Daily NCSC-FI news followup 2020-12-02

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will demonstrate, with code examples, how Speakeasy can be used programmatically.

Russian hacking group uses Dropbox to store malware-stolen data

www.bleepingcomputer.com/news/security/russian-hacking-group-uses-dropbox-to-store-malware-stolen-data/ Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country. The previously unknown malware framework, named Crutch by its authors, was used in campaigns spanning from 2015 to at least early 2020.

Here’s how the Government is moving to detect, trace and block scam calls

www.abc.net.au/news/2020-12-02/sick-of-scam-calls-government-industry-code-paul-fletcher/12940202 Have you been targeted by scammers this year? You’re not alone. Australians have lost almost $36 million to scam calls in 2020 so far. Even the Federal Communications Minister himself has received one. “Just about everyone has experienced them, I certainly have,” Paul Fletcher told the ABC. “At best they’re annoying, at worst they involve substantial fraud.” So, what are the main types of scams? This year, the Government has been focused on tackling three major scams. Let’s take a look at what they involve.

Cyberattackers could trick scientists into producing dangerous substances

www.welivesecurity.com/2020/12/01/cyberattackers-could-trick-scientists-producing-toxins/ Researchers have described a theoretical cyberattack that could be used to dupe unsuspecting scientists into producing dangerous biological substances, toxins and synthetic viruses. The paper, authored by researchers from Israels Ben-Gurion University of the Negev, sheds light on the potential risks of cyberattackers leveraging malware to subvert a scientists computer and interfere with the DNA synthesis process.

Account Hijacking Site OGUsers Hacked, Again

krebsonsecurity.com/2020/12/account-hijacking-site-ogusers-hacked-again/ For at least the third time in its existence, OGUsers a forum overrun with people looking to buy, sell and trade access to compromised social media accounts has been hacked. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forums user database had been compromised. The hack was acknowledged by the forums current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack.

An iOS zero-click radio proximity exploit odyssey

googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I’ve been working on a magic spell of my own. No, sadly not an incantation to convince the kids to sleep in until 9am every morning, but instead a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.

Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years

thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed “Crutch” by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and military organizations through various watering hole and spear-phishing campaigns.. Also:

threatpost.com/turla-backdoor-dropbox-espionage-attacks/161777/.

www.zdnet.com/article/cyber-espionage-campaign-opens-backdoor-to-steal-documents-from-infected-pcs/

Brazilian aerospace firm Embraer hit by cyberattack

www.zdnet.com/article/brazilian-aerospace-firm-embraer-hit-by-cyberattack/ Brazilian aerospace and defence group Embraer has been targeted by a cyberattack that has impacted the company’s operations. According to a statement released by the global firm on Monday (30) the attack resulted in the “disclosure of data allegedly attributed to the company”. The incident was reported five days after it took place to the Brazilian Securities and Exchange Commission. The Brazilian legislation requires immediate reporting of problems such as cyber attacks.

Harmin paikka: suomalaishakkereiden vuoden kohokohta peruuntuu

www.tivi.fi/uutiset/tv/c065be5b-729e-4ae6-bd82-5f4d073dff79 Tietoturva-alan Disobey-tapahtuma on peruttu ensi vuoden alusta. Seuraavan kerran tapahtuma järjestetään helmikuun 18.-19. päivänä 2022. Tapahtumanjärjestäjät kertovat verkkosivuillaan päätöksen taustoista. Suomen pandemiatilanteen mukaan tapahtumarajoitukset ovat kiristyneet. Vaikka rokote saataisiin pian, menee sen jakelemiseen 2-3 kuukautta. Siksi järjestäjät eivät usko, että kaikki osallistujat olisivat voineet saada rokotuksen ajoissa ennen tapahtumaan osallistumista.

Open source software security vulnerabilities exist for over four years before detection

www.zdnet.com/article/open-source-software-security-vulnerabilities-exist-for-over-four-years-before-detection-study/ It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say. According to GitHub’s annual State of the Octoverse report, published on Wednesday, reliance on open source projects, components, and libraries is more common than ever. Over the course of 2020, GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created — and over 1.9 billion contributions added — over the course of the year.

A Broken Piece of Internet Backbone Might Finally Get Fixed

www.wired.com/story/bgp-routing-manrs-google-fix/ THIS SPRING, SERVICES from heavy hitters like Google and Facebook seemed glitchy or inaccessible for people worldwide for more than an hour. But it wasn’t a hack, or even a glitch at any one organization. It was the latest mishap to stem from design weaknesses in the “Border Gateway Protocol,” the internet’s foundational, universal routing system. Now, after years of slow progress implementing improvements and safeguards, a coalition of internet infrastructure partners is finally turning a corner in its fight to make BGP more secure.

Inside North Korea’s Rapid Evolution to Cyber Superpower

www.darkreading.com/threat-intelligence/inside-north-koreas-rapid-evolution-to-cyber-superpower/d/d-id/1339574 t took only a few years for North Korea to advance its cyber capabilities from solely destructive campaigns to sophisticated technical operations. This shift puts North Korea in competition with top nation-state groups and reveals strategic changes in how it plans to support its regime. “[To say] I’m intrigued is an understatement by what they’ve done over the years,” says Josh Burgess, technical lead and threat intelligence adviser at CrowdStrike. “I’ve been watching them at least six to seven years, personally, as they progress through their malware campaigns: how they’ve grown, how they’ve evolved, how they’ve done what they’ve done.”

You might be interested in …

Daily NCSC-FI news followup 2020-04-01

Holy water: ongoing targeted water-holing attack in Asia securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/ The threat actors unsophisticated but creative toolset has been evolving a lot since the inception date, may still be in development, and leverages Sojson obfuscation, NSIS installer, Python, open-source code, GitHub distribution, Go language, as well as Google Drive-based C2 channels. Zoom Client Leaks Windows Login […]

Read More

Daily NCSC-FI news followup 2020-02-01

Exercise Crossed Swords 2020 Reached New Levels of Multinational and Interdisciplinary Cooperation ccdcoe.org/news/2020/exercise-crossed-swords-2020-reached-new-levels-of-multinational-and-interdisciplinary-cooperation/ The 6th iteration of the annual cyber exercise Crossed Swords in Riga, Latvia, brought together more than 120 technical experts, Cyber Commands´ members, Special Forces operators and military police. Organized jointly by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and […]

Read More

Daily NCSC-FI news followup 2020-08-05

Defending the Oil and Gas Industry Against Cyber Threats securityintelligence.com/posts/oil-gas-security/ The oil and gas industry is one of the most powerful financial sectors in the world, critical to global and national economies. Therefore, this industry is a valuable target for adversaries seeking to exploit Industrial Control Systems (ICS) vulnerabilities. As the recent increase in attacks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.