Daily NCSC-FI news followup 2021-01-22

Weekly Threat Report 22nd January 2021

www.ncsc.gov.uk/report/weekly-threat-report-22nd-january-2021 The NCSC’s weekly threat report is drawn from recent open source reporting.

A look at the NIS 2.0 Recitals

cert.at/en/blog/2021/1/nis2-recitals-feedback

Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/ Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed.

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

DDoS-Guard To Forfeit Internet Space Occupied by Parler

krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/ Parler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from their stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients including the Internet addresses currently occupied by Parler.

Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking

www.ncsc.gov.uk/report/responsible-use-of-bgp-for-isp-interworking Technical report on best practice use of this fundamental data routing protocol.

Can you help improve the Cyber Security Toolkit for Boards?

www.ncsc.gov.uk/blog-post/help-improve-the-board-toolkit Your chance to be part of the research that will shape the next iteration of the NCSC’s Board Toolkit.

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

threatpost.com/sql-server-malware-tied-to-iranian-software-firm-researchers-allege/163230/ Researchers have traced the origins of a campaign infecting SQL servers to mine cryptocurrency back to an Iranian software firm.

Breach Data Shows Attackers Switched Gears in 2020

www.darkreading.com/attacks-breaches/breach-data-shows-attackers-switched-gears-in-2020/d/d-id/1339949 Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.

It’s 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now

www.theregister.com/2021/01/22/cisco_critical_vulnerabilities/

New SAP Exploit Published Online: How to Stay Secure?

onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure The Onapsis Research Labs has identified a functional exploit affecting SAP which was published on GitHub, making it publicly available for malicious purposes. This is a fully-functional exploit that abuses CVE-2020-6207 vulnerability, a missing authentication check in EEM Manager, a component of SAP Solution Manager (SolMan). A successful attack exploiting this vulnerability would put an organization’s mission-critical SAP applications, business process and data at riskimpacting cybersecurity and regulatory compliance.

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

threatpost.com/threat-actors-can-exploit-windows-rdp-servers-to-amplify-ddos-attacks/163248/ Netscout researchers identify more than 14, 000 existing servers that can be abused by the general attack population’ to flood organizations’ networks with traffic. Read also:

www.bleepingcomputer.com/news/security/windows-remote-desktop-servers-now-used-to-amplify-ddos-attacks/

MyFreeCams site hacked to steal info of 2 million paying users

www.bleepingcomputer.com/news/security/myfreecams-site-hacked-to-steal-info-of-2-million-paying-users/ A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.

Drupal releases fix for critical vulnerability with known exploits

www.bleepingcomputer.com/news/security/drupal-releases-fix-for-critical-vulnerability-with-known-exploits/ Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild.

Necro is going to version 3 and using PyInstaller and DGA

blog.netlab.360.com/necro/ Necro is a classic family of botnet written in Python that was first discovered in 2015, at the beginning, it targeted Windows systems and often tagged by security vendors as Python.IRCBot and called N3Cr0m0rPh (Necromorph) by the author himself.

Uudet tiedot: Vastaamon potilaiden tiedot olivat ehkä jopa vuosia suojaamatta netissä tietoturva-asiantuntija: “Älyvapaata”

yle.fi/uutiset/3-11750220 Vastaamon perustaja Ville Tapio vierittää vastuuta tietomurrosta entisten alaistensa niskoille.

After big hack of U.S. government, Biden enlists ‘world class’ cybersecurity team

www.reuters.com/article/us-usa-biden-cyber-idUSKBN29R18I President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Read also:

www.databreachtoday.in/interviews/analysis-how-will-biden-address-cybersecurity-challenges-i-4829

MITRE ATT&CK: The Magic of Segmentation

blogs.cisco.com/security/mitre-attck-the-magic-of-segmentation In cybersecurity, nation states, cyber criminals, hacktivists, and rogue employees are the usual suspects. They fit nicely into categories like external attackers or insider threats.

Microsoft Edge goes homomorphic: Nobody will see your credentials… but you’ll need to sign in to use it

www.theregister.com/2021/01/22/edge_password_monitor/ Has your password been pwned? MS browser will tell you

CSC harjoittelee myös pahan varalle

www.csc.fi/fi/-/csc-harjoittelee-my%C3%B6s-pahan-varalle CSC on osallistunut yritysten ja viranomaisten kansalliseen TIETO20-yhteistoimintaharjoitukseen laajojen kyberhäiriöiden varalta. Lue myös

www.tivi.fi/uutiset/tv/5429057c-56e6-474b-8f96-4406e5a40465

Bugs Allowed Hackers to Hijack Kindle Accounts With Malicious Ebooks

www.vice.com/en/article/93wgzy/bugs-allowed-hackers-to-hack-kindle-accounts-with-malicious-ebooks

US administration adds “subliminal” ad to White House website

nakedsecurity.sophos.com/2021/01/22/us-administration-adds-subliminal-ad-to-white-house-website/ Hidden messages, features or jokes in apps and websites are commonly known in hacker jargon as easter eggs, because they’re supposed to be found and enjoyed, but they’re not supposed to be immediately obvious.

Watchdog Warns Adtech That It’s Set For More Scrutiny

www.forbes.com/sites/emmawoollacott/2021/01/22/watchdog-warns-adtech-that-its-set-for-more-scrutiny/ex The UK’s data watchdog is resuming its investigation over the use of real-time bidding (RTB) in the adtech industry – but observers fear it won’t take meaningful action any time soon.

Hackers publish thousands of files after government agency refuses to pay ransom

www.zdnet.com/article/hackers-publish-thousands-of-files-after-government-agency-refuses-to-pay-ransom/ Ransomware gang publishes stolen data after Scottish Environment Protection Agency (SEPA) refuses to pay ransom – as agency confirms operations remain disrupted.

New website launched to document vulnerabilities in malware strains

www.zdnet.com/article/new-website-launched-to-document-vulnerabilities-in-malware-strains/ Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

www.zdnet.com/article/cisco-warns-on-critical-security-vulnerabilities-in-sd-wan-software-so-update-now/

SEC calls out dubious cryptocurrency traders, miners soliciting customers worldwide

www.zdnet.com/article/sec-calls-out-dubious-cryptocurrency-exchanges-miners-soliciting-customers-worldwide/ The companies mentioned are considered “misleading” or impersonators of genuine businesses. Read also:

www.sec.gov/enforce/public-alerts

QNAP warns users to secure NAS devices against Dovecat malware

www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-nas-devices-against-dovecat-malware/ QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. Read also:

www.qnap.com/en/how-to/knowledge-base/article/dovecat-and-dedpma-processes-are-necessary-for-nas-system/

Belgian Hospital Reroutes Critical Patients after Cyberattack

hotforsecurity.bitdefender.com/blog/belgian-hospital-reroutes-critical-patients-after-cyberattack-25165.html On Sunday evening, the CHwapi hospital in Belgium suffered a cyberattack that prompted the facility to redirect emergency patients to other hospitals and delay surgical procedures. As reported by local media group L’Avenir, 80 of the hospital center’s 300 servers were affected by the attack, forcing staff and nurses to abandon digital entries and turn to pen and paper for patient assessments. Patient data was not compromised, according to CHwapi.

You might be interested in …

Daily NCSC-FI news followup 2020-04-22

Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks www.wired.com/story/google-state-sponsored-hackers-coronavirus-phishing-malware/ More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report. Report: blog.google/technology/safety-security/threat-analysis-group/findings-covid-19-and-online-security-threats/ Chinese Agents Helped Spread Messages That Sowed Virus Panic in U.S., Officials Say www.nytimes.com/2020/04/22/us/politics/coronavirus-china-disinformation.html American officials were alarmed by fake text messages and […]

Read More

Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa. Italian police arrest two over hacking at defence group Leonardo www.reuters.com/article/idUSL8N2IL08W A manager and a […]

Read More

Daily NCSC-FI news followup 2020-05-01

Ransomware mentioned in 1,000+ SEC filings over the past year www.zdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year/#ftag=RSSbaffb68 A growing number of public companies are now listing ransomware as a forward-looking risk factor in documents filed with the US Securities Exchange Commission. Listing ransomware as a risk factor in SEC filings shows that companies now understand the danger posed by a ransomware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.