Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities

www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial information, reported the Stanford Daily.

GitHub Actions being actively abused to mine cryptocurrency on GitHub servers

www.bleepingcomputer.com/news/security/github-actions-being-actively-abused-to-mine-cryptocurrency-on-github-servers/ The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code. BleepingComputer also observed the malicious code loads a misnamed crypto miner npm.exe from GitLab and runs it with the attacker’s wallet address.

Phone numbers for 533 million Facebook users leaked on hacking forum

therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/amp/ A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users about a fifth of the entire social network’s user pool on a publicly accessible cybercrime forum. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles. The dump includes 1, 381, 569 users from Finland

GitHub Arctic Vault likely contains leaked MedData patient records

www.bleepingcomputer.com/news/security/github-arctic-vault-likely-contains-leaked-meddata-patient-records/ GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. The private data was leaked on GitHub repositories last year whose contributors carry the “Arctic Code Vault” badge.

Mind the Gap: How the NSA might use SolarWinds campaign to do warrantless spying

zetter.substack.com/p/mind-the-gap-how-the-nsa-might-use Officials have said the SolarWinds hacking campaign succeeded in part because of a gap in NSA surveillance power. Referring to this as an intelligence “blind spot, ” a “domestic visibility” issue, and an authorities “gap, ” officials appear to be setting the stage to seek new powers for the NSA or another agency to conduct domestic surveillance

AMD Publishes Security Analysis Of Zen 3 “PSF” That Could Possibly Lead To A Side-Channel Attack

www.phoronix.com/scan.php?page=news_item&px=AMD-PSF-Security-Analysis AMD researchers believe the impact of bad PSF speculation is similar to that of Spectre V4 (Speculative Store Bypass) and particularly of concern for untrusted code being executed within a sandbox/isolation. AMD is not aware of any code that would be considered vulnerable to PSF behavior and that the risk with PSF is “likely low” but did provide guidance on disabling the Predictive Store Forwarding behavior.

QNAP caught napping as disclosure delay expires, critical NAS bugs revealed

www.theregister.com/2021/04/02/qnap_bug_nas/ Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files. ThreatPost claims this flaw is addressed in an updated version of QNAP’s media server app, Multimedia Console 1.3.4, though the update makes no mention of any security fixes.

533 million Facebook users’ phone numbers and personal data have been leaked online

www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?op=1&scrolla=5eb6d68b7fedc32c19ef33b4&r=US&IR=T A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. Now, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.

Facebook data on 533 million users posted online

www.zdnet.com/article/facebook-data-on-533-million-users-posted-online/#ftag=RSSbaffb68 Data posted on a cybercrime forum includes phone numbers, Facebook IDs, birth dates, gender and location. The data is reportedly broken up into download packages by country.

2021 Security Outcomes Study: Timely Incident Response as a Business Enabler

blogs.cisco.com/security/2021-security-outcomes-study-timely-incident-response-as-a-business-enabler Timely incident response as a business enabler is surprising, and even more telling is that, among the respondents of the Security Outcomes Study, incident response also ranked highly on the list of components that contribute to a host of other progressive security initiatives.

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ 40, 000 lines of flawed code almost made it into FreeBSD’s kernel. Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. After roughly nine months of part-time development, Macy committed his portlargely unreviewed and inadequately testeddirectly into the HEAD section of FreeBSD’s code repository, where it was scheduled for incorporation into FreeBSD 13.0-RELEASE.

Reducing Human Error Security Threats with a Remote Workforce

blog.itsecurityexpert.co.uk/2021/03/reducing-human-error-security-threats.html Surprisingly, a large portion of cyberattacks can be best prevented by reducing the risks to a remote workforce created by human error. Lack of employee knowledge, distraction, and neglect all can leave remote networks vulnerable. This article will explore not only the cost of human error but the practices you can employ to prevent it.

German sub navigation system Russian controlled

ukdefencejournal.org.uk/german-sub-navigation-system-russian-controlled/ German media has reported that the Russian controlled Navi-Sailor 4100′ has been installed on at least 100 vessels operated by Germany’s military, including the submarine fleet. German media reports here that in 2005, under Federal Chancellor Gerhard Schröder, around one hundred vehicles, including aval platforms, were equipped with new navigation systems from Russian company Transas.

Malicious cheats for Call of Duty: Warzone are circulating online

arstechnica.com/gadgets/2021/04/activision-warns-of-malware-masquerading-as-cheats-for-call-of-duty-warzone/ On Wednesday, Activision said that a popular cheating site was circulating a fake cheat for Call of Duty: Warzone that contained a dropper, a term for a type of backdoor that installs specific pieces of malware chosen by the person who created it.

You might be interested in …

Daily NCSC-FI news followup 2021-03-20

Office 365 Phishing Attack Targets Financial Execs threatpost.com/office-365-phishing-attack-financial-execs/164925/ Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. Also: www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/ Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10 arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/ As if the mass-exploitation of Exchange servers wasn’t enough, now there’s BIG-IP. Last week, F5 disclosed and patched […]

Read More

Daily NCSC-FI news followup 2020-06-07

Fake ransomware decryptor double-encrypts desperate victims’ files www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. New Tekya Ad Fraud Found […]

Read More

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.