Daily NCSC-FI news followup 2021-06-14

Ransomware is the biggest threat, says GCHQ cybersecurity chief

www.tripwire.com/state-of-security/security-data-protection/ransomware-biggest-threat-says-gchq-cybersecurity-chief/ The head of the UKs National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the cumulative effect if society fails to properly deal with the rising threat.

It took hackers $10 worth of stolen cookies and some lies to breach EA’s systems

www.neowin.net/news/it-took-hackers-10-worth-of-stolen-cookies-and-some-lies-to-breach-eas-systems/ Reports broke yesterday of a massive data breach at Electronic Arts that resulted in the theft of close to 780GB worth of data containing FIFA 21 and Frostbite engine source code. While the code itself isnt being made available on the web, hackers have reportedly posted screenshots of some of the stolen content as proof of possession. The hackers claim that they started off by purchasing stolen cookies for $10 from the web. These cookies possibly containing Slack login details of EA employees were then used to gain access to a Slack channel, with the hackers likely masquerading as internal employees.

US-based organizations are under constant ransomware attacks

www.pandasecurity.com/en/mediacenter/panda-security/us-ransomware-attacks/ Organizations located in the USA are under an unprecedented amount of ransomware attacks that will very likely to continue to grow. In 2020 alone, hackers executed more than 65,000 attacks on U.S. institutions, which equals to approximately seven attacks per minute. Even though most of those attacks are purely driven by greed, they often end up causing absolute havoc for companies and consumers. Panic buying caused gas-shortage on the East Coast with customers paying north of $7 per gallon because of a cybersecurity incident at Colonial Pipeline back in May.

Microsoft: Scammers bypass Office 365 MFA in BEC attacks

www.bleepingcomputer.com/news/security/microsoft-scammers-bypass-office-365-mfa-in-bec-attacks/ Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign. The attackers compromised their targets’ mailboxes using phishing and exfiltrated sensitive info in emails matching forwarding rules, allowing them to gain access to messages relating to financial transactions. “The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns,” Microsoft 365 Defender Research Team’s Stefan Sellmer and Microsoft Threat Intelligence Center (MSTIC) security researcher Nick Carr explained.

G7 calls on Russia to crack down on ransomware gangs

therecord.media/g7-calls-on-russia-to-crack-down-on-ransomware-gangs In light of the recent wave of high-profile ransomware attacks that have caused havoc in the US and Europe, the member states of the G7 group have called on Russia and other countries to crack down on ransomware gangs operating within their borders. We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions, the G7 group said in a communique [PDF] published on Sunday, at the end of a three-day conference held in Cornwall, UK.

Malware hosting domain Cyberium fanning out Mirai variants

cybersecurity.att.com/blogs/labs-research/malware-hosting-domain-cyberium-fanning-out-mirai-variants AT&T Alien Labs has observed the Mirai variant botnet, known as Moobot, scanning for known but uncommon vulnerabilities in Tenda routers, resulting in a considerable peak in our internal telemetry. The research associated with this peak resulted in the discovery of a malware hosting domain, providing several different Mirai variants, like Moobot and Satori.

This data and password-stealing malware is spreading in an unusual way

www.zdnet.com/article/this-data-and-password-stealing-malware-is-spreading-in-an-unusual-way/ Attackers behind the malware known as SolarMarker are using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive. According to Microsoft, SolarMarker is a backdoor malware that steals data and credentials from browsers.

Varmista, etteivät tietosi päädy rikollisille toimi näin

www.iltalehti.fi/tietoturva/a/d4e66a27-53a0-4f98-9acb-1ac1804ccb0d Omalla toiminnalla on suuri vaikutus siihen, kuinka turvassa omat tiedot ovat. Suomessa on liikkeellä todella runsaasti erilaisia huijausviestejä, joilla yritetään kalastella tietoja ja päästä käsiksi uhrien rahoihin pankkitunnuksilla. Erilaisilta huijauksilta ja hyökkäyksiltä voi suojautua tehokkaasti toimimalla oikein sellaiseen törmätessä. Lisäksi on tärkeä suojautua jo ennakkoon hyökkäyksiä vastaan.. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kerännyt yhteen seitsemän käytännön ohjetta siihen, miten hyökkäyksiltä voi suojautua tehokkaasti ennakkoon.. Kyberturvallisuuskeskus jakoi hiljattain ohjeet myös organisaatioille siihen, miten verkkotunnukset voi pitää paremmin turvassa.

Microsoft: SEO poisoning used to backdoor targets with malware

www.bleepingcomputer.com/news/security/microsoft-seo-poisoning-used-to-backdoor-targets-with-malware/ Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims’ sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo), a .NET RAT that runs in memory and is used by attackers to drop other payloads on infected devices.

New Top 20 Secure-Coding List Positions PLCs as Plant ‘Bodyguards’

www.darkreading.com/vulnerabilities—threats/new-top-20-secure-coding-list-positions-plcs-as-plant-bodyguards/d/d-id/1341289 Programmable logic controllers (PLCs) traditionally have been considered inherently insecure. But a new security initiative that outlines 20 best practices for coding the industrial computing device aims to reimagine the PLC as the last line of cyber defense in an industrial process. A group of cybersecurity experts and automation engineers has created an open source guide with 20 recommendations for configuring PLCs for resilience in case of a security incident or misconfiguration on the industrial network.

You might be interested in …

Daily NCSC-FI news followup 2019-09-25

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to […]

Read More

Daily NCSC-FI news followup 2019-11-30

How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if youve never used Disney+ or NordVPN. medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 New Chrome Password Stealer Sends Stolen Data to a MongoDB Database www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/ A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, […]

Read More

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.