Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response

us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.

SolarWinds hack analysis reveals 56% boost in command server footprint

www.zdnet.com/article/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint/ A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed.

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

thehackernews.com/2021/04/researchers-find-additional.html The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure. So much so that Microsoft went on to call the threat actor behind the campaign “skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection.”. Lisäksi:

www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/

Internet of Threats: IoT Botnets Drive Surge in Network Attacks

securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/ As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019.

QNAP removes backdoor account in NAS backup, disaster recovery app

www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/ QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

Remote access trojan exploits Telegram communications to steal data from victims and update itself to perform additional malicious activities

blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use-telegram-for-command-control/ In this blog, we’ll explore why criminals are increasingly using Telegram for malware control, using the example of a new malware variant called ToxicEye’ that we have recently observed in the wild. Lisäksi: threatpost.com/telegram-toxiceye-malware/165543/

Ransomware gang wants to short the stock price of their victims

therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.

Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild

therecord.media/nightmare-week-for-security-vendors-now-a-trend-micro-bug-is-being-exploited-in-the-wild/ US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.

You might be interested in …

Daily NCSC-FI news followup 2019-09-21

VMware Releases Security Updates for Multiple Products www.us-cert.gov/ncas/current-activity/2019/09/20/vmware-releases-security-updates-multiple-products See also: www.vmware.com/security/advisories/VMSA-2019-0014.html Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/ To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions. Windows 7 Voting Systems to Get […]

Read More

Daily NCSC-FI news followup 2021-10-08

September 2021s Most Wanted Malware: Trickbot Once Again Tops the List blog.checkpoint.com/2021/10/08/september-2021s-most-wanted-malware-trickbot-once-again-tops-the-list/ Check Point Research reports that Trickbot is the most prevalent malware while remote access trojan, njRAT, has entered the index for the first time. The remote access trojan, njRAT, has entered the top ten for the first time, taking the place of Phorpiex […]

Read More

Daily NCSC-FI news followup 2021-10-13

How Coinbase Phishers Steal One-Time Passwords krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.