Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response

us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.

SolarWinds hack analysis reveals 56% boost in command server footprint

www.zdnet.com/article/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint/ A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed.

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

thehackernews.com/2021/04/researchers-find-additional.html The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure. So much so that Microsoft went on to call the threat actor behind the campaign “skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection.”. Lisäksi:

www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/

Internet of Threats: IoT Botnets Drive Surge in Network Attacks

securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/ As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019.

QNAP removes backdoor account in NAS backup, disaster recovery app

www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/ QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

Remote access trojan exploits Telegram communications to steal data from victims and update itself to perform additional malicious activities

blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use-telegram-for-command-control/ In this blog, we’ll explore why criminals are increasingly using Telegram for malware control, using the example of a new malware variant called ToxicEye’ that we have recently observed in the wild. Lisäksi: threatpost.com/telegram-toxiceye-malware/165543/

Ransomware gang wants to short the stock price of their victims

therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.

Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild

therecord.media/nightmare-week-for-security-vendors-now-a-trend-micro-bug-is-being-exploited-in-the-wild/ US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.

You might be interested in …

Daily NCSC-FI news followup 2019-06-07

A Deep Dive into the Emotet Malware www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file. Later versions evolved to use macro-enabled Office documents to retrieve a malicious payload from a C2 server. […]

Read More

Daily NCSC-FI news followup 2020-11-11

Play Store identified as main distribution vector for most Android malware www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study considered the largest one of its kind carried out to date. Lisäksi: arxiv.org/pdf/2010.10088.pdf Facebook link preview feature used as a […]

Read More

Daily NCSC-FI news followup 2020-07-26

DJI Drone App Riddled With Privacy Issues, Researchers Allege threatpost.com/dji-drone-app-riddled-with-privacy-issues-researchers-allege/157730/ Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.