Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/

North Korean hackers target security researchers again

www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.

Risk Management, C-Suite Shifts & Next-Gen Text Scams: Your March 2021 Security Intelligence Roundup

securityintelligence.com/articles/march-2021-security-intelligence-roundup/

Iranian credential thieves targeting medical researchers

www.scmagazine.com/home/security-news/iranian-credential-thieves-targeting-medical-researchers/

Android sends 20x more data to Google than iOS sends to Apple, study says

arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/

He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.

www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Applications interact with the Background Intelligent Transfer Service by creating jobs with one or more files to download or upload. The BITS service runs in a service host process and can schedule transfers to occur at any time. As is the case with many technologies, BITS can be used both by legitimate applications and by attackers.

Fransom is an open-source tool that will emulate common ransomware functions for the purpose of testing endpoint detection and response tools

github.com/fraktalcyber/Fransom

Quick Analysis of a Modular InfoStealer

isc.sans.edu/diary/rss/27264

Daily NCSC-FI news followup 2021-01-28

Cybersecurity to the Rescue: Pseudonymisation for Personal Data Protection www.enisa.europa.eu/news/enisa-news/cybersecurity-to-the-rescue-pseudonymisation-for-personal-data-protection ENISA’s new report explores pseudonymisation techniques and use cases for healthcare and information sharing in cybersecurity Who’s Making All Those Scam Calls? www.nytimes.com/2021/01/27/magazine/scam-call-centers.html Malware Analysis Report (AR21-027A) – MAR-10319053-1.v1 – Supernova us-cert.cisa.gov/ncas/analysis-reports/ar21-027a ANNOUNCING PWN2OWN VANCOUVER 2021 www.zerodayinitiative.com/blog/2021/1/25/announcing-pwn2own-vancouver-2021 Introducing data breach guidance for individuals and families […]

Daily NCSC-FI news followup 2020-10-17

Google warned users of 33,000 state-sponsored attacks in 2020 www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/ Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. Political campaign emails contain dark patterns to manipulate donors, voters www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/ Princeton researchers analyzed 100,000 different campaign emails from more […]

Daily NCSC-FI news followup 2019-07-16

Commando VM: The Complete Mandiant Offensive VM isc.sans.edu/diary/Commando+VM%3A+The+Complete+Mandiant+Offensive+VM/25136 Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments. Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests. The benefits of using a Windows machine include native support for Windows and Active Directory, using […]