Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. . see also

www.cisa.gov/supply-chain-compromise

DHS warns of data theft risk when using Chinese products

www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/ The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the Peoples Republic of China (PRC).

Emotet Returns to Hit 100K Mailboxes Per Day

threatpost.com/emotet-returns-100k-mailboxes/162584/ Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.. After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.. see also

blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/

Lazarus covets COVID-19-related intelligence

securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research.. see also

threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/

QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities

www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/ QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.

Malware wrapped in Cyberpunk 2077

www.kaspersky.com/blog/cyberpunk-2077-ransomware/38196/ No sooner was Cyberpunk 2077 released for Windows and consoles than we came across a beta version for Android online. It was completely free to download from a site bearing the name cyberpunk2077mobile[.]com. The games actual developer has yet to announce any mobile version of the game, so we decided to investigate.

Microsoft 365 admins can now get security incident email alerts

www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/ Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution.

You might be interested in …

Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to […]

Read More

Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use. December 2020’s Most Wanted Malware: Emotet Returns as Top Malware […]

Read More

Daily NCSC-FI news followup 2021-07-14

Web shells: How can we get rid of them and why law enforcement is not really the answer www.gdatasoftware.com/blog/webshells Microsoft recorded a total of 144,000 web shell attacks between August 2020 and January 2021. Web shells are very light programmes (scripts) that hackers install to either attack affected websites or web-facing services or prepare a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.