Daily NCSC-FI news followup 2020-11-24

TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader

www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416. Historic campaigns by this actor have also been publicly attributed to Mustang Panda and RedDelta. This new activity appears to be a continuation of previously reported campaigns that have targeted entities associated with diplomatic relations . between the Vatican and the Chinese Communist Party, as well as entities in Myanmar.

Smart doorbells delivering the security you expect?

www.which.co.uk/news/2020/11/the-smart-video-doorbells-letting-hackers-into-your-home/ We tested 11 different doorbells found on eBay and Amazon, many of which had scores of 5-star reviews, were recommended as Amazons Choice, or on the bestseller list. One was labelled as the number one bestseller in door viewers. We found vulnerabilities with every single one.

Tietoturvamerkitty älylaite pitää tietosi turvassa

impulssilvm.fi/2020/11/24/tietoturvamerkitty-alylaite-pitaa-tietosi-turvassa/ Harvalla kuluttajalla on kuitenkaan esimerkiksi Black Friday tarjouksia kärkkyessään mahdollisuutta arvioida havittelemiensa tuotteiden tietoturvallisuutta. Tähän kuluttajien haastavaan päätöksentekoprosessiin on jo vuoden ajan pyritty etsimään helpotusta Tietoturvamerkistä.

Imagine things are bad enough that you need a payday loan. Then imagine flaws in systems of loan lead generators leave your records in the open… for years

www.theregister.com/2020/11/24/payday_loan_lead_generators_fix/ US-based software engineer Kevin Traver contacted us after he found two large groups of short-term loan websites that were giving up sensitive personal information via separate vulnerabilities. “From there it would pre-render some information, including a form that asked you to enter the last four digits of your SSN [social security number] to continue,” Traver told us. “The SSN was rendered in a hidden input, so you could just inspect the website code and view it. On the next page you could review or update all information.”

LightBot: TrickBots new reconnaissance malware for high-value targets

www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-malware-for-high-value-targets/ Dubbed LightBot by Advanced Intel’s Vitali Kremez, this PowerShell script is a lightweight reconnaissance tool that gathers information about a victim’s network to determine if they are high-value and should be targeted in further attacks.

Verizon Cyber Espionage Report

enterprise.verizon.com/resources/reports/2020-2021-cyber-espionage-report.pdf This data-driven report draws from seven years of Data Breach Investigations Report (DBIR) content as well as more than 14 years of Verizon Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise. The CER serves as a guide for cybersecurity professionals looking to bolster their organizations cyberdefense posture and incident response (IR) capabilities against . Cyber-Espionage attacks.

2021 Data risk report – financial services

info.varonis.com/hubfs/docs/research_reports/2021-Financial-Data-Risk-Report.pdf Key Findings: Every employee has access to nearly 11 million files, Nearly two-thirds of companies have 1,000+ sensitive files open to every employee, About 60% of companies have 500+ passwords that never expire

Censored Planet: An Internet-wide, Longitudinal Censorship Observatory

censoredplanet.org/censoredplanet This post highlights findings from our recent ACM CCS 2020 paper Censored Planet: An Internet-wide, Longitudinal Censorship Observatory, where we analyze 20 months worth of remote censorship measurement data collected in 220 countries. Censored Planet finds evidence of increasing censorship in over 100 countries. Using time series analysis techniques, Censored Planet reports 15 key censorship events over 20 months, 10 of which were previously not reported, including in reportedly free countries. Alarmingly, in many of these events, news websites, and social media domains are increasingly blocked.. Paper at dl.acm.org/doi/pdf/10.1145/3372297.3417883

Election Cyber Threats in the Asia-Pacific Region

www.fireeye.com/blog/threat-research/2020/11/election-cyber-threats-in-the-asia-pacific-region.html Mandiant Threat Intelligence tracked numerous elections-related incidents in the Asia-Pacific region in recent years. During this time, the most prolific regional actor was China, which we observed in more than 20 elections-related campaigns most frequently affecting Hong Kong and Taiwan. We believe that China’s primary motives for elections targeting includes monitoring political developments, . internal stability, and supporting Belt and Road Initiative (BRI) investments.

WORDPRESS MALWARE SETTING UP SEO SHOPS

blogs.akamai.com/sitr/2020/11/wordpress-malware-setting-up-seo-shops.html While recently looking over my honeypots, I discovered an infection where a malicious actor added a storefront on top of my existing WordPress installation. … My honeypot infection, as far as I could tell, was hosting more than 7,000 e-Commerce websites.

Beware of WAPDropper, the mobile malware that subscribes users to Premium Rate Services

blog.checkpoint.com/2020/11/24/beware-of-wapdropper-the-mobile-malware-that-subscribes-users-to-premium-rate-services/ WAPDropper consists of two different modules: the dropper module, which is responsible for downloading the 2nd stage malware, and a premium dialer module that subscribes victims to premium services offered by legitimate sources In this case, telecommunication services providers in two countries in Southeast Asia Thailand and Malaysia.

Telcos face £100k-a-day fines unless they obey new UK.gov rules on how to deploy Huawei 5G gear in their networks

www.theregister.com/2020/11/24/telecommunications_security_bill/ A new law being laid in Parliament today will allow the government to write binding security rules that shut so-called “high risk” vendors’ equipment out of parts of networks and could even dictate how their existing equipment can be used within telcos’ networks.

Warning: Banned Baidu Apps Exposed Sensitive Data On Up To 1.4 Billion Android Phones

www.forbes.com/sites/thomasbrewster/2020/11/24/warning-banned-baidu-apps-exposed-sensitive-data-on-up-to-14-billion-android-phones/ The two apps – Baidu Maps and the Baidu App – were thrown out of the Google Play store late last month, as Google thanked researchers for disclosing privacy issues in the software. Baidu App is back online after being updated, whilst Baidu Maps remains offline.. The [Unit42] researchers found that a Baidu software development kit (SDK) called Push in the apps were sending sensitive user data to a Chinese server. The information included phone model, IMSI number and MAC address.

www.wired.co.uk/article/ransomware-hospital-death-germany After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victims medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to. The delay was of no relevance to the final outcome, Hartmann . [from public prosecutor’s office] says. The medical condition was the sole cause of the death, and this is entirely independent from the cyberattack. He likens it to hitting a dead body while driving: while you might be breaking the speed limit, youre not responsible for the death.. Local reports have suggested that this attack was misdirected, largely because the ransom note from the hackers on the hospital servers was directed to the affiliated Heinrich Heine University rather than the hospital. The hackers, perhaps in recognition of their mistake, even presented the encryption key to police when they were informed theyd hit the hospital, but this is possibly all part of . an elaborate PR stunt, Hartmann warns.

Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks

www.ic3.gov/Media/Y2020/PSA201123 The Federal Bureau of Investigation (FBI) is issuing this announcement to help the public recognize and avoid spoofed FBI-related Internet domains. The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity. The FBI’s main official website is www.fbi.gov.

Australias spy agencies caught collecting COVID-19 app data

techcrunch.com/2020/11/24/australia-spy-agencies-covid-19-app-data/ The report, published Monday by the Australian governments inspector general for the intelligence community, which oversees the governments spy and eavesdropping agencies, said the app data was scooped up in the course of the lawful collection of other data.. But the watchdog said that there was no evidence that any agency decrypted, accessed or used any COVID app data.

You might be interested in …

Daily NCSC-FI news followup 2021-07-12

DNS-over-HTTPS takes another small step towards global domination blog.malwarebytes.com/privacy-2/2021/07/dns-over-https-takes-another-small-step-towards-global-domination/ Firefox recently announced that it will be rolling out DNS-over-HTTPS (or DoH) soon to one percent of its Canadian users as part of its partnership with CIRA (the Canadian Internet Registration Authority), the Ontario-based organization responsible for managing the .ca top-level domain for Canada and a […]

Read More

Daily NCSC-FI news followup 2019-07-03

Facebook says its working to resolve outages across Instagram, WhatsApp, and Messenger www.theverge.com/2019/7/3/20681050/facebook-picture-stories-outage-instagram-whatsapp-messenger Facebook has had problems loading images, videos, and other data across its apps today, leaving some people unable to load photos in the Facebook News Feed, view stories on Instagram, or send messages in WhatsApp. Facebook says it is aware of the […]

Read More

Daily NCSC-FI news followup 2021-07-13

June 2021s Most Wanted Malware: Trickbot Remains on Top blog.checkpoint.com/2021/07/13/june-2021s-most-wanted-malware-trickbot-remains-on-top/ Our latest Global Threat Index for June 2021 has revealed that Trickbot is still the most prevalent malware, having first taken the top spot in May. Trickbot is a botnet and banking trojan that can steal financial details, account credentials, and personally identifiable information, as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.