Daily NCSC-FI news followup 2020-12-02

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will demonstrate, with code examples, how Speakeasy can be used programmatically.

Russian hacking group uses Dropbox to store malware-stolen data

www.bleepingcomputer.com/news/security/russian-hacking-group-uses-dropbox-to-store-malware-stolen-data/ Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country. The previously unknown malware framework, named Crutch by its authors, was used in campaigns spanning from 2015 to at least early 2020.

Here’s how the Government is moving to detect, trace and block scam calls

www.abc.net.au/news/2020-12-02/sick-of-scam-calls-government-industry-code-paul-fletcher/12940202 Have you been targeted by scammers this year? You’re not alone. Australians have lost almost $36 million to scam calls in 2020 so far. Even the Federal Communications Minister himself has received one. “Just about everyone has experienced them, I certainly have,” Paul Fletcher told the ABC. “At best they’re annoying, at worst they involve substantial fraud.” So, what are the main types of scams? This year, the Government has been focused on tackling three major scams. Let’s take a look at what they involve.

Cyberattackers could trick scientists into producing dangerous substances

www.welivesecurity.com/2020/12/01/cyberattackers-could-trick-scientists-producing-toxins/ Researchers have described a theoretical cyberattack that could be used to dupe unsuspecting scientists into producing dangerous biological substances, toxins and synthetic viruses. The paper, authored by researchers from Israels Ben-Gurion University of the Negev, sheds light on the potential risks of cyberattackers leveraging malware to subvert a scientists computer and interfere with the DNA synthesis process.

Account Hijacking Site OGUsers Hacked, Again

krebsonsecurity.com/2020/12/account-hijacking-site-ogusers-hacked-again/ For at least the third time in its existence, OGUsers a forum overrun with people looking to buy, sell and trade access to compromised social media accounts has been hacked. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forums user database had been compromised. The hack was acknowledged by the forums current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack.

An iOS zero-click radio proximity exploit odyssey

googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I’ve been working on a magic spell of my own. No, sadly not an incantation to convince the kids to sleep in until 9am every morning, but instead a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.

Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years

thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed “Crutch” by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and military organizations through various watering hole and spear-phishing campaigns.. Also:



Brazilian aerospace firm Embraer hit by cyberattack

www.zdnet.com/article/brazilian-aerospace-firm-embraer-hit-by-cyberattack/ Brazilian aerospace and defence group Embraer has been targeted by a cyberattack that has impacted the company’s operations. According to a statement released by the global firm on Monday (30) the attack resulted in the “disclosure of data allegedly attributed to the company”. The incident was reported five days after it took place to the Brazilian Securities and Exchange Commission. The Brazilian legislation requires immediate reporting of problems such as cyber attacks.

Harmin paikka: suomalaishakkereiden vuoden kohokohta peruuntuu

www.tivi.fi/uutiset/tv/c065be5b-729e-4ae6-bd82-5f4d073dff79 Tietoturva-alan Disobey-tapahtuma on peruttu ensi vuoden alusta. Seuraavan kerran tapahtuma järjestetään helmikuun 18.-19. päivänä 2022. Tapahtumanjärjestäjät kertovat verkkosivuillaan päätöksen taustoista. Suomen pandemiatilanteen mukaan tapahtumarajoitukset ovat kiristyneet. Vaikka rokote saataisiin pian, menee sen jakelemiseen 2-3 kuukautta. Siksi järjestäjät eivät usko, että kaikki osallistujat olisivat voineet saada rokotuksen ajoissa ennen tapahtumaan osallistumista.

Open source software security vulnerabilities exist for over four years before detection

www.zdnet.com/article/open-source-software-security-vulnerabilities-exist-for-over-four-years-before-detection-study/ It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say. According to GitHub’s annual State of the Octoverse report, published on Wednesday, reliance on open source projects, components, and libraries is more common than ever. Over the course of 2020, GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created — and over 1.9 billion contributions added — over the course of the year.

A Broken Piece of Internet Backbone Might Finally Get Fixed

www.wired.com/story/bgp-routing-manrs-google-fix/ THIS SPRING, SERVICES from heavy hitters like Google and Facebook seemed glitchy or inaccessible for people worldwide for more than an hour. But it wasn’t a hack, or even a glitch at any one organization. It was the latest mishap to stem from design weaknesses in the “Border Gateway Protocol,” the internet’s foundational, universal routing system. Now, after years of slow progress implementing improvements and safeguards, a coalition of internet infrastructure partners is finally turning a corner in its fight to make BGP more secure.

Inside North Korea’s Rapid Evolution to Cyber Superpower

www.darkreading.com/threat-intelligence/inside-north-koreas-rapid-evolution-to-cyber-superpower/d/d-id/1339574 t took only a few years for North Korea to advance its cyber capabilities from solely destructive campaigns to sophisticated technical operations. This shift puts North Korea in competition with top nation-state groups and reveals strategic changes in how it plans to support its regime. “[To say] I’m intrigued is an understatement by what they’ve done over the years,” says Josh Burgess, technical lead and threat intelligence adviser at CrowdStrike. “I’ve been watching them at least six to seven years, personally, as they progress through their malware campaigns: how they’ve grown, how they’ve evolved, how they’ve done what they’ve done.”

You might be interested in …

Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source: www.clearskysec.com/fox-kitten/ Austria: Cyber attack on the Foreign Ministry is over www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2020-12-29

Kyberisku plastiikkakirurgiseen sairaalaan kiristäjät uhkaavat julkaista intiimikuvat www.is.fi/digitoday/tietoturva/art-2000007709054.html Britanniassa paljastunut hyökkäys on uusi esimerkki siitä, miten ihmisten arkaluonteiset tiedot voivat päätyä kiristysmateriaaliksi. Asiasta kertoo BBC. Japanese Aerospace Firm Kawasaki Warns of Data Breach threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/ The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. US […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.