Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia

www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also:

www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html

Docker Hub images downloaded 20M times come with cryptominers

www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/ Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects. The researcher estimates that the cryptojacking activity involving these containers enabled the attackers to mine about $200, 000 worth of cryptocurrency.. See also:

unit42.paloaltonetworks.com/malicious-cryptojacking-images/

PHP’s Git server hacked to add backdoors to PHP source code

www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ The official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team. The code plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP. See also:

news-web.php.net/php.internals/113838

Hades Ransomware Gang Exhibits Connections to Hafnium

threatpost.com/hades-ransomware-connections-hafnium/165069/ The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.

Ransomware admin is refunding victims their ransom payments

www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/ Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all decryption keys.” After announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

Malware Analysis with elastic-agent and Microsoft Sandbox

isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/ Using Microsoft Sandbox and elastic-agent to analyze malware samples.

OVH reveals it’s scrubbing servers to get smoke residue off before rebooting

www.theregister.com/2021/03/29/ovh_restoration_update/ Quite a few have come back online, but it takes seven hours to restore each rack. French cloud operator OVH has revealed how it is cleaning every server it thinks can be returned to service in its scorched Strasbourg data centres.

As Covid-19 Vaccines Ramp Up, So Do Covid-19 Scams

www.forbes.com/sites/waynerash/2021/03/29/as-covid-19-vaccines-ramp-up-so-do-covid-19-scams/ The bogus websites have become phishing emails and phishing text messages. Now we have fake pollsters, fake messages from your HR department, fake cures and fake vaccine appointments. Scammers are using concern about the pandemic to steal identities and money.. In the year since Forbes first covered the scams preying on fears of the Covid-19 coronavirus, this area of cybercrime has simply exploded.

You might be interested in …

Daily NCSC-FI news followup 2021-01-16

BugTraq Shutdown www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also: www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years/ Massive stolen credit card shop Joker’s Stash shuts down www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.