Daily NCSC-FI news followup 2021-05-25

– From Wiper to Ransomware – The Evolution of Agrius

labs.sentinelone.com/from-wiper-to-ransomware-the-evolution-of-agrius/ Researchers say they’ve uncovered a new disk-wiping malware (wiper) that’s disguising itself as ransomware as it unleashes destructive attacks on Israeli targets. Full report as PDF:

assets.sentinelone.com/sentinellabs/evol-agrius

Evolution of JSWorm ransomware

securelist.com/evolution-of-jsworm-ransomware/102428/ JSWorm ransomware was discovered in 2019 and since then different variants have gained notoriety under various names such as Nemty, Nefilim, Offwhite and several others. The experts describe the evolution and technical details of the ransomware in the Securelists blog.

Audio maker Bose discloses data breach after ransomware attack

www.bleepingcomputer.com/news/security/audio-maker-bose-discloses-data-breach-after-ransomware-attack/ Bose systems were breached in March. Bose recovered and secured the systems with third-party cybersecurity experts. No ransom was paid.

Domino’s India discloses data breach after hackers sell data online

www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/ The data breach seems to have leaked employee and customer data, such as mobile numbers, names, email addresses, and GPS coordinates

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html The researchers at Mandiant walk you through the year 2020 of low sophistication compromises on OT environments

Microsoft uses GPT-3 to let you code in natural language

techcrunch.com/2021/05/25/microsoft-uses-gpt-3-to-let-you-code-in-natural-language/ Microsoft is using OpenAI’s massive GPT-3 natural language model in its no-code/low-code Power Apps service to translate spoken text into code in its recently announced Power Fx language.

New hammering technique for DRAM Rowhammer bug

security.googleblog.com/2021/05/introducing-half-double-new-hammering.html Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.

Attacks on PDF Certification

web-in-security.blogspot.com/2021/05/attacks-on-pdf-certification.html PDF specification also specifies the certification of documents, also known as certification signatures. Researchers performed an extensive analysis of the security of PDF certification. In doing so, they developed the Evil Annotation Attack (EAA), as well as the Sneaky Signature Attack (SSA).

VMware warns of critical bug affecting all vCenter Server installs

www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-affecting-all-vcenter-server-installs/ VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.

Uncovering Shenanigans in an IP Address Block via Hurricane Electric’s BGP Toolkit

isc.sans.edu/diary/rss/27456 InfoSec Handlers tip from Yee Ching Tok on using the excellent HE BGP Toolkit on networks to find malicious phishing sites

You might be interested in …

[NCSC-FI News] The Golden Hour of Incident Response

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

[NCSC-FI News] Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies. Source: Read More […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.