Daily NCSC-FI news followup 2020-11-28

Europol and partners thwart massive credit card fraud scheme

www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/ Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around 40 million (US$48 million) in losses for both consumers and financial organizations. The operation, dubbed Carding Action 2020, was carried out over a span of three months and involved an analysis of 90,000 pieces of credit card information. It was led by law enforcement authorities from Italy and Hungary and supported by their peers from both the United Kingdom and Europol. Its not immediately clear if any arrests were made.

Threat Hunting with JARM

isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/ Recently I have been testing a new tool created by the people at Salesforce. The tool is called JARM and what it does is query TLS instances (HTTPS servers and services) to create a fingerprint of their TLS configuration. Much like analyzing the nuances of network traffic can be used to fingerprint the operating system and version of a server, JARM fingerprints TLS instances to create a fingerprint which can be used to compare one TLS service to another..

github.com/salesforce/jarm

2021 Healthcare Cybersecurity Priorities: Experts Weigh In

threatpost.com/2021-healthcare-cybersecurity-priorities/161596/ Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most notably, the connectivity of everything from thermometers to defibrillators is exponentially increasing the attack surface, presenting vulnerabilities IT professionals might not even know are on their networks.

IIoT chip maker Advantech hit by ransomware, $12.5 million ransom

www.bleepingcomputer.com/news/security/iiot-chip-maker-advantech-hit-by-ransomware-125-million-ransom/ The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data. Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare solutions, with a workforce of over 8,000 people in 92 major cities around the world.

Notorious Ransomware Gang Hits Producers Of Big Brother, Master Chef And The Voice

www.forbes.com/sites/leemathews/2020/11/28/notorious-ransomware-gang-hits-producers-of-big-brother-master-chef-and-the-voice/ A ransomware gang that Microsoft warned about last November has struck yet another high-profile victim. The latest target is Endemol Shine Group, the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef and The Voice. The cybercriminals behind the DoppelPaymer ransomware have taken credit for the attack. Like many other ransomware crews, the group has taken to publicly identifying its victims on a leak site.

You might be interested in …

Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were […]

Read More

Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.