Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites

www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.

Hacking group exploits ZeroLogon in automotive, industrial attack wave

www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper.

Four Industrial Control System Vendors Warn of Critical Bugs

threatpost.com/ics-vendors-warn-critical-bugs/161333/ In addition to the Real Time Automation and Paradox bugs, high-severity flaws were made public by Sensormatic Electronics, a subsidiary of Johnson Controls, and ICS behemoth Schneider Electric.

Be Very Sparing in Allowing Site Notifications

krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/ KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.

Ransomware attack forces web hosting provider Managed.com to take servers offline

www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/ Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack

The ransomware landscape is more crowded than you think

www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/#ftag=RSSbaffb68 More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing. RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.

You might be interested in …

Daily NCSC-FI news followup 2020-05-29

Highly-targeted attacks on industrial sector hide payload in images www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/ Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. Victims in multiple countries (Japan, the U.K., Germany, Italy) were identified. Some of them supply equipment and software solutions to industrial enterprises. […]

Read More

Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta” www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota. China’s APT hackers move to […]

Read More

Daily NCSC-FI news followup 2019-12-05

Suojelupoliisi: Ulkomaiset vakoojat entistä kiinnostuneempia Suomen kriittisestä infrasta mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work.. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.