Daily NCSC-FI news followup 2021-01-22

Weekly Threat Report 22nd January 2021

www.ncsc.gov.uk/report/weekly-threat-report-22nd-january-2021 The NCSC’s weekly threat report is drawn from recent open source reporting.

A look at the NIS 2.0 Recitals


Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/ Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed.

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop


DDoS-Guard To Forfeit Internet Space Occupied by Parler

krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/ Parler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from their stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients including the Internet addresses currently occupied by Parler.

Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking

www.ncsc.gov.uk/report/responsible-use-of-bgp-for-isp-interworking Technical report on best practice use of this fundamental data routing protocol.

Can you help improve the Cyber Security Toolkit for Boards?

www.ncsc.gov.uk/blog-post/help-improve-the-board-toolkit Your chance to be part of the research that will shape the next iteration of the NCSC’s Board Toolkit.

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

threatpost.com/sql-server-malware-tied-to-iranian-software-firm-researchers-allege/163230/ Researchers have traced the origins of a campaign infecting SQL servers to mine cryptocurrency back to an Iranian software firm.

Breach Data Shows Attackers Switched Gears in 2020

www.darkreading.com/attacks-breaches/breach-data-shows-attackers-switched-gears-in-2020/d/d-id/1339949 Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.

It’s 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now


New SAP Exploit Published Online: How to Stay Secure?

onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure The Onapsis Research Labs has identified a functional exploit affecting SAP which was published on GitHub, making it publicly available for malicious purposes. This is a fully-functional exploit that abuses CVE-2020-6207 vulnerability, a missing authentication check in EEM Manager, a component of SAP Solution Manager (SolMan). A successful attack exploiting this vulnerability would put an organization’s mission-critical SAP applications, business process and data at riskimpacting cybersecurity and regulatory compliance.

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

threatpost.com/threat-actors-can-exploit-windows-rdp-servers-to-amplify-ddos-attacks/163248/ Netscout researchers identify more than 14, 000 existing servers that can be abused by the general attack population’ to flood organizations’ networks with traffic. Read also:


MyFreeCams site hacked to steal info of 2 million paying users

www.bleepingcomputer.com/news/security/myfreecams-site-hacked-to-steal-info-of-2-million-paying-users/ A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.

Drupal releases fix for critical vulnerability with known exploits

www.bleepingcomputer.com/news/security/drupal-releases-fix-for-critical-vulnerability-with-known-exploits/ Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild.

Necro is going to version 3 and using PyInstaller and DGA

blog.netlab.360.com/necro/ Necro is a classic family of botnet written in Python that was first discovered in 2015, at the beginning, it targeted Windows systems and often tagged by security vendors as Python.IRCBot and called N3Cr0m0rPh (Necromorph) by the author himself.

Uudet tiedot: Vastaamon potilaiden tiedot olivat ehkä jopa vuosia suojaamatta netissä tietoturva-asiantuntija: “Älyvapaata”

yle.fi/uutiset/3-11750220 Vastaamon perustaja Ville Tapio vierittää vastuuta tietomurrosta entisten alaistensa niskoille.

After big hack of U.S. government, Biden enlists ‘world class’ cybersecurity team

www.reuters.com/article/us-usa-biden-cyber-idUSKBN29R18I President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Read also:


MITRE ATT&CK: The Magic of Segmentation

blogs.cisco.com/security/mitre-attck-the-magic-of-segmentation In cybersecurity, nation states, cyber criminals, hacktivists, and rogue employees are the usual suspects. They fit nicely into categories like external attackers or insider threats.

Microsoft Edge goes homomorphic: Nobody will see your credentials… but you’ll need to sign in to use it

www.theregister.com/2021/01/22/edge_password_monitor/ Has your password been pwned? MS browser will tell you

CSC harjoittelee myös pahan varalle

www.csc.fi/fi/-/csc-harjoittelee-my%C3%B6s-pahan-varalle CSC on osallistunut yritysten ja viranomaisten kansalliseen TIETO20-yhteistoimintaharjoitukseen laajojen kyberhäiriöiden varalta. Lue myös


Bugs Allowed Hackers to Hijack Kindle Accounts With Malicious Ebooks


US administration adds “subliminal” ad to White House website

nakedsecurity.sophos.com/2021/01/22/us-administration-adds-subliminal-ad-to-white-house-website/ Hidden messages, features or jokes in apps and websites are commonly known in hacker jargon as easter eggs, because they’re supposed to be found and enjoyed, but they’re not supposed to be immediately obvious.

Watchdog Warns Adtech That It’s Set For More Scrutiny

www.forbes.com/sites/emmawoollacott/2021/01/22/watchdog-warns-adtech-that-its-set-for-more-scrutiny/ex The UK’s data watchdog is resuming its investigation over the use of real-time bidding (RTB) in the adtech industry – but observers fear it won’t take meaningful action any time soon.

Hackers publish thousands of files after government agency refuses to pay ransom

www.zdnet.com/article/hackers-publish-thousands-of-files-after-government-agency-refuses-to-pay-ransom/ Ransomware gang publishes stolen data after Scottish Environment Protection Agency (SEPA) refuses to pay ransom – as agency confirms operations remain disrupted.

New website launched to document vulnerabilities in malware strains

www.zdnet.com/article/new-website-launched-to-document-vulnerabilities-in-malware-strains/ Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now


SEC calls out dubious cryptocurrency traders, miners soliciting customers worldwide

www.zdnet.com/article/sec-calls-out-dubious-cryptocurrency-exchanges-miners-soliciting-customers-worldwide/ The companies mentioned are considered “misleading” or impersonators of genuine businesses. Read also:


QNAP warns users to secure NAS devices against Dovecat malware

www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-nas-devices-against-dovecat-malware/ QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. Read also:


Belgian Hospital Reroutes Critical Patients after Cyberattack

hotforsecurity.bitdefender.com/blog/belgian-hospital-reroutes-critical-patients-after-cyberattack-25165.html On Sunday evening, the CHwapi hospital in Belgium suffered a cyberattack that prompted the facility to redirect emergency patients to other hospitals and delay surgical procedures. As reported by local media group L’Avenir, 80 of the hospital center’s 300 servers were affected by the attack, forcing staff and nurses to abandon digital entries and turn to pen and paper for patient assessments. Patient data was not compromised, according to CHwapi.

You might be interested in …

Daily NCSC-FI news followup 2019-08-24

Kyberhyökkäykset ravistelevat suomalaiskuntia Tampere: “Harjoittelemme säännöllisesti” www.tivi.fi/uutiset/tv/d884768a-4cba-4abb-b990-64620669935d Sähköpostihuijareiden toimintatapoja tarkemmin – eiliseen 80 huijarin kiinniottoon liittyvä analyysi garwarner.blogspot.com/2019/08/los-angeles-court-charges-80-nigerians.html Fortnite-pelin huijausohjelma sisältääkin haittaohjelman ja vaatii lunnaat www.kaspersky.com/blog/ransomware-in-fortnite-cheats/28104/ FireEyen tuore raportti sote-sektorin toistuvasta kohdennuksesta ja altistumisesta tietovuodoille www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Facebook jakoi vuosittaisen Internet Defence Prize -palkintonsa saksalaisille tutkijoille: 100’000 USD uudesta suojausmekanismista. www.zdnet.com/article/facebook-awards-100000-prize-for-new-code-isolation-technique/ Esineiden internet: älyuunit päälle keskellä […]

Read More

Daily NCSC-FI news followup 2019-09-22

Act Platform : Open Platform For Collection & Exchange Of Threat Intelligence Information kalilinuxtutorials.com/act-platform-semi-automated-cyber-threat-intelligence/ Semi-Automated Cyber Threat Intelligence or ACT is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT.. Read also: www.first.org/resources/papers/london2019/Training-The-ACT-Threat-Intelligenve-Platform-Eian.pdf. Read also: github.com/mnemonic-no/act-platform We All Could Pay […]

Read More

Daily NCSC-FI news followup 2020-11-10

With Great Power comes Great Leakage platypusattack.com/ With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor’s power consumption to infer data and extract cryptographic keys. Lisäksi: www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus. Lisäksi: arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/. Lisäksi: www.theregister.com/2020/11/10/intel_sgx_side_channel/ Microsoft Releases November 2020 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.