Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques

www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet.

Discord Nitro gift codes now demanded as ransomware payments

www.bleepingcomputer.com/news/security/discord-nitro-gift-codes-now-demanded-as-ransomware-payments/ In a novel approach to ransom demands, a new ransomware calling itself ‘NitroRansomware’ encrypts victim’s files and then demands a Discord Nitro gift code to decrypt files. While Discord is free, they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD video streaming, enhanced emojis, and the ability to boost your favorite server, so its users enjoy extra functionality as well.

The “Big Four”: Spotlight on Russia

www.fireeye.com/blog/executive-perspective/2021/04/the-big-four-spotlight-on-russia.html We are wrapping up our “Big Four” series with a country that has been one to watch for quite some time: Russia. And who better to join me for this episode than our Vice President for Mandiant Threat Intelligence, John Hultquist.

Security Gaps in IoT Access Control Threaten Devices and Users

beta.darkreading.com/perimeter/security-gaps-in-iot-access-control-threaten-devices-and-users A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk.

FTP is 50 years old

www.filestash.app/2021/04/16/ftp-is-50-years-old/?ICID=ref_fark The 16th of April 1971 is not only the date when the Rolling Stone first released Brown Sugar, it is also marked with the publication of RFC 114 marking the birthday of FTP. Back in those days, the Vietnam war is at the forefront of the news, TCP/IP didn’t exist yet, Jimi Hendrix died 6 months ago, telnet was the new cool kid and some of the most influential rock n roll artists were about to release masterpieces while FTP was using a network protocol called NCP.

You might be interested in …

Daily NCSC-FI news followup 2021-03-03

HAFNIUM targeting Exchange Servers with 0-day exploits www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional […]

Read More

Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name […]

Read More

Daily NCSC-FI news followup 2020-02-26

Iranian APT Targets Govs With New Malware threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/ A new campaign is targeting governments with the ForeLord malware, which steals credentials.. A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat (APT) group. Internal Docs Show Why […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.