Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response

us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.

SolarWinds hack analysis reveals 56% boost in command server footprint

www.zdnet.com/article/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint/ A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed.

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

thehackernews.com/2021/04/researchers-find-additional.html The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure. So much so that Microsoft went on to call the threat actor behind the campaign “skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection.”. Lisäksi:

www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/

Internet of Threats: IoT Botnets Drive Surge in Network Attacks

securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/ As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019.

QNAP removes backdoor account in NAS backup, disaster recovery app

www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/ QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

Remote access trojan exploits Telegram communications to steal data from victims and update itself to perform additional malicious activities

blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use-telegram-for-command-control/ In this blog, we’ll explore why criminals are increasingly using Telegram for malware control, using the example of a new malware variant called ToxicEye’ that we have recently observed in the wild. Lisäksi: threatpost.com/telegram-toxiceye-malware/165543/

Ransomware gang wants to short the stock price of their victims

therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.

Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild

therecord.media/nightmare-week-for-security-vendors-now-a-trend-micro-bug-is-being-exploited-in-the-wild/ US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.

You might be interested in …

Daily NCSC-FI news followup 2019-07-18

Bulgarias biggest leak: Suspect arrested after cyber attack www.euronews.com/2019/07/17/bulgaria-s-biggest-leak-suspect-arrested-after-cyber-attack Bulgarian police said on Wednesday they have arrested a suspect for a cyber attack on the country’s National Revenue Agency (NRA), which led to the leak of personal and financial data of millions of people.. Also www.grahamcluley.com/security-researcher-arrested-after-data-on-every-adult-in-bulgaria-hacked-from-government-site/. “Bulgarian anti-virus veteran Vesselin Bontchev tweeted a screenshot of […]

Read More

Daily NCSC-FI news followup 2020-09-08

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/ Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also: isc.sans.edu/diary/rss/26544 Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/ Adobe patched 11 bugs overall in its Experience Manager; five of those are rated […]

Read More

Daily NCSC-FI news followup 2021-02-28

Bombardier Blindsided By Extortion Threat After Hackers Breach Server www.forbes.com/sites/leemathews/2021/02/27/bombardier-blindsided-by-extortion-threat-after-hackers-breach-server/ It seems likely that the attackers intent was never to launch a more sophisticated and lucrative attack. Instead they sought to use a fresh exploit to hit as many Accellion FTA customers as quickly as possible. A 2020 Go Malware Round-Up www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf In the last […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.