Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election

www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the top threats to the 2020 election. Myƶs:

krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/

CISA and FBI Release Joint Advisory Regarding APT Actors Chaining Vulnerabilities Against Government, Critical Infrastructure, and Elections Organizations

us-cert.cisa.gov/ncas/current-activity/2020/10/09/cisa-and-fbi-release-joint-advisory-regarding-apt-actors-chaining The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory regarding advanced persistent threat (APT) actors chaining vulnerabilities in an attempt to compromise federal and state, local, tribal, and territorial (SLTT) government networks, critical infrastructure, and elections organizations. Report:

us-cert.cisa.gov/ncas/alerts/aa20-283a

Apple’s T2 security chip has an unfixable flaw – Checkm8 vulnerability used to jailbreak iPhones hits Macs as well

arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/ A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple’s trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

Google adds password breach alerts to Chrome for Android, iOS

www.welivesecurity.com/2020/10/08/chrome-android-ios-can-now-tell-you-if-your-password-has-been-stolen/ Much like with a feature that is already available for Chrome on computers, the browser’s version for mobile platforms will now compare your saved login credentials against a list of login details that are known to have been compromised; if a match is found, it will alert you.

Google boosts malware protection for high-risk accounts

www.bleepingcomputer.com/news/security/google-boosts-malware-protection-for-high-risk-accounts/ Google’s Advanced Protection Program is a free service that aims to protect the accounts of users including but not limited to activists, journalists, business leaders, and political teams who have a higher risk of being targeted by online attacks. APP blocks unauthorized access to enrolled users’ accounts, offers additional protection from harmful downloads, and secures the users’ info.

You might be interested in …

Daily NCSC-FI news followup 2021-05-02

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/ According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. That same global survey discovered that only 8% of them got all their data […]

Read More

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Daily NCSC-FI news followup 2020-05-22

Ragnar Locker ransomware deploys virtual machine to dodge security news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ A new ransomware attack method takes defense evasion to a new leveldeploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.