Daily NCSC-FI news followup 2021-06-19

North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute

thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which – “27.102.114[.]89” – – has been previously linked to a state-sponsored threat actor dubbed Kimsuky.

Inside the Market for Cookies That Lets Hackers Pretend to Be You

www.vice.com/en/article/n7b3jm/genesis-market-buy-cookies-slack A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market. On Genesis, criminals don’t just buy one cookie; they buy exclusive access to a “bot, ” a compromised computer that is part of a botnet which could contain any number of login details. But more importantly, Genesis also lets customers essentially recreate a one-to-one replica of that victim’s browser, with their cookies and device fingerprints intact.

Klingon RAT Holding on for Dear Life

www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/ This is a technical analysis of an advanced RAT written in Go that we are calling Klingon RAT. The RAT is well-featured and resilient due to its multiple methods of persistence and privilege escalation. It was determined that the RAT is being used by cybercriminals for financial gain. It is important to stay on top of this threat as it will degrade Antivirus security through killing targeted processes and hiding communications through encrypted channels.

Easy Access to the NIST RDS Database

isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ When you’re facing some suspicious files while performing forensic investigations or analyzing malware components, it’s always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project (“National Software Reference Library”). They build “Reference Data Set” (RDS) of information that can be queried to verify a file hash. CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!

The researchers managed to identify and report the presence of Joker malware in 8 apps on Google Play Store

www.hackread.com/android-joker-malware-back-on-play-store/ The malware infects the user’s device after the infected application is downloaded and keeps collecting data secretly.

Podcast: Hyvä, paha govcoin mistä kansallisissa digivaluutoissa on kyse?

ulkopolitist.fi/2021/06/19/podcast-hyva-paha-govcoin-mista-kansallisissa-digivaluutoissa-on-kyse/ Lohkoketjuihin perustuvien kryptovaluuttojen rinnalle on noussut uusi ilmiö: “govcoinit” eli valtioiden omat digivaluutat. Mitä se merkitsee, ja onko ilmiöllä itse asiassa paljoakaan tekemistä kohuttujen kryptojen kanssa?

You might be interested in …

Daily NCSC-FI news followup 2020-08-06

Australia’s 2020 Cyber Security Strategy www.pm.gov.au/media/australias-2020-cyber-security-strategy The Morrison Governments 2020 Cyber Security Strategy outlines how we will keep Australian families and businesses secure online, protect and strengthen the security and resilience of Australias critical infrastructure and ensure law enforcement agencies have the powers and technical capabilities to detect, target, investigate and disrupt cybercrime, including on […]

Read More

Daily NCSC-FI news followup 2020-08-07

The Secret Life of an Initial Access Broker ke-la.com/the-secret-life-of-an-initial-access-broker/ Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors. Since this leak represents an ever-growing ransomware risk, KELA delved into both the leaks content and the actors who were […]

Read More

Daily NCSC-FI news followup 2019-10-02

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping www.helpnetsecurity.com/2019/10/01/prying-eye-vulnerability/ Cequence Securitys CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. How SMBs Can Mitigate the Growing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.