Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.. see also


MAR-10295134-1.v1 North Korean Remote Access Trojan: BLINDINGCAN

us-cert.cisa.gov/ncas/analysis-reports/ar20-232a This Malware Analysis Report (MAR) is the result of analytic efforts between Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Remote Access Trojan (RAT) malware variants used by the North Korean government.

Taiwan says China behind cyberattacks on government agencies, emails

www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK Taiwan said on Wednesday hacking groups linked to the Chinese government had attacked at least 10 government agencies and some 6,000 email accounts of government officials in an infiltration to steal important data.

 Fancy Bear imposters extort finance, retail on DDoS threat

www.scmagazine.com/home/security-news/fancy-bear-imposters-extort-finance-retail-on-ddos-threat/ The cybersecurity group Akamai is tracking extortionists claiming to represent prominent hacker groups, including the Russian Intelligence group Fancy Bear, demanding ransom under threat of massive denial of service attacks.

New Vulnerability Could Put IoT Devices at Risk

securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/ In September 2019, X-Force Red discovered a vulnerability in Thales (formerly Gemalto) Cinterion EHS8 M2M module used in millions of internet-connected devices over the last decade. . These modules are mini circuit boards that enable mobile communication in IoT devices.

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

www.theregister.com/2020/08/19/openpgp_smime_email_client_mailto_flaws/ Some OpenPGP, S/MIME-capable email clients vulnerable to attack

Unohtuneista salasanoista kertyy lihava lasku työnantajille: sairaanhoitopiirille jopa 200 000 euroa vuodessa

yle.fi/uutiset/3-11499841 Salasanoihin liittyviä puheluja ja palvelupyyntöjä tulee eniten lomakausien jälkeen, eli elokuussa ja tammikuussa.

WannaRen ransomware author contacts security firm to share decryption key

www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/ A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies.

Chromen uusi varoitus voi pelastaa kohtalokkaalta virheeltä

www.is.fi/digitoday/art-2000006605760.html Vaaralliset nettilomakkeet aiheuttavat jatkossa koko ruudun varoituksen Google Chromessa.

Voice Phishers Targeting Corporate VPNs

krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/ The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. . But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Tens of suspects arrested for cashing-out Santander ATMs using software glitch

www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/ Santander says it fixed the ATM software glitch that was exploited this week across the tri-state area.

Airline DMARC Policies Lag, Opening Flyers to Email Fraud

threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/ Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

blogs.cisco.com/security/mitre-attck-the-magic-of-mitigations MITRE ATT&CK: The Magic of Mitigations

XDR: The Next Level of Prevention, Detection and Response [New Guide]


You might be interested in …

Daily NCSC-FI news followup 2019-11-24

CNAME Cloaking, the dangerous disguise of third-party trackers medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a What has started to happen in the last few months in the world of third-party tracking is having a major impact on peoples privacy, and it all stayed pretty much under the radar. How to Avoid Black Friday Scams Online www.wired.com/story/how-to-avoid-black-friday-scams-online/ Black Friday attracts crowds, and […]

Read More

Daily NCSC-FI news followup 2020-05-05

How Many Engineers Does It Take to Digitally Secure a Solar Panel? www.nist.gov/blogs/cybersecurity-insights/how-many-engineers-does-it-take-digitally-secure-solar-panel The headline for this blog post is not a trick question or the beginning of a bad joke. I asked this question maybe a bit facetiously when I met the National Cybersecurity Center of Excellence (NCCoE) energy sector team in late 2018. […]

Read More

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.