Daily NCSC-FI news followup 2021-04-24

A Census of Deployed Pulse Connect Secure (PCS) Versions

research.nccgroup.com/2021/04/23/a-census-of-deployed-pulse-connect-secure-pcs-versions/ Today we are releasing some statistics around deployment of Pulse Connect Secure versions in the wild. The hope is that by releasing these statistics we can help to highlight the risk around outdated versions of PCS, which are being actively exploited by malicious actors.

Supply chain attack on the password manager Clickstudios – PASSWORDSTATE

www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ The company ClickStudios recently notified their customers about a breach resulting in a supply chain attack conducted via an update of the password manager PASSWORDSTATE.

HashiCorp is the latest victim of Codecov supply-chain attack

www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/ Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack.

10, 000+ unpatched home alarm systems can be deactivated remotely

therecord.media/10000-unpatched-home-alarm-systems-can-be-deactivated-remotely/ Thousands of ABUS Secvest smart alarm systems are currently unpatched and vulnerable to a bug that would allow miscreants to remotely disable alarm systems and expose homes and corporate headquarters to intrusions and thefts. ABUS patched the bug in January, but three months later, more than 90% of its customers have yet to apply the firmware patch.

Apple’s Ransomware Mess Is the Future of Online Extortion

www.wired.com/story/apple-ransomware-attack-quanta-computer/ This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them. The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware. After years of refining their mass data encryption techniques to lock victims out of their own systems, criminal gangs are increasingly focusing on data theft and extortion as the centerpiece of their attacksand making eye-popping demands in the process. Given how aggressively ransomware has evolvedand on an international scalethey’ll have their hands more than full.

A ransomware gang made $260, 000 in 5 days using the 7zip utility

www.bleepingcomputer.com/news/security/a-ransomware-gang-made-260-000-in-5-days-using-the-7zip-utility/ Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices. Using such a simple approach allowed them to encrypt over a thousand, if not thousands, of devices in just five days using a time-tested encryption algorithm built into the 7zip archive utility.

Post-Intrusion Ransomware Incident Response

www.secureworks.com/blog/post-intrusion-ransomware-attack-incident-response Ransomware crippled your software deployment tools now what?

Cybersecurity Tensions Rise During President Biden’s First 100 Days

www.forbes.com/sites/tonybradley/2021/04/24/cybersecurity-tensions-rise-during-president-bidens-first-100-days/ Cyber threats are a fact of life for nations and companies around the world. In March, a panel of experts got together for a virtual roundtable titled “Restoring National Cybersecurity: A Look into the First 100 Days of the New Administration” to discuss the challenges we face and offer guidance for how to address them effectively. The agenda of the discussion was to develop an action plan that might help guide the Biden Administration as it strives to respond to these types of attacks and strengthen the cybersecurity posture of the nation in general to prevent similar attacks in the future.

New cryptomining malware builds an army of Windows, Linux bots

www.bleepingcomputer.com/news/security/new-cryptomining-malware-builds-an-army-of-windows-linux-bots/ A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. The attackers “are targeting cloud workloads through remote code injection/remote code execution vulnerabilities in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts to gain initial access, ” Lacework found. “Lateral movement is conducted via SSH keys available on the victim machine and hosts identified from bash history files, ssh config files, and known_hosts files, ” Lacework added.

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

threatpost.com/oscar-bait-hackers-nominated-phishing-malware/165583/ Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials they think they’re about to stream Oscar-nominated films, but the reality turns out to be much different.

Base64 Hashes Used in Web Scanning

isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/

Vientituotteena valvova silmä

www.hs.fi/ulkomaat/art-2000007938713.html Tekoäly valvoo Xinjiangin uiguurien jokaista askelta. Digitaalinen diktatuuri on Kiinan vientituote, joka voi olla uhka demokratioille. HYMYILE, olet piilokamerassa! Tiedämmekin jo, kuka olet ja mitä teit viime kesänä!. [TILAAJILLE]

You might be interested in …

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. = Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even […]

Read More

Daily NCSC-FI news followup 2019-12-06

If there’s somethin’ stored in a secure enclave, who ya gonna call? Membuster! www.theregister.co.uk/2019/12/05/membuster_secure_enclave/ Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus. Read also: arxiv.org/pdf/1912.01701.pdf VCs find exciting […]

Read More

Daily NCSC-FI news followup 2020-10-18

New Windows 10 Remote Hacking Threat ConfirmedHomeland Security Says Update Now www.forbes.com/sites/daveywinder/2020/10/18/new-windows-10-remote-hacking-threat-confirmed-homeland-security-says-update-now/ CVE-2020-5135 – Buffer Overflow in SonicWall VPNs – Patch Now isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/ Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.