Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also


Magecart Attack Impacts More Than 10K Online Shoppers

threatpost.com/magecart-campaign-10k-online-shoppers/159216/ Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Postin nimissä liikkeellä huijausviestejä älä reagoi, älä klikkaa yllättäviä linkkejä, katso myös Poliisin ohjeet (päivitetty 14.9.)

www.posti.com/media/mediauutiset/2020/postin-nimissa-liikkeella-huijausviesteja–ala-reagoi-ala-klikkaa-yllattavia-linkkeja-katso-myos-poliisin-ohjeet/ Erilaisia huijausviestejä on liikkeellä yhä enemmän, myös Postin nimissä. Uusimmat huijausviestit näyttävät monelta osin hyvin erehdyttävästi aidoilta. Viesteissä voi olla myös Postin logo. Posti tekee tiivistä yhteistyötä Poliisin kanssa huijausviestien vastaisessa työssä.

Huijaus Tokmannin nimissä näin suomalaisten kotiosoitteita kerätään

www.is.fi/digitoday/tietoturva/art-2000006635306.html Facebookissa tehtävät huijaukset jatkuvat. Ihmisiä harhautetaan Tokmannin nimissä luovuttamaan yhteystietonsa.

New BlindSide attack uses speculative execution to bypass ASLR

www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/ New BlindSide technique abuses the CPU’s internal performance-boosting feature to bypass OS security protection.

Personal data from Experian on 40% of South Africa’s population has been bundled onto a file-sharing website

www.theregister.com/2020/09/14/south_africa_experian_data_breach_wesendit/ August breach hadn’t been cleared up at all and regulators are furious

Helping organisations – and researchers – to manage vulnerability disclosure

www.ncsc.gov.uk/blog-post/helping-to-manage-vulnerability-disclosure Ollie N explains the thinking behind the NCSCs new Vulnerability Disclosure Toolkit, which is now available to download.

Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency

www.zdnet.com/article/vast-majority-of-cyber-attacks-on-cloud-servers-aim-to-mine-cryptocurrency/ Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.

A “DFUR-ent” Perspective on Threat Modeling and Application Log Forensic Analysis

www.fireeye.com/blog/threat-research/2020/09/dfur-ent-perspective-on-threat-modeling-and-application-log-forensic-analysis.html Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let’s face it, finding evil in application logs can be difficult and overwhelming for a few reasons.

COVID cybercrime: 10 disturbing statistics to keep you awake tonight

www.zdnet.com/article/ten-disturbing-coronavirus-related-cybercrime-statistics-to-keep-you-awake-tonight/ Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400%. And there’s more. So much more.

Valtionhallinnon toimijoiden kyberturvallisuustaidot testissä JAMKin harjoituksessa

www.epressi.com/tiedotteet/teknologia/valtionhallinnon-toimijoiden-kyberturvallisuustaidot-testissa-jamkin-harjoituksessa.html Jyväskylän ammattikorkeakoulun (JAMK) kyberturvallisuuden tutkimus-, kehitys- ja koulutuskeskus JYVSECTEC (Jyväskylä Security Technology) järjestää kansallisen kyberturvallisuusharjoituksen (KYHA20vh) 28.9.-2.10.2020.

Ransomware: This essential step could help you make it through an attack

www.zdnet.com/article/ransomware-this-essential-step-could-help-you-make-it-through-an-attack/ New advice from the National Cyber Security Centre urges businesses to have an incident response plan in place – even if they think they’re unlikely to fall victim to hackers.

After 12 Years, Malwares puzzling Nuisance Worm Conficker Refuses To Die

www.forbes.com/sites/johndunn/2020/09/14/after-12-years-malwares-puzzling-nuisance-worm-conficker-refuses-to-die/ What ranks as historys most successful malware? Depending on who you ask, the names that come up are usually destructive spectaculars such as NotPetya and WannaCry from 2017 or perhaps the panic-inducing SQL Slammer work from 14 years earlier.. It all depends what you mean by successful, of course, but my choice would be Conficker (aka downadup), a sophisticated 2008 Windows worm that threatened mayhem before disappearing not long after before anyone could fathom its true purpose.

Creating patched binaries for pentesting purposes


You might be interested in …

Daily NCSC-FI news followup 2019-11-05

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/ A malware infection has crippled the IT operations in the remote Canadian territory of Nunavut. An alert from the provincial government on Monday says that “all government services requiring access to electronic information” are being impacted by what they describe as […]

Read More

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Read More

Daily NCSC-FI news followup 2020-05-07

A Deep Dive Into the Latest Maze Ransomware TTPs www.kroll.com/en/insights/publications/cyber/latest-maze-ransomware-ttps Kroll incident response (IR) practitioners worked on multiple Maze ransomware cases during the first quarter of 2020 and have new insights on the tactics, techniques and procedures (TTPs) of these actors and why organizations should revisit their IR plans. In our work with one client, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.