Daily NCSC-FI news followup 2021-01-02

The Week in Ransomware – January 1st 2021 – New Year Edition

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-1st-2021-new-year-edition/ This holiday edition cover the latest ransomware news from the past two weeks, including known ransomware attacks and law enforcement takedowns. Over the past two weeks, we have seen ransomware attacks on scent and flavor designed Symrise, FreePBX developer Sangoma, trucking giant Air Forward, and home appliance maker Whirlpool,

Extracting Security Products from SUNBURST DNS Beacons

www.netresec.com/?page=Blog&month=2020-12&post=Extracting-Security-Products-from-SUNBURST-DNS-Beacons The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS queries for “avsvmcloud.com” subdomains, which is used by SUNBURST as a beacon and C2 channel.

Koronavilkku-sovellus yhteentoimivaksi muiden EU/Eta-maiden sovellusten kanssa

stm.fi/-/koronavilkku-sovellus-yhteentoimivaksi-muiden-eu-eta-maiden-sovellusten-kanssa Koronavilkku-sovelluksesta tulee yhteentoimiva muissa EU/Eta-maissa tai Sveitsissä kehitettyjen sovellusten kanssa. Päivitys tulee loppiaisen jälkeen. Lisäksi:

www.is.fi/digitoday/mobiili/art-2000007712308.html

Revenge RAT targeting users in South America

www.uptycs.com/blog/revenge-rat-targeting-users-in-south-america The Uptycs threat research team recently came across multiple document samples that download Revenge RAT. The campaign currently seems to be active in Brazil.

Pirate Site Search Traffic Tanked Following Google Updates

torrentfreak.com/pirate-site-search-traffic-tanked-following-google-updates-210101/ Pirate sites lost quite a bit of traffic in 2020. A detailed analysis of the yearly trend shows that visitors from search engines dropped by roughly a third. Interestingly, it appears that Google’s algorithm updates did most of the damage.

You might be interested in …

Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. Microsoft warns of new BlueKeeplike flaws www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in […]

Read More

Daily NCSC-FI news followup 2020-04-26

Hackers are exploiting a Sophos firewall zero-day www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/ Read also: community.sophos.com/kb/en-us/135412 and www.theregister.co.uk/2020/04/26/security_roundup_240420/. As well as: www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/ Reopen Domains: Shut the Front Dorr www.domaintools.com/resources/blog/reopen-domains-shut-the-front-dorr Update: We noticed that while working on this piece Brian Krebs posted an excellent article on the same. What can we say, but great minds think alike? Since we dug into […]

Read More

Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.