Daily NCSC-FI news followup 2021-04-24

A Census of Deployed Pulse Connect Secure (PCS) Versions

research.nccgroup.com/2021/04/23/a-census-of-deployed-pulse-connect-secure-pcs-versions/ Today we are releasing some statistics around deployment of Pulse Connect Secure versions in the wild. The hope is that by releasing these statistics we can help to highlight the risk around outdated versions of PCS, which are being actively exploited by malicious actors.

Supply chain attack on the password manager Clickstudios – PASSWORDSTATE

www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ The company ClickStudios recently notified their customers about a breach resulting in a supply chain attack conducted via an update of the password manager PASSWORDSTATE.

HashiCorp is the latest victim of Codecov supply-chain attack

www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/ Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack.

10, 000+ unpatched home alarm systems can be deactivated remotely

therecord.media/10000-unpatched-home-alarm-systems-can-be-deactivated-remotely/ Thousands of ABUS Secvest smart alarm systems are currently unpatched and vulnerable to a bug that would allow miscreants to remotely disable alarm systems and expose homes and corporate headquarters to intrusions and thefts. ABUS patched the bug in January, but three months later, more than 90% of its customers have yet to apply the firmware patch.

Apple’s Ransomware Mess Is the Future of Online Extortion

www.wired.com/story/apple-ransomware-attack-quanta-computer/ This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them. The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware. After years of refining their mass data encryption techniques to lock victims out of their own systems, criminal gangs are increasingly focusing on data theft and extortion as the centerpiece of their attacksand making eye-popping demands in the process. Given how aggressively ransomware has evolvedand on an international scalethey’ll have their hands more than full.

A ransomware gang made $260, 000 in 5 days using the 7zip utility

www.bleepingcomputer.com/news/security/a-ransomware-gang-made-260-000-in-5-days-using-the-7zip-utility/ Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices. Using such a simple approach allowed them to encrypt over a thousand, if not thousands, of devices in just five days using a time-tested encryption algorithm built into the 7zip archive utility.

Post-Intrusion Ransomware Incident Response

www.secureworks.com/blog/post-intrusion-ransomware-attack-incident-response Ransomware crippled your software deployment tools now what?

Cybersecurity Tensions Rise During President Biden’s First 100 Days

www.forbes.com/sites/tonybradley/2021/04/24/cybersecurity-tensions-rise-during-president-bidens-first-100-days/ Cyber threats are a fact of life for nations and companies around the world. In March, a panel of experts got together for a virtual roundtable titled “Restoring National Cybersecurity: A Look into the First 100 Days of the New Administration” to discuss the challenges we face and offer guidance for how to address them effectively. The agenda of the discussion was to develop an action plan that might help guide the Biden Administration as it strives to respond to these types of attacks and strengthen the cybersecurity posture of the nation in general to prevent similar attacks in the future.

New cryptomining malware builds an army of Windows, Linux bots

www.bleepingcomputer.com/news/security/new-cryptomining-malware-builds-an-army-of-windows-linux-bots/ A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. The attackers “are targeting cloud workloads through remote code injection/remote code execution vulnerabilities in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts to gain initial access, ” Lacework found. “Lateral movement is conducted via SSH keys available on the victim machine and hosts identified from bash history files, ssh config files, and known_hosts files, ” Lacework added.

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

threatpost.com/oscar-bait-hackers-nominated-phishing-malware/165583/ Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials they think they’re about to stream Oscar-nominated films, but the reality turns out to be much different.

Base64 Hashes Used in Web Scanning

isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/

Vientituotteena valvova silmä

www.hs.fi/ulkomaat/art-2000007938713.html Tekoäly valvoo Xinjiangin uiguurien jokaista askelta. Digitaalinen diktatuuri on Kiinan vientituote, joka voi olla uhka demokratioille. HYMYILE, olet piilokamerassa! Tiedämmekin jo, kuka olet ja mitä teit viime kesänä!. [TILAAJILLE]

You might be interested in …

Daily NCSC-FI news followup 2020-11-04

Katso uusin Yle Mix: Näin estät tietojesi varastamisen yle.fi/uutiset/3-11626077 Ovatko salasanasi kunnossa ja sijaintitiedot piilossa? Tabletin kanssa sotaan www.hs.fi/kotimaa/art-2000006705958.html Maavoimat hankkii tuhansia tavallisia päätelaitteita taistelijoiden liittämiseksi verkkoon. Lue myös: www.tivi.fi/uutiset/tv/3c3fb4fd-43f5-4710-a0ac-56e91538a66f Police Will Pilot a Program to Live-Stream Amazon Ring Cameras www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-cameras?fbclid=IwAR1che8wkaPuyr9meJyxwLpHz0NoVg-OvWK-mAbQ-9ahKrIXzjJ-78Oquzo This is not a drill. Red alert: The police surveillance center in Jackson, Mississippi, […]

Read More

Daily NCSC-FI news followup 2020-11-28

Europol and partners thwart massive credit card fraud scheme www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/ Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around 40 million (US$48 million) in losses for both consumers and financial organizations. The operation, dubbed Carding Action 2020, was carried […]

Read More

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.