Daily NCSC-FI news followup 2021-05-18

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China

www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html Internal Apple documents reviewed by The New York Times, interviews with 17 current and former Apple employees and four security experts, and new filings made in a court case in the United States last week provide rare insight into the compromises Mr. Cook has made to do business in China.. Chinese state employees physically manage the computers. Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers theyre meant to secure.. Also https://twitter.com/matthew_d_green/status/1394394630523871233

Crypto-mining gangs are running amok on free cloud computing platforms

therecord.media/crypto-mining-gangs-are-running-amok-on-free-cloud-computing-platforms/ Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms.. The list of services that have been abused this way includes the likes of GitHub, GitLab, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.

Ransomware: Patient data could be ‘abused’ after health service attack, warns Irish government

www.zdnet.com/article/ransomware-patient-data-could-be-abused-after-health-service-attack-warns-irish-government/ Condemning any public release by the attackers of stolen patient data as “utterly contemptible”, officials have urged anyone who is affected to contact the Health Service Executive (HSE) or the authorities. . Press release at

www.gov.ie/en/press-release/a2f03-government-ministers-meet-on-the-hse-cyber-attack/

Microsoft, Adobe Exploits Top List of Crooks Wish List

threatpost.com/top-microsoft-adobe-exploits-list/166241/ The exploit market is accommodating cybercrooks hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).. Researchers found that the average price for exploits that threat actors were willing to pay was $2,000. The crooks are going after fresh, tender new vulnerabilities, with 52 percent of exploits on their wish list being less than 2 years old: an age bracket that also accounts for 54 percent of exploits being sold.. Also

www.darkreading.com/vulnerabilities—threats/47–of-criminals-buying-exploits-target-microsoft-products/d/d-id/1341037

Latest phones are great at thwarting Wi-Fi tracking. Other devices, not so much study

www.theregister.com/2021/05/18/wifi_tracking_failures/ “We think this per-connection randomization scheme is a significant step in the right direction and has become the standard across modern mobile devices as of iOS 14 and Android 10,” Ellis Fenske, assistant professor of cyber science at the US Naval Academy told The Register, in a personal rather than institutional capacity.

EU extends sanctions against Chinese, Russian, and N. Korean hackers for another year

therecord.media/eu-extends-sanctions-against-chinese-russian-and-n-korean-hackers-for-another-year/ The European Union has extended today the legal framework that allows it to sanction foreign hackers, effectively extending its existing sanctions on Chinese, Russian, and North Korean hackers for another year, until May 18, 2022.

Cloud Configuration Risks Exposed

f.hubspotusercontent40.net/hubfs/1665891/Threat%20reports/AquaSecurity_Cloud_security_report_H1-2021.pdf There are numerous security posture issues across infrastructure as a service (IaaS) and platform as a service (PaaS) accounts, which suggests a wide-ranging lack of understanding of proper infrastructure configuration. 82.4% of environments had open to the internet issues.. 8% percent of small and midsize business users fixed every detected issue, versus only 1% of enterprise users.. More than 50% of organizations get alerts about misconfigured services that have left ports open to the world. But only 68% of these issues were fixed and even then, the average time to do so was 24 days.

Ransomware victim shows why transparency in attacks matters

www.bleepingcomputer.com/news/security/ransomware-victim-shows-why-transparency-in-attacks-matters/ On May 5th, green energy tech provider Volue suffered a Ryuk ransomware attack that impacted some of their front-end customer platforms.. Since then, Volue has been transparent about the cyberattack by providing webcasts, daily updates, and the email addresses and phone numbers for their CEO and CFO for questions about the attack.. Volue’s transparency is in stark contrast to the disclosures typically seen in ransomware attacks and should be used as a model for future disclosures.

You might be interested in …

Daily NCSC-FI news followup 2020-06-14

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it […]

Read More

Daily NCSC-FI news followup 2020-11-30

German users targeted with Gootkit banker or REvil ransomware blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/ On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystroke or video recording designed to […]

Read More

Daily NCSC-FI news followup 2021-03-06

Chinas RedEcho accused of targeting Indias power grids blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/ RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future [PDF].. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.