Daily NCSC-FI news followup 2020-08-27

Confessions of an ID Theft Kingpin, Part II

krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-ii/ Yesterdays piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Heres a look at what happened after he got busted.

As global business is migrating toward conducting more transactions online, threat actors have become more invested in identifying and exploiting vulnerabilities in website payment processing systems and interfaces, particularly ones that permit threat actors to inject malicious JavaScript (JS) and exfiltrate customer data and payment card details

www.recordedfuture.com/credit-card-sniffers/ As this and previous Recorded Future reporting highlights, the injection of malicious JS code into websites is not reserved to Magecart an umbrella term for threat actor groups employing this technique but is also being marketed by multiple threat actors on the dark web who develop customized payment sniffers that are updated regularly, contain multiple capabilities, and are available for

New Chrome, Firefox versions fix security bugs, bring productivity features

www.welivesecurity.com/2020/08/26/new-chrome-firefox-versions-fix-security-bugs-bring-productivity-tools/ Chrome gets a new way of managing tabs while Firefox now features a new add-ons blocklist. Google and Mozilla have each released new stable versions of their web browsers for desktop platforms, with both Chrome and Firefox bringing a slew of new features and security fixes that are being rolled out to Windows, Mac and Linux.

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

thehackernews.com/2020/08/qakbot-banking-trojan.html A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet another email-based malware behind several botnet-driven spam campaigns and ransomware attacks last month, with the new sample capable of covertly gathering all email threads from a victim’s Outlook client and using them for later malspam campaigns.. Also:


www.zdnet.com/article/your-email-threads-are-now-being-hijacked-by-qbot-trojan/. Report:


Security.txt – one small file for an admin, one giant help to a security researcher

isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/ During the last few months, Ive noticed a significant increase in the number of vulnerability reports for domains registered to some of our customers. If youve ever found a vulnerability on a website, which wasnt operated by you or your organization, chances are youve had a bit of a difficult time finding the right person to report the vulnerability to. If you lack this experience, just try to imagine how easy (or difficult) it might be to get in touch with the responsible department or person in your company if someone were to find a vulnerability on the website of your organization.. Identifying the right contact for domains registered by companies, which run their own CSIRT or PSIRT, is usually quite straightforward, but for the rest of them it can be quite a headache.

Malicious Attachments Remain a Cybercriminal Threat Vector Favorite

threatpost.com/malicious-attachments-remain-a-cybercriminal-threat-vector-favorite/158631/ Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public awareness increases and tech companies amp up their defenses. While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether its a purported job offer or a pretend critical invoice.. The reason why threat actors are still relying on this age-old tactic, researchers say, is that the attack is still working. Even with widespread public awareness about malicious file attachments, attackers are upping their game with new tricks to avoid detection, bypass email protections and more.

DDoS extortionists target NZX, Moneygram, Braintree, and other financial services

www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/ For the past weeks, a criminal gang has launched DDoS attacks against some of the world’s biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. Just this week, the group has attacked money transfer service MoneyGram, YesBank India, Worldpay, PayPal, Braintree, and Venmo, a source involved in the DDoS mitigation field has told ZDNet. The New Zealand stock exchange (NZX), which halted trading for the third day in a row today, is also one of the group’s victims.

Ylen uutislähetys jäi ict-ongelman takia esittämättä reititysprotokolla sekosi

www.tivi.fi/uutiset/tv/b43b9acb-fea5-48a5-95ef-47c3abb2fb3c Keskiviikkona Yle joutui ikävään tilanteeseen, kun Helsingin Pasilassa tapahtuneen tietoliikenneongelman takia TV 1:n kello 17.00 uutislähetys jäi kokonaan näkymättä. Tapahtuneen jälkeen uutisankkuri Piia Pasanen kertoi Twitterissä, että hänen 20-vuotisella Yle-uralla ei ole koskaan sattunut teknistä ongelmaa, joka olisi kokonaan estänyt uutislähetyksen ajamisen.

Lemon_Duck cryptominer malware now targets Linux devices

www.bleepingcomputer.com/news/security/lemon-duck-cryptominer-malware-now-targets-linux-devices/ The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances. Lemon_Duck (spotted last year by Trend Micro and further examined by SentinelOne) is known for targeting enterprise networks, gaining access over the MS SQL service via brute-forcing or the SMB protocol using EternalBlue according to Guardicore’s Ophir Harpaz.

Magecarts Success Paves Way For Cybercriminal Credit Card Sniffer Market

threatpost.com/magecarts-success-paves-way-for-cybercriminal-credit-card-sniffer-market/158684/ The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called sniffers are being advertised, sold and regularly updated. The new research, shared exclusively with Threatpost, shows an array of threat groups who over the past six months have been tracked continually developing and advertising customized payment sniffers that are updated regularly, contain multiple capabilities, and are available for purchase or rent.

60 Seconds In Cybersecurity: Heres What Happens In Just One Malicious Internet Minute

www.forbes.com/sites/daveywinder/2020/08/27/heres-what-happens-in-just-1-malicious-internet-minute-riskiq-threat-intelligence/ The latest security intelligence report from RiskIQ has the somewhat provocative title of Evil Internet Minute 2020. However, by analyzing its own global intelligence as an attack surface management company, along with third-party research, RiskIQ has put together an interesting overview of what can happen in just 60 malicious seconds online. The headline numbers, and it really is all about the numbers as you will probably have already guessed, make for sobering reading. In just the single minute, RiskIQ suggests that a staggering 375 new cybersecurity threats will emerge.

Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims’ trust

www.zdnet.com/article/iranian-hackers-impersonate-journalists-to-set-up-whatsapp-calls-and-gain-victims-trust/ Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files. The attacks have happened in July and August this year, according to Israeli cyber-security firm ClearSky, who published a report today detailing this particular campaign. The hackers are believed to be members of Iranian super group CharmingKitten, also known as APT35, NewsBeef, Newscaster, or Ajax, according to Ohad Zaidenberg, ClearSky Lead Cyber Intelligence Researcher.

Acting U.S. Attorney Announces Extradition Of Ghanaian National For Multimillion-Dollar Fraud Scheme Involving Business Email Compromises And Romance Scams Targeting Elderly

www.justice.gov/usao-sdny/pr/acting-us-attorney-announces-extradition-ghanaian-national-multimillion-dollar-fraud Acting Manhattan U.S. Attorney Audrey Strauss said: Deborah Mensah is alleged to have been a participant in a conspiracy that resulted in the theft of millions of dollars from businesses and vulnerable individuals across the United States, and the laundering of that money through a network of bank accounts in the Bronx to co-conspirators in Ghana. Now she is in the United States and facing charges under U.S. law.. From at least in or about 2014 through in or about 2018, MENSAH was a member of a criminal enterprise (the Enterprise) based in Ghana that committed a series of business email compromises and romance scams against individuals and businesses located across the United States, including in the Southern District of New York.

Microsoft Warns of New ‘Anubis’ Info-Stealer Distributed in the Wild

www.securityweek.com/microsoft-warns-new-anubis-info-stealer-distributed-wild Microsoft warned on Thursday that a recently uncovered piece of malware designed to help cybercriminals steal information from infected systems is now actively distributed in the wild. The malware has been named Anubis, but the tech giant has pointed out that its not related to the Android malware that has the same name.

Cetus: Cryptojacking Worm Targeting Docker Daemons

unit42.paloaltonetworks.com/cetus-cryptojacking-worm/ Unsecured Docker daemons have been known to security professionals as a major threat since the early days of containers. Unit 42 recently wrote about Graboid, the first-ever Docker cryptojacking worm and unsecured Docker daemons. I conducted additional research by setting up a Docker daemon honeypot in order to examine how things look for an average Docker daemon in the wild and learn if the shift to the cloud caused by COVID-19 increased the prevalence and sophistication of targeted cloud attacks.

Flaws in DVB-T2 set-top boxes exposed

decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposed/ The focus of this investigation was two set-top boxes supporting DVB-T2. These boxes are pretty cheap, popular, look surprisingly similiar and are jam-packed with vulnerabilities. Meet THOMSON THT741FTA and Philips DTR3502BFTA. The beady eyed among you can play a game of spot the difference if you want.

You might be interested in …

Daily NCSC-FI news followup 2020-05-17

Who Controls Huawei? [PDF] www.ui.se/globalassets/butiken/ui-paper/2020/ui-paper-no.-5-2020.pdf = EU member states should adopt a unitary interpretation of the toolbox. A complete ban on Huawei from the rollout of European 5G might not be necessary, but the EU and its member states should strive for a significant reduction in Huaweis market share. Putin Is Well on His Way […]

Read More

Daily NCSC-FI news followup 2019-06-17

Bloomberg: Argentina Isnt Ruling Out a Cyberattack in Major Power Outage www.bloomberg.com/news/articles/2019-06-16/massive-power-failure-sweeps-across-argentina-and-uruguay Though a cyberattack isnt the primary hypothesis, it cant be ruled out, Argentine Energy Secretary Gustavo Lopetegui told reporters in Buenos Aires. A technical issue or simple humidity could have triggered the breakdown, said Carlos Garcia Pereira, head of Transener, Argentinas largest power-transmission […]

Read More

Daily NCSC-FI news followup 2020-08-12

Annatko selaimen tallentaa salasanasi? Haittaohjelman uusi versio voi varastaa ne salaa www.is.fi/digitoday/tietoturva/art-2000006598720.html Salasanoja vohkiva Agent Tesla muuttui entistäkin pahemmaksi uhkaksi. Samalla se osoittaa, miten kätevyys voi kostautua salasanojen säilytyksessä.. Selain kysyy verkkopalveluun kirjautuessa, tallennetaanko salasana jatkoa varten. Kovin usein tulee painettua kyllä, jotta seuraavalla kerralla olisi helpompi päästä sisään. Tämä kuitenkin synnyttää rikollisille houkuttelevan varannon […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.