Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia

www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also:

www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html

Docker Hub images downloaded 20M times come with cryptominers

www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/ Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects. The researcher estimates that the cryptojacking activity involving these containers enabled the attackers to mine about $200, 000 worth of cryptocurrency.. See also:

unit42.paloaltonetworks.com/malicious-cryptojacking-images/

PHP’s Git server hacked to add backdoors to PHP source code

www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ The official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team. The code plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP. See also:

news-web.php.net/php.internals/113838

Hades Ransomware Gang Exhibits Connections to Hafnium

threatpost.com/hades-ransomware-connections-hafnium/165069/ The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.

Ransomware admin is refunding victims their ransom payments

www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/ Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all decryption keys.” After announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

Malware Analysis with elastic-agent and Microsoft Sandbox

isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/ Using Microsoft Sandbox and elastic-agent to analyze malware samples.

OVH reveals it’s scrubbing servers to get smoke residue off before rebooting

www.theregister.com/2021/03/29/ovh_restoration_update/ Quite a few have come back online, but it takes seven hours to restore each rack. French cloud operator OVH has revealed how it is cleaning every server it thinks can be returned to service in its scorched Strasbourg data centres.

As Covid-19 Vaccines Ramp Up, So Do Covid-19 Scams

www.forbes.com/sites/waynerash/2021/03/29/as-covid-19-vaccines-ramp-up-so-do-covid-19-scams/ The bogus websites have become phishing emails and phishing text messages. Now we have fake pollsters, fake messages from your HR department, fake cures and fake vaccine appointments. Scammers are using concern about the pandemic to steal identities and money.. In the year since Forbes first covered the scams preying on fears of the Covid-19 coronavirus, this area of cybercrime has simply exploded.

You might be interested in …

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Daily NCSC-FI news followup 2021-04-16

SolarWinds hack affected six EU agencies therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack. […]

Read More

Daily NCSC-FI news followup 2021-08-15

T-Mobile Investigating Claims of Massive Customer Data Breach www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.