Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.. see also


MAR-10295134-1.v1 North Korean Remote Access Trojan: BLINDINGCAN

us-cert.cisa.gov/ncas/analysis-reports/ar20-232a This Malware Analysis Report (MAR) is the result of analytic efforts between Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Remote Access Trojan (RAT) malware variants used by the North Korean government.

Taiwan says China behind cyberattacks on government agencies, emails

www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK Taiwan said on Wednesday hacking groups linked to the Chinese government had attacked at least 10 government agencies and some 6,000 email accounts of government officials in an infiltration to steal important data.

 Fancy Bear imposters extort finance, retail on DDoS threat

www.scmagazine.com/home/security-news/fancy-bear-imposters-extort-finance-retail-on-ddos-threat/ The cybersecurity group Akamai is tracking extortionists claiming to represent prominent hacker groups, including the Russian Intelligence group Fancy Bear, demanding ransom under threat of massive denial of service attacks.

New Vulnerability Could Put IoT Devices at Risk

securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/ In September 2019, X-Force Red discovered a vulnerability in Thales (formerly Gemalto) Cinterion EHS8 M2M module used in millions of internet-connected devices over the last decade. . These modules are mini circuit boards that enable mobile communication in IoT devices.

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

www.theregister.com/2020/08/19/openpgp_smime_email_client_mailto_flaws/ Some OpenPGP, S/MIME-capable email clients vulnerable to attack

Unohtuneista salasanoista kertyy lihava lasku työnantajille: sairaanhoitopiirille jopa 200 000 euroa vuodessa

yle.fi/uutiset/3-11499841 Salasanoihin liittyviä puheluja ja palvelupyyntöjä tulee eniten lomakausien jälkeen, eli elokuussa ja tammikuussa.

WannaRen ransomware author contacts security firm to share decryption key

www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/ A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies.

Chromen uusi varoitus voi pelastaa kohtalokkaalta virheeltä

www.is.fi/digitoday/art-2000006605760.html Vaaralliset nettilomakkeet aiheuttavat jatkossa koko ruudun varoituksen Google Chromessa.

Voice Phishers Targeting Corporate VPNs

krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/ The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. . But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Tens of suspects arrested for cashing-out Santander ATMs using software glitch

www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/ Santander says it fixed the ATM software glitch that was exploited this week across the tri-state area.

Airline DMARC Policies Lag, Opening Flyers to Email Fraud

threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/ Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

blogs.cisco.com/security/mitre-attck-the-magic-of-mitigations MITRE ATT&CK: The Magic of Mitigations

XDR: The Next Level of Prevention, Detection and Response [New Guide]


You might be interested in …

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Daily NCSC-FI news followup 2020-12-18

Kansallinen turvallisuusauditointikriteeristö Katakri 2020 julkaistu valtioneuvosto.fi/-/kansallinen-turvallisuusauditointikriteeristo-katakri-2020-julkaistu Kansallisen turvallisuusviranomainen NSA julkaisee Katakri 2020:n, eli viranomaisten tietoturvallisuuden auditointityökaluksi tarkoitetun kansallisen auditointikriteeristön 18.joulukuuta 2020 verkkoversiona.. Katakrin neljännen version päivitystyön taustalla keskeisimpänä tekijänä on ollut vastaaminen 2020 alusta uusiutuneen kansallisen lainsäädännön muutoksiin.. Painettu julkaisu ja englanninkielinen verkkoversio on saatavilla vuoden 2021 alkupuolella. SolarWinds hackers breach US nuclear weapons agency […]

Read More

Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts? securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.