Daily NCSC-FI news followup 2021-04-17

Major BGP leak disrupts thousands of networks globally

www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.

Combating Sleeper Threats With MTTD

securityintelligence.com/articles/sleeper-threats-mean-time-to-detect/ During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March 2020), it means attackers were able to remain hidden for a long time.

Biden Races to Shore Up Power Grid Against Hacks

threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.

Codecov discloses 2.5-month-long supply chain attack

therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/ Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools. The impacted product is named Bash Uploader and allows Codecov customers to submit code coverage reports to the company’s platform for analysis. Lisäksi:

arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/. Lisäksi: about.codecov.io/security-update/

Google’s Project Zero updates vulnerability disclosure rules to add patch cushion

therecord.media/googles-project-zero-updates-vulnerability-disclosure-rules-to-add-patch-cushion/ The Google Project Zero security team has updated its vulnerability disclosure guidelines today to add a cushion of 30 days to some security bug disclosures, so end-users have enough time to patch software and prevent attackers from weaponizing bugs.

BazarLoader Malware Abuses Slack, BaseCamp Clouds

threatpost.com/bazarloader-malware-slack-basecamp/165455/ Two cyberattack campaigns are making the rounds using unique social-engineering techniques. The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.

Swinburne University confirms over 5, 000 individuals affected in data breach

www.zdnet.com/article/swinburne-university-confirms-over-5000-individuals-affected-in-data-breach/ Swinburne University of Technology has confirmed personal information on staff, students, and external parties had inadvertently made its way into the wild. It said it was advised last month that information of around 5, 200 Swinburne staff and 100 Swinburne students was available on the internet.

iOS Kids Game Morphs into Underground Crypto Casino

threatpost.com/ios-kids-game-crypto-casino/165450/ A malicious Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money.

You might be interested in …

Daily NCSC-FI news followup 2020-12-22

Kyberturvallisuuskeskuksen uusi julkaisu: Opas tietomurtojen havaitsemiseen www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen Tässä ohjeessa keskitytään erityisesti tietomurron havaitsemiseen lokitietojen avulla. Esimerkkeinä käytetään Windows Event Log – -­tapahtumalokeja tai muita Windows-­käyttöjärjestelmän lokitapahtumia. Valittuja esimerkkitapahtumia on havaittu tutkituissa tietomurroista tunkeutujien jäljiltä. PDF: www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Opas-tietomurtojen-havaitsemiseen.pdf SolarWinds hackers breached US Treasury officials’ email accounts www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/ US Senator Ron Wyden said that dozens of US Treasury […]

Read More

Daily NCSC-FI news followup 2020-08-27

Confessions of an ID Theft Kingpin, Part II krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-ii/ Yesterdays piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven […]

Read More

Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. Leaky Gekko Group database exposes info on hotel brands, travelers www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.