Daily NCSC-FI news followup 2021-05-25

– From Wiper to Ransomware – The Evolution of Agrius

labs.sentinelone.com/from-wiper-to-ransomware-the-evolution-of-agrius/ Researchers say they’ve uncovered a new disk-wiping malware (wiper) that’s disguising itself as ransomware as it unleashes destructive attacks on Israeli targets. Full report as PDF:

assets.sentinelone.com/sentinellabs/evol-agrius

Evolution of JSWorm ransomware

securelist.com/evolution-of-jsworm-ransomware/102428/ JSWorm ransomware was discovered in 2019 and since then different variants have gained notoriety under various names such as Nemty, Nefilim, Offwhite and several others. The experts describe the evolution and technical details of the ransomware in the Securelists blog.

Audio maker Bose discloses data breach after ransomware attack

www.bleepingcomputer.com/news/security/audio-maker-bose-discloses-data-breach-after-ransomware-attack/ Bose systems were breached in March. Bose recovered and secured the systems with third-party cybersecurity experts. No ransom was paid.

Domino’s India discloses data breach after hackers sell data online

www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/ The data breach seems to have leaked employee and customer data, such as mobile numbers, names, email addresses, and GPS coordinates

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html The researchers at Mandiant walk you through the year 2020 of low sophistication compromises on OT environments

Microsoft uses GPT-3 to let you code in natural language

techcrunch.com/2021/05/25/microsoft-uses-gpt-3-to-let-you-code-in-natural-language/ Microsoft is using OpenAI’s massive GPT-3 natural language model in its no-code/low-code Power Apps service to translate spoken text into code in its recently announced Power Fx language.

New hammering technique for DRAM Rowhammer bug

security.googleblog.com/2021/05/introducing-half-double-new-hammering.html Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.

Attacks on PDF Certification

web-in-security.blogspot.com/2021/05/attacks-on-pdf-certification.html PDF specification also specifies the certification of documents, also known as certification signatures. Researchers performed an extensive analysis of the security of PDF certification. In doing so, they developed the Evil Annotation Attack (EAA), as well as the Sneaky Signature Attack (SSA).

VMware warns of critical bug affecting all vCenter Server installs

www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-affecting-all-vcenter-server-installs/ VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.

Uncovering Shenanigans in an IP Address Block via Hurricane Electric’s BGP Toolkit

isc.sans.edu/diary/rss/27456 InfoSec Handlers tip from Yee Ching Tok on using the excellent HE BGP Toolkit on networks to find malicious phishing sites

You might be interested in …

Daily NCSC-FI news followup 2020-12-30

DHS orders federal agencies to update SolarWinds Orion platform www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. Microsoft: SolarWinds hackers’ goal was the victims’ cloud data www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/ Microsoft says […]

Read More

Daily NCSC-FI news followup 2021-06-30

Public Windows PrintNightmare 0-day exploit allows domain takeover www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ Another vulnerability, CVE-2021-1675 also regarding Print Spooler, was fixed in the Microsoft June update. Researchers from Chinese security company Sangfor, decided to release their writeup and demo exploit called PrintNightmareand believed to release information about the same issue. As it turns out PrintNightmare is not the […]

Read More

Daily NCSC-FI news followup 2021-04-13

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/ Today is Microsoft’s April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won’t be any easier, so […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.