Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by “copying” the tactics of other threat actors such as the SideWinder.

UHS hospitals hit by reported country-wide Ryuk ransomware attack

www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/ Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, has reportedly shut down systems at healthcare facilities around the US after a cyber-attack that hit its network during early Sunday morning. UHS operates over 400 healthcare facilities in the US and the UK, has more than 90, 000 employees and provides healthcare services to approximately 3.5 million patients each year.

UK, US hospital computers are down, early unofficial diagnosis is a suspected outbreak of Ryuk ransomware

www.theregister.com/2020/09/28/united_health_services_ransomware/ We’ve switched to back-up offline procedures, says Universal Health Services. Universal Health Services, which operates over 400 hospitals and healthcare facilities in the US, Puerto Rico, and the UK, said on Monday that its IT network was offline due to an unspecified cybersecurity issue.

REvil ransomware deposits $1 million in hacker recruitment drive

www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/ The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. also:


Logistics giant CMA CGM goes offline to block malware attack

www.bleepingcomputer.com/news/security/logistics-giant-cma-cgm-goes-offline-to-block-malware-attack/ CMA CGM S.A., a French maritime transport and logistics giant, today disclosed a malware attack affecting some servers on the edge of its network. The attack forced CMA CGM’s IT teams to cut Internet access to some applications to block the malware from spreading to other network devices.

Ransomware is your biggest problem on the web. This huge change could be the answer

www.zdnet.com/article/ransomware-is-the-biggest-problem-on-the-web-this-big-change-could-be-the-answer/ Making it illegal for companies to pay up when hit with ransomware could finally halt the ‘scourge of the internet’.

FBI warns of disinformation campaigns about hacked voter systems

www.bleepingcomputer.com/news/security/fbi-warns-of-disinformation-campaigns-about-hacked-voter-systems/ The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint public service announcement about the threat of disinformation campaigns targeting the 2020 US election season.

Too many staff have privileged work accounts for no good reason, reckon IT bods

www.theregister.com/2020/09/28/research_user_privileges/ Ever seen a Trello board you thought you shouldn’t? If you’re in UK or US, you’re not alone. Around 40 per cent of staff in British and American corporations have access to sensitive data that they don’t need to complete their jobs, according to recent research.

Suspicious logins reported after ransomware attack on US govt contractor

www.zdnet.com/article/suspicious-logins-rats-reported-after-ransomware-attack-on-us-govt-contractor/ Ransomware attack on Tyler Technologies is looking worse by the day. Customers of Tyler Technologies, one of the biggest software providers for the US state and federal government, are reporting finding suspicious logins and previously unseen remote access tools (RATs) on their networks and servers.

The price of stolen remote login passwords is dropping. That’s a bad sign

www.zdnet.com/article/the-price-of-stolen-remote-login-passwords-is-dropping-thats-a-bad-sign/ The cost of RDP credentials is going down – and it’s probably happening because of poor cybersecurity is making log-in details easy to find.

Revealed: Trump campaign strategy to deter millions of Black Americans from voting in 2016

www.channel4.com/news/revealed-trump-campaign-strategy-to-deter-millions-of-black-americans-from-voting-in-2016 3.5 million Black Americans were profiled and categorised as Deterrence’ by Trump campaign voters they wanted to stay home on election day

This Hacker University’ Offers Dark Web Cybercrime Degrees For $125

www.forbes.com/sites/daveywinder/2020/09/28/this-hacker-university-offers-dark-web-cybercrime-degrees-for-125/ A newly published report into the new economy of the dark web from cybersecurity-as-a-service specialist Armor’s Threat Resistance Unit (TRU), contains much of what you might expect. The relatively cheap trade-in loan applications, business ‘fullz’ comprising a complete business attack dossier, and even SMS text bombing rental services. One discovery, however, stood out from the others as far as this somewhat jaded cyber-writer is concerned: a hacker university selling cybercrime courses to dark web degree students.

Singapore in world first for facial verification

www.bbc.com/news/business-54266602 Singapore will be the first country in the world to use facial verification in its national identity scheme.

You might be interested in …

Daily NCSC-FI news followup 2020-05-13

Microsoft Patch Tuesday, May 2020 Edition krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/ Microsoft issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if youre running Windows on any of your machines its time once again to […]

Read More

Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on […]

Read More

[NCSC-FI News] QNAP alerts NAS customers of new DeadBolt ransomware attacks

Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads The company asked users to update their NAS devices to the latest software version and ensure that they’re not exposed to remote access over the Internet. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.