Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also


Magecart Attack Impacts More Than 10K Online Shoppers

threatpost.com/magecart-campaign-10k-online-shoppers/159216/ Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Postin nimissä liikkeellä huijausviestejä älä reagoi, älä klikkaa yllättäviä linkkejä, katso myös Poliisin ohjeet (päivitetty 14.9.)

www.posti.com/media/mediauutiset/2020/postin-nimissa-liikkeella-huijausviesteja–ala-reagoi-ala-klikkaa-yllattavia-linkkeja-katso-myos-poliisin-ohjeet/ Erilaisia huijausviestejä on liikkeellä yhä enemmän, myös Postin nimissä. Uusimmat huijausviestit näyttävät monelta osin hyvin erehdyttävästi aidoilta. Viesteissä voi olla myös Postin logo. Posti tekee tiivistä yhteistyötä Poliisin kanssa huijausviestien vastaisessa työssä.

Huijaus Tokmannin nimissä näin suomalaisten kotiosoitteita kerätään

www.is.fi/digitoday/tietoturva/art-2000006635306.html Facebookissa tehtävät huijaukset jatkuvat. Ihmisiä harhautetaan Tokmannin nimissä luovuttamaan yhteystietonsa.

New BlindSide attack uses speculative execution to bypass ASLR

www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/ New BlindSide technique abuses the CPU’s internal performance-boosting feature to bypass OS security protection.

Personal data from Experian on 40% of South Africa’s population has been bundled onto a file-sharing website

www.theregister.com/2020/09/14/south_africa_experian_data_breach_wesendit/ August breach hadn’t been cleared up at all and regulators are furious

Helping organisations – and researchers – to manage vulnerability disclosure

www.ncsc.gov.uk/blog-post/helping-to-manage-vulnerability-disclosure Ollie N explains the thinking behind the NCSCs new Vulnerability Disclosure Toolkit, which is now available to download.

Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency

www.zdnet.com/article/vast-majority-of-cyber-attacks-on-cloud-servers-aim-to-mine-cryptocurrency/ Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.

A “DFUR-ent” Perspective on Threat Modeling and Application Log Forensic Analysis

www.fireeye.com/blog/threat-research/2020/09/dfur-ent-perspective-on-threat-modeling-and-application-log-forensic-analysis.html Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let’s face it, finding evil in application logs can be difficult and overwhelming for a few reasons.

COVID cybercrime: 10 disturbing statistics to keep you awake tonight

www.zdnet.com/article/ten-disturbing-coronavirus-related-cybercrime-statistics-to-keep-you-awake-tonight/ Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400%. And there’s more. So much more.

Valtionhallinnon toimijoiden kyberturvallisuustaidot testissä JAMKin harjoituksessa

www.epressi.com/tiedotteet/teknologia/valtionhallinnon-toimijoiden-kyberturvallisuustaidot-testissa-jamkin-harjoituksessa.html Jyväskylän ammattikorkeakoulun (JAMK) kyberturvallisuuden tutkimus-, kehitys- ja koulutuskeskus JYVSECTEC (Jyväskylä Security Technology) järjestää kansallisen kyberturvallisuusharjoituksen (KYHA20vh) 28.9.-2.10.2020.

Ransomware: This essential step could help you make it through an attack

www.zdnet.com/article/ransomware-this-essential-step-could-help-you-make-it-through-an-attack/ New advice from the National Cyber Security Centre urges businesses to have an incident response plan in place – even if they think they’re unlikely to fall victim to hackers.

After 12 Years, Malwares puzzling Nuisance Worm Conficker Refuses To Die

www.forbes.com/sites/johndunn/2020/09/14/after-12-years-malwares-puzzling-nuisance-worm-conficker-refuses-to-die/ What ranks as historys most successful malware? Depending on who you ask, the names that come up are usually destructive spectaculars such as NotPetya and WannaCry from 2017 or perhaps the panic-inducing SQL Slammer work from 14 years earlier.. It all depends what you mean by successful, of course, but my choice would be Conficker (aka downadup), a sophisticated 2008 Windows worm that threatened mayhem before disappearing not long after before anyone could fathom its true purpose.

Creating patched binaries for pentesting purposes


You might be interested in …

Daily NCSC-FI news followup 2021-02-23

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html “”. Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late […]

Read More

Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination www.securityfocus.com/archive/1/542248 CISA Publishes 2020 Chemical Security Presentations www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others. Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese […]

Read More

Daily NCSC-FI news followup 2020-04-10

Large email extortion campaign underway, DON’T PANIC! www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends. Ransomware scumbags leak Boeing, Lockheed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.