Daily NCSC-FI news followup 2021-02-26

Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance

www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/ A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.

Ryuk ransomware now self-spreads to other Windows LAN devices

www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/ “Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain,” ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) said in a report published today.. Original at

www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf

Cybercrime groups are selling their hacking skills. Some countries are buying

www.zdnet.com/article/cybercrime-groups-are-selling-their-hacking-skills-some-countries-are-buying/ A report by cybersecurity researchers at BlackBerry warns that the emergence of sophisticated cybercrime-as-a-service schemes means that nation states increasingly have the option of working with groups that can carry out attacks for them.. Researchers point to the existence of extensive hacking operations like Bahamut as an example of how sophisticated cyber-criminal campaigns have become.. Researchers note how “the profiles and geography of their victims are far too diverse to be aligned with a single bad actor’s interests”, suggesting that Bahamut is performing operations for different clients, keeping an eye out for jobs that would make them the most money and when it comes to funding, certain nation states have the most money to spend on conducting campaigns.

Google looks at bypass in Chromium’s ASLR security defense, throws hands up, won’t patch garbage issue

www.theregister.com/2021/02/26/chrome_aslr_bypass/ In early November, a developer contributing to Google’s open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser’s Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).. About two weeks later, Google software security engineer Chris Palmer marked the bug “WontFix” because Google has resigned itself to the fact that ASLR can’t be saved Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/ n this blog, well share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate. We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may . perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.

You might be interested in …

Daily NCSC-FI news followup 2020-11-27

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark […]

Read More

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2019-08-13

Attackers could use this coding bug to turn BIG-IP load balancers against organizations blog.f-secure.com/command-injection-in-f5-irules/ During a routine security assessment, F-Secure Senior Security Consultant Christoffer Jerkeby discovered that an obscure coding bug could allow attackers to exploit F5 Networks popular BIG-IP load balancer. Further research found that, following a successful exploit, an adversary could turn the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.