLINDINGCAN

us-cert.cisa.gov/ncas/analysis-reports/ar20-232a This Malware Analysis Report (MAR) is the result of analytic efforts between Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Remote Access Trojan (RAT) malware variants used by the North Korean government.

Taiwan says China behind cyberattacks on government agencies, emails

www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK Taiwan said on Wednesday hacking groups linked to the Chinese government had attacked at least 10 government agencies and some 6,000 email accounts of government officials in an infiltration to steal important data.

 Fancy Bear imposters extort finance, retail on DDoS threat

www.scmagazine.com/home/security-news/fancy-bear-imposters-extort-finance-retail-on-ddos-threat/ The cybersecurity group Akamai is tracking extortionists claiming to represent prominent hacker groups, including the Russian Intelligence group Fancy Bear, demanding ransom under threat of massive denial of service attacks.

New Vulnerability Could Put IoT Devices at Risk

securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/ In September 2019, X-Force Red discovered a vulnerability in Thales (formerly Gemalto) Cinterion EHS8 M2M module used in millions of internet-connected devices over the last decade. . These modules are mini circuit boards that enable mobile communication in IoT devices.

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

www.theregister.com/2020/08/19/openpgp_smime_email_client_mailto_flaws/ Some OpenPGP, S/MIME-capable email clients vulnerable to attack

Unohtuneista salasanoista kertyy lihava lasku työnantajille: sairaanhoitopiirille jopa 200 000 euroa vuodessa

yle.fi/uutiset/3-11499841 Salasanoihin liittyviä puheluja ja palvelupyyntöjä tulee eniten lomakausien jälkeen, eli elokuussa ja tammikuussa.

WannaRen ransomware author contacts security firm to share decryption key

www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/ A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies.

Chromen uusi varoitus voi pelastaa kohtalokkaalta virheeltä

www.is.fi/digitoday/art-2000006605760.html Vaaralliset nettilomakkeet aiheuttavat jatkossa koko ruudun varoituksen Google Chromessa.

Voice Phishers Targeting Corporate VPNs

krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/ The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. . But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Tens of suspects arrested for cashing-out Santander ATMs using software glitch

www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/ Santander says it fixed the ATM software glitch that was exploited this week across the tri-state area.

Airline DMARC Policies Lag, Opening Flyers to Email Fraud

threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/ Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

blogs.cisco.com/security/mitre-attck-the-magic-of-mitigations MITRE ATT&CK: The Magic of Mitigations

XDR: The Next Level of Prevention, Detection and Response [New Guide]


You might be interested in …

Daily NCSC-FI news followup 2020-06-14

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it […]

Read More

Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised […]

Read More

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.