Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel

www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an incident involves taking a dive into whatever type of data we are presented with, learning about it, and developing an efficient way to analyze the important evidence.

Hacker used ransomware to lock victims in their IoT chastity belt

www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/ The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes. Users of the Bluetooth-controlled Qiui Cellmate chastity device were targets of an attack with this malware last year after security researchers found a vulnerability in the toy that allowed locking it remotely.

Maldoc Strings Analysis

isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ As I announced in my diary entry “Strings 2021”, I will write some diary entries following a simpler method of malware analysis, namely looking for strings inside malicious files using the strings command. Of course, this simple method will not work for most malware samples, but I still see enough samples for which this method will work. Like this recent malicious Word document. When you analyze this sample with oledump.py, you will find an obfuscated PowerShell command inside the content of the Word document.

Some ransomware gangs are going after top execs to pressure companies into paying

www.zdnet.com/article/some-ransomware-gangs-are-going-after-top-execs-to-pressure-companies-into-paying/ A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier this week during a phone call with a company that paid a multi-million dollar ransom to the Clop ransomware gang.

Russias SolarWinds Attack and Software Security

www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses ­primarily through a malicious update of the SolarWinds network management software ­may have slipped under most peoples radar during the holiday season, but its implications are stunning.

You might be interested in …

Daily NCSC-FI news followup 2019-08-30

Phishers are Angling for Your Cloud Providers krebsonsecurity.com/2019/08/phishers-are-angling-for-your-cloud-providers/ Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the clients brand and their customers. Heres a look at a recent CRM-based phishing […]

Read More

Daily NCSC-FI news followup 2021-01-11

Sunburst backdoor code overlaps with Kazuar securelist.com/sunburst-backdoor-kazuar/99981/ On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named Dark Halo. FireEye did not link […]

Read More

Daily NCSC-FI news followup 2019-06-08

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover threatpost.com/amcrest-critical-security-issues/145507/ Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade ($50) Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the six security flaws in the IPM-721S […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.