Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection

www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use.

December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat

blog.malwarebytes.com/reports/2021/01/funke-media-group-suffers-nationwide-ransomware-attack-in-germany/ Our latest Global Threat Index for December 2020 has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of organizations globally, following a spam campaign which targeted over 100, 000 users per day during the holiday season.

Funke Media Group suffers nationwide ransomware attack in Germany

www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several local radio stations, and online news portals. It reaches over 3 million readers on a daily basis.

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

us-cert.cisa.gov/ncas/current-activity/2021/01/07/mozilla-releases-security-updates-firefox-firefox-android-and Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

Google Releases Security Updates for Chrome

us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks

www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ Hackers are being invited to uncover cybersecurity vulnerabilities in the computer systems used by the US military as part of the ‘Hack the Army’ bug county challenge.

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise

us-cert.cisa.gov/ncas/current-activity/2021/01/06/cisa-updates-emergency-directive-21-01-supplemental-guidance-and CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020

www.zdnet.com/article/cobalt-strike-and-metasploit-accounted-for-a-quarter-of-all-malware-c-c-servers-in-2020 Cobalt Strike and Metasploit, two penetration testing toolkits usually employed by security researchers, have been used to host more than a quarter of all the malware command and control (C&C) servers that have been deployed in 2020, threat intelligence firm Recorded Future said in a report today. Lisäksi:

www.recordedfuture.com/2020-adversary-infrastructure-report/

Feds Issue Recommendations for Maritime Cybersecurity

threatpost.com/feds-recommendations-maritime-cybersecurity/162804/ The White House has released cybersecurity guidance for securing the Maritime Transportation System (MTS), which operates along 25, 000 miles of coastal and inland waterways in the United States.

Twitter locks Trump out of his account for at least 12 hours

techcrunch.com/2021/01/06/twitter-locks-trump-out-of-his-account-for-at-least-12-hours/ In a reversal of its long standing policy, Twitter has locked the President of the United States’ Twitter account and forced the removal of three offending tweets.

You might be interested in …

Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa US aerospace services provider breached by Maze Ransomware www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached […]

Read More

Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla. Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty […]

Read More

Daily NCSC-FI news followup 2019-11-30

How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if youve never used Disney+ or NordVPN. medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 New Chrome Password Stealer Sends Stolen Data to a MongoDB Database www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/ A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.