Daily NCSC-FI news followup 2021-03-11

February 2021s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown

blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals. Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has topped the Index for the first time, rising from third position in January.

Whitelist Me, Maybe? Netbounce Threat Actor Tries A Bold Approach To Evade Detection

www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection On the 12th of February, FortiGuard Labs received a request via email from a person representing a company called Packity Networks asking to whitelist their software. The sender claimed it to be a false-positive that inflicts a significant impact on their business

When stolen materials are published online

www.kaspersky.com/blog/accellion-fta-data-leaks/38980/ Hackers trying to inflict maximum reputation damage are sending out links to the data they stole through Accellion FTA vulnerabilities. Late last year, information surfaced online about attacks on companies using the outdated Accellion File Transfer Appliance (FTA). Some cybercriminals used Accellion FTA vulnerabilities to snatch confidential data, using the threat of publication to extort ransom from the victims. We are not pleased to report that they were true to their word.

iPhone app exposed other peoples call recordings

blog.malwarebytes.com/privacy-2/2021/03/iphone-app-exposed-other-peoples-call-recordings/ Video and audio are huge privacy concerns for people. If something goes wrong with tech it can have major ramifications. Youre likely very familiar with warnings about video. However, audio hasnt always been so prominent. Its only really since the rise of home assistants like Amazons Alexa that audio worries have gone mainstream.

Attackers Wont Stop With Exchange Server. You Need a New Playbook

blog.paloaltonetworks.com/2021/03/exchange-server-new-playbook/ When watershed SolarWinds attacks hit in December, I urged organizations to redouble efforts to secure their networks. It was a wakeup call SolarWinds exposed security weaknesses in organizations that would only be compounded now that were all so reliant on technology. Less than three months later, here we are again. Over the last week weve learned how hackers spent at least two months breaking into servers running Microsofts widely used Exchange Server email software before they were caught.

Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts

securityintelligence.com/dridex-campaign-propelled-by-cutwail-botnet-and-powershell/ IBM X-Force threat intelligence has been observing a rise in Dridex-related network attacks that are being driven by the Cutwail botnet. Dridex is delivered as a second-stage infector after an initial document or spreadsheet arrives via email with booby-trapped macros. Recipients who activate the macros unknowingly launch malicious PowerShell scripts that will download additional malware. At this time, X-Force is seeing relatively limited campaigns active in Italy and Japan.

Molson Coors brewing operations disrupted by cyberattack

www.bleepingcomputer.com/news/security/molson-coors-brewing-operations-disrupted-by-cyberattack/ The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations. Molson Coors is well-known for its iconic beer brands, including Coors Light, Miller Lite, Molson Canadian, Blue Moon, Peroni, Killian’s, and Foster’s.. In a Form-8K filed with the SEC today, Molson Coors disclosed that they suffered a cyberattack on March 11th, causing significant disruption to their operations, including the production and shipment of beer.

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack,” the agencies said. “Adversaries may also sell access to compromised networks on the dark web.”

Piktochart – Phishing with Infographics

isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ In line with our recent diaries featuring unique attack vectors for credential theft, such as phishing over LinkedIn Mail and pretending to be an Outlook version update[2], we’ve recently learned of a phishing campaign targetting users of the Infographic service Piktochart.. During the COVID-19 pandemic, nearly every kind of company has moved to use more online collaboration tools. This means that many small businesses, universities, primary and secondary schools, and others that may not be well-trained in online safety will be especially vulnerable to this type of attack, especially if they are using a relatively new tool, like Piktochart.

Norway’s parliament hit by new hack attack

www.reuters.com/article/us-norway-cyber/norway-parliament-sustains-fresh-cyber-attack-idUSKBN2B21TX OSLO (Reuters) – Hackers have infiltrated the Norwegian Parliaments computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public. The attack by unknown hackers was linked to a vulnerability in Microsofts Exchange software, the parliament said, adding that this was an international problem.. The latest attack was more severe than last years, parliament President Tone Wilhelmsen Troen told a news conference.. Myƶs: yle.fi/uutiset/3-11831255

Fin8 Group is Back in Business with Improved BADHATCH Kit

labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/ Bitdefender researchers have uncovered new versions of the BADHATCH backdoor used by the FIN8 threat actor to compromise companies in insurance, retail, technology, and chemical industries in the United States, Canada, South Africa, Puerto Rico, Panama, and Italy.. This new research describes the technical capabilities of a constantly-evolving threat actor and outlines the differences between the three BADHATCH versions.

NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic

threatpost.com/nanocore-rat-email-defenses-zipx/164701/ A spam campaign hides a malicious executable behind file archive extensions. A spate of malicious emails with attachments delivering the NanoCore remote access trojan (RAT) is evading anti-malware and email scanners by abusing the .ZIPX file format. Thats according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by giving it a .ZIPX file extension, which is used to denote that a .ZIP archive format is compressed using the WinZip archiver.

This trojan malware is now your biggest security headache

www.zdnet.com/article/this-trojan-malware-is-now-your-biggest-security-headache/ The disruption of Emotet was a blow for cyber criminals – but just weeks later, the gap is being filled by other trojans and botnets. Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks. Emotet was the world’s most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.. What initially emerged as a banking trojan in 2014 went on to become much more, establishing backdoors on compromised Windows machines which were leased out to other cyber-criminal groups to conduct their own malware or ransomware campaigns.

Threat Trends: DNS Security, Part 1

blogs.cisco.com/security/threat-trends-dns-security-part-1 When it comes to security, deciding where to dedicate resources is vital. To do so, its important to know what security issues are most likely to crop up within your organization, and their potential impact. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flows. This is where it becomes helpful to know about the larger trends on the threat landscape. Reading up on these trends can inform you as to what types of attacks are currently active. That way, youll be better positioned to determine where to dedicate resources.

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

threatpost.com/f5-cisa-critical-rce-bugs/164679/ F5 Networks is warning users to patch four critical remote command execution (RCE) flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. If exploited, the flaws could allow attackers to take full control over a vulnerable system. The company released an advisory, Wednesday, on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively. We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version as soon as possible, the company advised on its website.

You might be interested in …

Daily NCSC-FI news followup 2020-07-26

DJI Drone App Riddled With Privacy Issues, Researchers Allege threatpost.com/dji-drone-app-riddled-with-privacy-issues-researchers-allege/157730/ Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. […]

Read More

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019 securelist.com/mobile-malware-evolution-2019/96280/ Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users thehackernews.com/2020/02/firefox-dns-over-https.html Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks thehackernews.com/2020/02/google-chrome-zero-day.html New OpenSMTPD RCE Flaw Affects Linux and OpenBSD […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.