Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted. In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise.

Windows Hello is now being used by 84% of Windows 10 users

www.bleepingcomputer.com/news/microsoft/windows-hello-is-now-being-used-by-84-percent-of-windows-10-users/ Windows Hello, which is an all-in-one biometric authentication process integrated into Windows 10, is slowly growing in popularity, according to a new report from Microsoft. According to a new report from Microsoft, the number of consumers using Windows Hello to sign in to Windows 10 instead of a password grew to 84.7 percent from 69.4 percent in 2019.

Passwords begone: GitHub will ban them next year for authenticating Git operations

www.theregister.com/2020/12/17/github_bans_passwords/ Microsoft’s GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier.

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/ Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.

Ransomware’s Next Nasty Surprise: Pay Up Or We’ll Brick Your PC’s UEFI Firmware

www.forbes.com/sites/johndunn/2020/12/18/ransomwares-next-nasty-surprise-pay-up-or-well-brick-your-pcs-uefi-firmware/ After researching the discovery with research partner Eclypsium, the companies recently published an analysis of what they nicknamed TrickBoot which suggests the answer might be connected to a new and imminent type of ransomware attack.

Ransomware and Cyber-Extortion Payments Double in 2020

www.infosecurity-magazine.com/news/ransomware-extortion-payments/ The total cost of ransom payments doubled year-on-year during the first six months of 2020. Businesses have to consider the financial impact of a ransomware attack beyond the ransom payment; business interruption, loss of income and now breach damages such as compromised data. The best outcome for businesses is to have a backup and subscribe to a cyber insurance policy that covers recovery expenses and brings expertise in negotiating a ransom payment if at all needed.

You might be interested in …

[NCSC-FI News] F5 BIG-IP vulnerability is now being used to disable servers

As we reported a few days ago, a F5 BIG-IP vulnerability listed as CVE-2022-1388 is actively being exploited. But now researchers have noticed that attackers aren’t just taking control of the vulnerable servers but also making them unusable by destroying the device’s file system While destroying the file system of the device may seem worse […]

Read More

Daily NCSC-FI news followup 2021-04-28

Jos puhelin näyttää tällaisen ilmoituksen, älä missään nimessä vastaa myöntävästi www.is.fi/digitoday/tietoturva/art-2000007945801.html Verkkosivuilta Android-puhelimiin syötetyt haittaohjelmat ovat yleinen riesa. Opi tunnistamaan tilanteet, joissa puhelimellesi yritetään ujuttaa ulkopuolisia sovelluksia. Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware thehackernews.com/2021/04/cybercriminals-widely-abusing-excel-40.html Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as […]

Read More

[NCSC-FI News] The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion

Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.