Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted. In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise.

Windows Hello is now being used by 84% of Windows 10 users

www.bleepingcomputer.com/news/microsoft/windows-hello-is-now-being-used-by-84-percent-of-windows-10-users/ Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity, according to a new report from Microsoft. According to a new report from Microsoft, the number of consumers using Windows Hello to sign in to Windows 10 instead of a password grew to 84.7 percent from 69.4 percent in 2019.

Passwords begone: GitHub will ban them next year for authenticating Git operations

www.theregister.com/2020/12/17/github_bans_passwords/ Microsoft’s GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier.

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/ Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.

Ransomware’s Next Nasty Surprise: Pay Up Or We’ll Brick Your PC’s UEFI Firmware

www.forbes.com/sites/johndunn/2020/12/18/ransomwares-next-nasty-surprise-pay-up-or-well-brick-your-pcs-uefi-firmware/ After researching the discovery with research partner Eclypsium, the companies recently published an analysis of what they nicknamed TrickBoot which suggests the answer might be connected to a new and imminent type of ransomware attack.

Ransomware and Cyber-Extortion Payments Double in 2020

www.infosecurity-magazine.com/news/ransomware-extortion-payments/ The total cost of ransom payments doubled year-on-year during the first six months of 2020. Businesses have to consider the financial impact of a ransomware attack beyond the ransom payment; business interruption, loss of income and now breach damages such as compromised data. The best outcome for businesses is to have a backup and subscribe to a cyber insurance policy that covers recovery expenses and brings expertise in negotiating a ransom payment if at all needed.

You might be interested in …

Daily NCSC-FI news followup 2020-04-13

How to protect yourself from cyberattacks that exploit Covid-19 www.pandasecurity.com/mediacenter/business/cyberattacks-exploit-covid-19/ The current coronavirus COVID-19 pandemic is changing the business landscape. The most immediate change that has been seen in many countries is the sudden increase in the amount of people working from home. Because of this change, the attack surface has increased significantly, forcing companies […]

Read More

Daily NCSC-FI news followup 2019-06-27

Firefox Will Give You a Fake Browsing History to Fool Advertisers www.vice.com/en_us/article/43j8qm/firefox-will-give-you-a-fake-browsing-history-to-fool-advertisers Using the ‘Track THIS’ tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. Google Public DNS over HTTPS (DoH) supports RFC 8484 standard security.googleblog.com/2019/06/google-public-dns-over-https-doh.html Ever since […]

Read More

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.