Daily NCSC-FI news followup 2021-06-09

Summary of June 8 outage

www.fastly.com/blog/summary-of-june-8-outage We experienced a global outage due to an undiscovered software bug that surfaced on June 8 when it was triggered by a valid customer configuration change. We detected the disruption within one minute, then identified and isolated the cause, and disabled the configuration. Within 49 minutes, 95% of our network was operating as normal. Lisäksi:

www.zdnet.com/article/fastlys-global-outage-heres-what-went-wrong. Lisäksi: www.bbc.com/news/technology-57413224. Lisäksi:

www.forbes.com/sites/daveywinder/2021/06/09/no-a-massive-cyberattack-did-not-take-down-the-internet-yesterday/

Mysterious Custom Malware Collects Billions of Stolen Data Points

threatpost.com/custom-malware-stolen-data/166753/ Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies with 400 million of the latter still valid at the time of the database’s discovery.

Hackers can mess with HTTPS connections by sending data to your email server

arstechnica.com/gadgets/2021/06/hackers-can-mess-with-https-connections-by-sending-data-to-your-email-server/ Cross-protocol attacks could potentially steal login cookies or execute malicious code. The researchers are calling their cross-protocol attacks ALPACA, short for “application layer protocols allowing cross-protocol attacks.” At the moment, ALPACA doesn’t pose a major threat to most people. But the risk posed could increase as new attacks and vulnerabilities are discovered or TLS is used to protect additional communications channels. Lisäksi:

alpaca-attack.com/. Lisäksi:

thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

threatpost.com/intel-security-holes-cpus-bluetooth-security/166747/ Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library. Lisäksi:

www.bleepingcomputer.com/news/security/intel-fixes-73-vulnerabilities-in-june-2021-platform-update/. Lisäksi:

www.theregister.com/2021/06/09/intels_latest_patch_set/

Spain’s Ministry of Labor and Social Economy hit by cyberattack

www.bleepingcomputer.com/news/security/spains-ministry-of-labor-and-social-economy-hit-by-cyberattack/ The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday. MITES is a ministerial department with an annual budget of almost 39 million, charged with coordinating and supervising Spain’s employment, social economy, and corporate social responsibility policies

Chinese hackers implicated in breach of Russian government agencies

www.cyberscoop.com/china-hackers-russia-fsb-biden-putin/ Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday. Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said. Lisäksi:

labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/. Lisäksi: rt-solar.ru/analytics/reports/2203/. Lisäksi:

news.drweb.com/show/?i=14177&lng=en

Ransomware gangs are increasingly going after SonicWall devices

therecord.media/ransomware-gangs-are-increasingly-going-after-sonicwall-devices/ According to reports published in April (by Mandiant) and this week (by CrowdStrike), threat actors appear to have found a new target in SonicWall devices. Per the two reports, during the first half of the year, threat actors scanned the internet and relied on exploits for two vulnerabilities to hijack SonicWall equipment. Lisäksi:

www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/. Lisäksi:

www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html

Gelsemium: When threat actors go gardening

www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/ In mid-2020, ESET researchers started to analyze multiple campaigns, later attributed to the Gelsemium group, and tracked down the earliest version of the malware going back to 2014. Victims of these campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities. Lisäksi:

www.theregister.com/2021/06/09/eset_gelsemium_research/. Lisäksi:

www.bleepingcomputer.com/news/security/stealthy-gelsemium-cyberspies-linked-to-noxplayer-supply-chain-attack/

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets

www.bleepingcomputer.com/news/security/github-now-scans-for-accidentally-exposed-pypi-rubygems-secrets/ GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos.

Ultra-high-density hard drives made with graphene store ten times more data

phys.org/news/2021-06-ultra-high-density-hard-graphene-ten.html Graphene can be used for ultra-high density hard disk drives (HDD), with up to a tenfold jump compared to current technologies, researchers at the Cambridge Graphene Center have shown. Lisäksi:

www.nature.com/articles/s41467-021-22687-y

You might be interested in …

Daily NCSC-FI news followup 2019-08-02

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Between July 19 and July 25, 2019, several spear phishing emails were identifiedtargeting three US companies in the utilities sector. . The phishing messages were found to contain a Microsoft Word document attachment that uses VBA macros to installLookBack […]

Read More

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Daily NCSC-FI news followup 2019-10-17

Security researcher publishes proof-of-concept code for recent Android zero-day www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/ Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day. Operation Ghost: The Dukes arent back they never left www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families. We believe Operation Ghost started in 2013 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.