Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets


Apple releases fixes for three WebKit zero-days, additional patches for a fourth


Spam and phishing in Q1 2021

securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns.

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government

www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government Spearphishing emails were sent to various security arms of the Ukrainian government utilizing social engineering lures containing subjects such as: “New COVID-21 Variant” and “An Urgent Computer Update”. This latest iteration of the COVID-themed lures we have been seeing over the past year is not about COVID-19, but a fictitious COVID-21 (bypassing the equally fictitious COVID-20 entirely!) using a fake World Health Organization (WHO) link

NSA releases Cybersecurity Advisory (CSA) on Ensuring Security of Operational Technology

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2589103/nsa-releases-cybersecurity-advisory-on-ensuring-security-of-operational-technol/ The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

New Variant of Buer Loader Written in Rust

www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular. Proofpoint is calling this variant RustyBuer. Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities.

A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges

www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/ Flashpoint has validated recently leaked documents that indicate Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company

Experian API Exposed Credit Scores of Most Americans

krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/ American consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address

You might be interested in …

Daily NCSC-FI news followup 2021-01-31

5 Insights From NSA’s 2020 Cybersecurity Year In Review www.forbes.com/sites/louiscolumbus/2021/01/30/5-insights-from-nsas-2020-cybersecurity-year-in-review/ The report provides insights into the many accomplishments of the NSA Cybersecurity Directorate’s first full year of operations under the leadership of Ms. Anne Neuberger, Director of Cybersecurity. also: www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2466179/nsa-cybersecurity-2020-year-in-review/ Regulator Blasts NZ’s Stock Exchange Over DDoS Meltdown www.databreachtoday.co.uk/regulator-blasts-nzs-stock-exchange-over-ddos-meltdown-a-15881 New Zealand’s financial regulator has issued […]

Read More

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai […]

Read More

Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.