Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted. In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise.

Windows Hello is now being used by 84% of Windows 10 users

www.bleepingcomputer.com/news/microsoft/windows-hello-is-now-being-used-by-84-percent-of-windows-10-users/ Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity, according to a new report from Microsoft. According to a new report from Microsoft, the number of consumers using Windows Hello to sign in to Windows 10 instead of a password grew to 84.7 percent from 69.4 percent in 2019.

Passwords begone: GitHub will ban them next year for authenticating Git operations

www.theregister.com/2020/12/17/github_bans_passwords/ Microsoft’s GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier.

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/ Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.

Ransomware’s Next Nasty Surprise: Pay Up Or We’ll Brick Your PC’s UEFI Firmware

www.forbes.com/sites/johndunn/2020/12/18/ransomwares-next-nasty-surprise-pay-up-or-well-brick-your-pcs-uefi-firmware/ After researching the discovery with research partner Eclypsium, the companies recently published an analysis of what they nicknamed TrickBoot which suggests the answer might be connected to a new and imminent type of ransomware attack.

Ransomware and Cyber-Extortion Payments Double in 2020

www.infosecurity-magazine.com/news/ransomware-extortion-payments/ The total cost of ransom payments doubled year-on-year during the first six months of 2020. Businesses have to consider the financial impact of a ransomware attack beyond the ransom payment; business interruption, loss of income and now breach damages such as compromised data. The best outcome for businesses is to have a backup and subscribe to a cyber insurance policy that covers recovery expenses and brings expertise in negotiating a ransom payment if at all needed.

You might be interested in …

Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February […]

Read More

Daily NCSC-FI news followup 2021-07-10

Cyber-attack disrupts Irans national railway system therecord.media/cyber-attack-disrupts-irans-national-railway-system/ Train services were canceled or delayed in Iran after a cyberattack crippled the national railway companys computer systems on Friday morning. The exact nature of the disruption is unclear, but the outage affected both passenger and cargo transportation services. According to multiple local media outlets, the system used […]

Read More

Daily NCSC-FI news followup 2019-12-11

How we turned 5G into 5k medium.com/sensorfu/how-we-turned-5g-into-5k-a8636b549248 Hacking is a good way to learn and hackathons are a great place to learn with other like-minded people. And that was exactly what we had in mind when we invited our friends and signed in as a team to the first 5G hackathon in the world. We […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.