Daily NCSC-FI news followup 2020-11-28

Europol and partners thwart massive credit card fraud scheme

www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/ Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around 40 million (US$48 million) in losses for both consumers and financial organizations. The operation, dubbed Carding Action 2020, was carried out over a span of three months and involved an analysis of 90,000 pieces of credit card information. It was led by law enforcement authorities from Italy and Hungary and supported by their peers from both the United Kingdom and Europol. Its not immediately clear if any arrests were made.

Threat Hunting with JARM

isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ Recently I have been testing a new tool created by the people at Salesforce. The tool is called JARM and what it does is query TLS instances (HTTPS servers and services) to create a fingerprint of their TLS configuration. Much like analyzing the nuances of network traffic can be used to fingerprint the operating system and version of a server, JARM fingerprints TLS instances to create a fingerprint which can be used to compare one TLS service to another..

github.com/salesforce/jarm

2021 Healthcare Cybersecurity Priorities: Experts Weigh In

threatpost.com/2021-healthcare-cybersecurity-priorities/161596/ Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most notably, the connectivity of everything from thermometers to defibrillators is exponentially increasing the attack surface, presenting vulnerabilities IT professionals might not even know are on their networks.

IIoT chip maker Advantech hit by ransomware, $12.5 million ransom

www.bleepingcomputer.com/news/security/iiot-chip-maker-advantech-hit-by-ransomware-125-million-ransom/ The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data. Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare solutions, with a workforce of over 8,000 people in 92 major cities around the world.

Notorious Ransomware Gang Hits Producers Of Big Brother, Master Chef And The Voice

www.forbes.com/sites/leemathews/2020/11/28/notorious-ransomware-gang-hits-producers-of-big-brother-master-chef-and-the-voice/ A ransomware gang that Microsoft warned about last November has struck yet another high-profile victim. The latest target is Endemol Shine Group, the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef and The Voice. The cybercriminals behind the DoppelPaymer ransomware have taken credit for the attack. Like many other ransomware crews, the group has taken to publicly identifying its victims on a leak site.

You might be interested in …

Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign […]

Read More

Daily NCSC-FI news followup 2020-02-18

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin threatpost.com/active-exploits-hit-vulnerable-wordpress-themegrill-plugin/152947/ Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. Ole organisaatiosi tietoturvan vahvin lenkki myös matkustaessasi ek.fi/ajankohtaista/uutiset/2020/02/18/ole-organisaatiosi-tietoturvan-vahvin-lenkki-myos-matkustaessasi/ Matkustaessa korostuvat mahdollisuus henkilötiedusteluun, eli ihmisiltä tehtävään tiedonhankintaan, sekä riski […]

Read More

Daily NCSC-FI news followup 2020-08-01

Offense and Defense A Tale of Two Sides: Group Policy and Logon Scripts www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts In this blog, we will look at Group Policy Objects (GPO) in Windows operating systems. Specifically, how they can be used to deploy and execute malicious payloads on target machines within an Active Directory environment. We will also look at ways […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.