Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor

www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free.

When coffee makers are demanding a ransom, you know IoT is screwed

arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water.

Threat Roundup for September 18 to September 25

blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.

Industrial Cyberattacks Get Rarer but More Complex

threatpost.com/industrial-cyberattacks-rarer-complex/159573/ The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.

KuCoin cryptocurrency exchange hacked for $150 million

www.zdnet.com/article/kucoin-cryptocurrency-exchange-hacked-for-150-million/#ftag=RSSbaffb68 KuCoin said an intruder drained all its hot wallets today.

Putin Wants a Truce in Cyberspace While Denying Russian Interference

www.nytimes.com/2020/09/25/world/europe/russia-cyber-security-meddling.html With an eye to a possible Biden presidency, the Russian leader called for a “reboot” on information security but offered no concessions.

How cybercriminals launder money stolen from banks

www.kaspersky.com/blog/money-laundering-schemes/37175/ Before the thieves can enjoy them, the proceeds of cybercrime have to jump through a few hoops. We discuss the complexities involved.

Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the dismay of the infosec community

www.zdnet.com/article/pastebin-adds-burn-after-read-and-password-protected-pastes-to-the-dismay-of-the-infosec-community/ The two new features will make it easier to disguise malware operations.

You might be interested in …

Daily NCSC-FI news followup 2021-02-08

Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack-into-private-signal-messages-on-a-locked-iphone-evidence-indicates-yes/ The FBI appears to have a tool that can access Signal messages, even if a device is locked. WestRock Ransomware Attack Hinders Packaging Production threatpost.com/westrock-ransomware-attack/163717/ The ransomware attack, affecting OT systems, resulted in some of WestRock’s facilities lagging in […]

Read More

Daily NCSC-FI news followup 2021-01-12

Going Rogue a Mastermind Behind Android Malware Returns with a New RAT blog.checkpoint.com/2021/01/12/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/ Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion smartphone users worldwide, and it is estimated that over 85% of those devices around […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.