Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by “copying” the tactics of other threat actors such as the SideWinder.

UHS hospitals hit by reported country-wide Ryuk ransomware attack

www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/ Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, has reportedly shut down systems at healthcare facilities around the US after a cyber-attack that hit its network during early Sunday morning. UHS operates over 400 healthcare facilities in the US and the UK, has more than 90, 000 employees and provides healthcare services to approximately 3.5 million patients each year.

UK, US hospital computers are down, early unofficial diagnosis is a suspected outbreak of Ryuk ransomware

www.theregister.com/2020/09/28/united_health_services_ransomware/ We’ve switched to back-up offline procedures, says Universal Health Services. Universal Health Services, which operates over 400 hospitals and healthcare facilities in the US, Puerto Rico, and the UK, said on Monday that its IT network was offline due to an unspecified cybersecurity issue.

REvil ransomware deposits $1 million in hacker recruitment drive

www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. also:


Logistics giant CMA CGM goes offline to block malware attack

www.bleepingcomputer.com/news/security/logistics-giant-cma-cgm-goes-offline-to-block-malware-attack/ CMA CGM S.A., a French maritime transport and logistics giant, today disclosed a malware attack affecting some servers on the edge of its network. The attack forced CMA CGM’s IT teams to cut Internet access to some applications to block the malware from spreading to other network devices.

Ransomware is your biggest problem on the web. This huge change could be the answer

www.zdnet.com/article/ransomware-is-the-biggest-problem-on-the-web-this-big-change-could-be-the-answer/ Making it illegal for companies to pay up when hit with ransomware could finally halt the ‘scourge of the internet’.

FBI warns of disinformation campaigns about hacked voter systems

www.bleepingcomputer.com/news/security/fbi-warns-of-disinformation-campaigns-about-hacked-voter-systems/ The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint public service announcement about the threat of disinformation campaigns targeting the 2020 US election season.

Too many staff have privileged work accounts for no good reason, reckon IT bods

www.theregister.com/2020/09/28/research_user_privileges/ Ever seen a Trello board you thought you shouldn’t? If you’re in UK or US, you’re not alone. Around 40 per cent of staff in British and American corporations have access to sensitive data that they don’t need to complete their jobs, according to recent research.

Suspicious logins reported after ransomware attack on US govt contractor

www.zdnet.com/article/suspicious-logins-rats-reported-after-ransomware-attack-on-us-govt-contractor/ Ransomware attack on Tyler Technologies is looking worse by the day. Customers of Tyler Technologies, one of the biggest software providers for the US state and federal government, are reporting finding suspicious logins and previously unseen remote access tools (RATs) on their networks and servers.

The price of stolen remote login passwords is dropping. That’s a bad sign

www.zdnet.com/article/the-price-of-stolen-remote-login-passwords-is-dropping-thats-a-bad-sign/ The cost of RDP credentials is going down – and it’s probably happening because of poor cybersecurity is making log-in details easy to find.

Revealed: Trump campaign strategy to deter millions of Black Americans from voting in 2016

www.channel4.com/news/revealed-trump-campaign-strategy-to-deter-millions-of-black-americans-from-voting-in-2016 3.5 million Black Americans were profiled and categorised as Deterrence’ by Trump campaign voters they wanted to stay home on election day

This Hacker University’ Offers Dark Web Cybercrime Degrees For $125

www.forbes.com/sites/daveywinder/2020/09/28/this-hacker-university-offers-dark-web-cybercrime-degrees-for-125/ A newly published report into the new economy of the dark web from cybersecurity-as-a-service specialist Armor’s Threat Resistance Unit (TRU), contains much of what you might expect. The relatively cheap trade-in loan applications, business ‘fullz’ comprising a complete business attack dossier, and even SMS text bombing rental services. One discovery, however, stood out from the others as far as this somewhat jaded cyber-writer is concerned: a hacker university selling cybercrime courses to dark web degree students.

Singapore in world first for facial verification

www.bbc.com/news/business-54266602 Singapore will be the first country in the world to use facial verification in its national identity scheme.

You might be interested in …

Daily NCSC-FI news followup 2021-05-19

Email attachment believed to have opened door to cyber-attack on Waikato hospitals www.stuff.co.nz/national/125175283/email-attachment-believed-to-have-opened-door-to-cyberattack-on-waikato-hospitals This crashed phone lines and computers on Tuesday morning, blocking all information technology (IT) services except email in Waikato, Thames, Tokoroa, Te Kiti and Taumarunui hospitals. Evil Logitech – erm I ment USB cable luemmelsec.github.io/Building-An-Evil-USB-Cable/ I already heared about something like this […]

Read More

Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware […]

Read More

Daily NCSC-FI news followup 2021-06-05

Attackers are scanning for vulnerable VMware servers, patch now! www.bleepingcomputer.com/news/security/attackers-are-scanning-for-vulnerable-vmware-servers-patch-now/ Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. The ongoing scanning activity was spotted by threat intelligence company Bad Packets yesterday and confirmed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.