Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia

www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also:

www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html

Docker Hub images downloaded 20M times come with cryptominers

www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/ Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects. The researcher estimates that the cryptojacking activity involving these containers enabled the attackers to mine about $200, 000 worth of cryptocurrency.. See also:

unit42.paloaltonetworks.com/malicious-cryptojacking-images/

PHP’s Git server hacked to add backdoors to PHP source code

www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ The official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team. The code plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP. See also:

news-web.php.net/php.internals/113838

Hades Ransomware Gang Exhibits Connections to Hafnium

threatpost.com/hades-ransomware-connections-hafnium/165069/ The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.

Ransomware admin is refunding victims their ransom payments

www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/ Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all decryption keys.” After announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

Malware Analysis with elastic-agent and Microsoft Sandbox

isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/ Using Microsoft Sandbox and elastic-agent to analyze malware samples.

OVH reveals it’s scrubbing servers to get smoke residue off before rebooting

www.theregister.com/2021/03/29/ovh_restoration_update/ Quite a few have come back online, but it takes seven hours to restore each rack. French cloud operator OVH has revealed how it is cleaning every server it thinks can be returned to service in its scorched Strasbourg data centres.

As Covid-19 Vaccines Ramp Up, So Do Covid-19 Scams

www.forbes.com/sites/waynerash/2021/03/29/as-covid-19-vaccines-ramp-up-so-do-covid-19-scams/ The bogus websites have become phishing emails and phishing text messages. Now we have fake pollsters, fake messages from your HR department, fake cures and fake vaccine appointments. Scammers are using concern about the pandemic to steal identities and money.. In the year since Forbes first covered the scams preying on fears of the Covid-19 coronavirus, this area of cybercrime has simply exploded.

You might be interested in …

Daily NCSC-FI news followup 2020-12-18

Kansallinen turvallisuusauditointikriteeristö Katakri 2020 julkaistu valtioneuvosto.fi/-/kansallinen-turvallisuusauditointikriteeristo-katakri-2020-julkaistu Kansallisen turvallisuusviranomainen NSA julkaisee Katakri 2020:n, eli viranomaisten tietoturvallisuuden auditointityökaluksi tarkoitetun kansallisen auditointikriteeristön 18.joulukuuta 2020 verkkoversiona.. Katakrin neljännen version päivitystyön taustalla keskeisimpänä tekijänä on ollut vastaaminen 2020 alusta uusiutuneen kansallisen lainsäädännön muutoksiin.. Painettu julkaisu ja englanninkielinen verkkoversio on saatavilla vuoden 2021 alkupuolella. SolarWinds hackers breach US nuclear weapons agency […]

Read More

Daily NCSC-FI news followup 2021-01-15

Bitcoin-kiristäjä piinaa taas suomalaisia www.kauppalehti.fi/uutiset/bitcoin-kiristaja-piinaa-taas-suomalaisia-ala-maksa-masturbointilunnaita/a65ed063-b6b7-4ae9-93a8-4a4161d70b43 Verkkohuijarit ovat taas liikkeellä pornokiristyksinä tunnettujen huijausviestien kanssa. Huijarit väittävät tartuttaneensa haittaohjelman vastaanottajan koneelle tämän vierailtua aikuisviihdesivustolla. Katso myös Kyberturvallisuuskeskuksen uutinen aiheesta: www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshuijauksia-liikkeella-runsaasti-ala-usko-huijarien-vaitteita Signal down after getting flooded with new users www.bleepingcomputer.com/news/software/signal-down-after-getting-flooded-with-new-users/ Signal users are currently experiencing issues around the world, with users unable to send and receive messages. Ransomware […]

Read More

Daily NCSC-FI news followup 2021-03-09

Dangerous Malware Dropper Found in 9 Utility Apps on Googles Play Store blog.checkpoint.com/2021/03/09/dangerous-malware-dropper-found-in-9-utility-apps-on-googles-play-store/ Check Point Research (CPR) recently discovered a new dropper spreading via the Google Play store. The dropper, dubbed Clast82, has the ability to avoid detection by Google Play Protect, complete the evaluation period successfully, and change the payload dropped from a non-malicious […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.