Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection

www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use.

December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat

blog.malwarebytes.com/reports/2021/01/funke-media-group-suffers-nationwide-ransomware-attack-in-germany/ Our latest Global Threat Index for December 2020 has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of organizations globally, following a spam campaign which targeted over 100, 000 users per day during the holiday season.

Funke Media Group suffers nationwide ransomware attack in Germany

www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several local radio stations, and online news portals. It reaches over 3 million readers on a daily basis.

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

us-cert.cisa.gov/ncas/current-activity/2021/01/07/mozilla-releases-security-updates-firefox-firefox-android-and Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

Google Releases Security Updates for Chrome

us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks

www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ Hackers are being invited to uncover cybersecurity vulnerabilities in the computer systems used by the US military as part of the ‘Hack the Army’ bug county challenge.

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise

us-cert.cisa.gov/ncas/current-activity/2021/01/06/cisa-updates-emergency-directive-21-01-supplemental-guidance-and CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020

www.zdnet.com/article/cobalt-strike-and-metasploit-accounted-for-a-quarter-of-all-malware-c-c-servers-in-2020 Cobalt Strike and Metasploit, two penetration testing toolkits usually employed by security researchers, have been used to host more than a quarter of all the malware command and control (C&C) servers that have been deployed in 2020, threat intelligence firm Recorded Future said in a report today. Lisäksi:

www.recordedfuture.com/2020-adversary-infrastructure-report/

Feds Issue Recommendations for Maritime Cybersecurity

threatpost.com/feds-recommendations-maritime-cybersecurity/162804/ The White House has released cybersecurity guidance for securing the Maritime Transportation System (MTS), which operates along 25, 000 miles of coastal and inland waterways in the United States.

Twitter locks Trump out of his account for at least 12 hours

techcrunch.com/2021/01/06/twitter-locks-trump-out-of-his-account-for-at-least-12-hours/ In a reversal of its long standing policy, Twitter has locked the President of the United States’ Twitter account and forced the removal of three offending tweets.

You might be interested in …

Daily NCSC-FI news followup 2021-03-05

PLEASE LEAVE AN EXPLOIT AFTER THE BEEP www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep In January 2021, Dubex investigated suspicious activity on a set of Exchange servers. Generic post exploitation activity was seen, and many POST requests were sent to webshells hosted in the OWA directory. It was initially suspected the servers might be backdoored directly through the OWA and that […]

Read More

Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also: thehackernews.com/2020/07/iranian-hacking-training-videos.html, arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/ Can the exfiltration of personal data by web trackers be stopped? freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of […]

Read More

Daily NCSC-FI news followup 2020-10-22

Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin arkaluontoisia potilaskertomuksia yle.fi/uutiset/3-11606925 Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja potilaskertomukset.. katso myös www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi Toimi näin, jos epäilet joutuneesi tietovuodon uhriksi yle.fi/uutiset/3-11608585 Kyberturvallisuuskeskus ja rikosuhripäivystys ovat koonneet toimintaohjeet tietovuodon uhriksi joutuneille.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/neuvoja-identiteettivarkauden-tai-tietovuodon-uhrille US govt: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.