Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update

support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware and instructions are available.

Proof of Concept exploit released for Cisco ASA vulnerability

therecord.media/cisco-devices-come-under-new-attacks-including-a-hacktivist-campaign/ After PoC for cross-site scripting vulnerability (CVE-2020-3580) was posted on Twitter, bug hunters as well as criminals started searching for vulnerable devices. The bug requires tricking a user with an account on the device’s admin interface to click a malicious link. Exploiting the bug allows the attacker to execute malicious code on the ASA and FTD management panel with admin privileges. PoC: https://twitter.com/ptswarm/status/1408050644460650502

Spear phishing campaign with new techniques aimed at aviation companies

www.fortinet.com/blog/threat-research/spear-phishing-campaign-with-new-techniques-aimed-at-aviation-companies FortiGuard Labs Threat Research Report goes through spear phishing campaign technical details ending with final payload of AsyncRAT, a tool to steal credentials and other sensitive data

Ransomware gangs now creating websites to recruit affiliates

www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating-websites-to-recruit-affiliates/ Some Ransomware as a Service have been having to adapt to getting new affiliates to distribute the ransomware, after the topic was banned on Russian-speaking cybercrime forums. One of the RaaS providers, Himalaya, prohibits using the provided ransomare against healthcare, public, and non-profit organizations.

New ransomware variant uses Golang packer

www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/ CrowdStrike recently observed a ransomware sample borrowing implementations from previous HelloKitty and FiveHands variants and using a Golang packer compiled with the most recent version of Golang (Go1.16, released mid-February 2021). Golang-written malware and packers are not new, compiling it with the latest Golang (Go1.16) makes it challenging to debug for malware researchers. That’s because all necessary libraries are statically linked and included in the compiler binary and the function name recovery is difficult.

EA ignored domain vulnerabilities for months despite warnings and breaches

www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/ Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers.

One billion dollars lost by over-60s through online fraud in 2020

hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.html According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. In the IC3’s Elder Fraud Report, the FBI detailed that approximately 28% of all fraud losses are sustained by victims who are over 60 years old with losses totalling approaching US $1 billion.

What is the WireGuard VPN protocol?

blog.malwarebytes.com/101/2021/06/what-is-the-wireguard-vpn-protocol/ WireGuard is the newest player in the VPN protocol world and has many advantages over older types of protocols. Many experts are excited about WireGuard because it trims the fat to be faster and lighter than protocols like OpenVPN.

You might be interested in …

Daily NCSC-FI news followup 2021-11-26

IKEA email systems hit by ongoing cyberattack www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/ IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ […]

Read More

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.