Daily NCSC-FI news followup 2021-04-29

Prime targets: Governments shouldn’t go it alone on cybersecurity

www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/ A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital

“BadAlloc” Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/ Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.

PHP Supply Chain Attack on Composer

blog.sonarsource.com/php-supply-chain-attack-on-composer In the PHP ecosystem, Composer is the major tool to manage and install software dependencies. It is used by development teams world-wide to ease the update process and to ensure that applications work effortless across environments and versions. During our security research, we discovered a critical vulnerability in the source code of Composer which is used by Packagist. It allowed us to execute arbitrary system commands on the Packagist.org server. In this blog post, we introduce the detected code vulnerabilities and how these were patched.

QNAP finds evidence of AgeLocker ransomware activity in the wild

www.bleepingcomputer.com/news/security/qnap-finds-evidence-of-agelocker-ransomware-activity-in-the-wild/ QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices following a massive Qlocker ransomware campaign earlier this month.

Ransomware gang leaks court and prisoner files from Illinois Attorney General Office

therecord.media/ransomware-gang-leaks-court-and-prisoner-files-from-illinois-attorney-general-office/ The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after negotiations have broken down and officials refused to pay a ransom demand, The Record has learned.

New ransomware task force wants more support for victims who don’t pay

therecord.media/new-ransomware-task-force-wants-wants-more-support-for-victims-who-dont-pay/ A new government and industry coalition on Thursday put its weight behind a number of aggressive measures aimed at curbing ransomware, including financially supporting victims who refuse to pay attackers and making it easier to track cryptocurrency payments. The group has been working over the last four months on an 80-page report released today that highlights the growing threat of ransomware and proposes a long list of actions that would reverse the trend that cybersecurity experts have been observing in recent years. also:


Incident Response Life Cycle Phases for Effective IR

www.secureworks.com/blog/incident-response-life-cycle-phases-for-effective-ir Incident Response frameworks highlight the importance of preparation and improvement for improved response outcomes

The Business of Fraud: Deepfakes, Fraud’s Next Frontier

www.recordedfuture.com/deepfakes-frauds-next-frontier/ Threat actors have begun to use dark web sources to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Furthermore, threat actors are using these sources, as well as many clearnet sources such as forums and messengers, to share tools, best practices, and advancements in deepfake techniques and technologies. As reported by Insikt Group’s Criminal and Underground Team throughout 2020, threat actors are developing customized deepfake products. PDF report: go.recordedfuture.com/hubfs/reports/cta-2021-0429.pdf

Suomalaistutkija päätti kokeilla onnistuuko hyökkäys Applen järjestelmiin no kyllähän se onnistui

www.tivi.fi/uutiset/tv/8cce5350-ebf3-4cff-ba40-1f5fe9a9911b Kyberturvallisuusyhtiö Nixun tietoturva-asiantuntija Aapo Oksman löysi haavoittuvuuden Applen iOS-käyttöjärjestelmästä ja sen App Store – -sovelluskaupan toiminnasta. Haavoittuvuus paikattiin hiljattain julkaistuissa iOS 14.5- ja iPadOS 14.5 -päivityksissä.

City fined for tracking its citizens via their phones

blog.malwarebytes.com/privacy-2/2021/04/city-fined-for-tracking-its-citizens-via-their-phones/ The Dutch information watchdogthe Autoriteit Persoonsgegevens (AP)has fined the city of Enschede for 600, 000 for tracking its citizens’ movements without permission. It is the first time that a Dutch government body has been fined by the AP. The investigation was set in motion after it received a complaint about tracking.

You might be interested in …

Daily NCSC-FI news followup 2020-10-17

Google warned users of 33,000 state-sponsored attacks in 2020 www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/ Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. Political campaign emails contain dark patterns to manipulate donors, voters www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/ Princeton researchers analyzed 100,000 different campaign emails from more […]

Read More

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Daily NCSC-FI news followup 2021-05-21

Insurance company paid $40 million in ransom after march cyberattack www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack CNA Financial paid $40 million in late March to regain control of its network after a ransomware attack. The payment is bigger than any previously disclosed payments to hackers. Microsoft Warns of Data Stealing Malware StrRAT That Pretends to Be Ransomware threatpost.com/email-campaign-fake-ransomware-rat/166378/ On Thursday […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.