Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update

support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware and instructions are available.

Proof of Concept exploit released for Cisco ASA vulnerability

therecord.media/cisco-devices-come-under-new-attacks-including-a-hacktivist-campaign/ After PoC for cross-site scripting vulnerability (CVE-2020-3580) was posted on Twitter, bug hunters as well as criminals started searching for vulnerable devices. The bug requires tricking a user with an account on the device’s admin interface to click a malicious link. Exploiting the bug allows the attacker to execute malicious code on the ASA and FTD management panel with admin privileges. PoC: https://twitter.com/ptswarm/status/1408050644460650502

Spear phishing campaign with new techniques aimed at aviation companies

www.fortinet.com/blog/threat-research/spear-phishing-campaign-with-new-techniques-aimed-at-aviation-companies FortiGuard Labs Threat Research Report goes through spear phishing campaign technical details ending with final payload of AsyncRAT, a tool to steal credentials and other sensitive data

Ransomware gangs now creating websites to recruit affiliates

www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating-websites-to-recruit-affiliates/ Some Ransomware as a Service have been having to adapt to getting new affiliates to distribute the ransomware, after the topic was banned on Russian-speaking cybercrime forums. One of the RaaS providers, Himalaya, prohibits using the provided ransomare against healthcare, public, and non-profit organizations.

New ransomware variant uses Golang packer

www.crowdstrike.com/blog/new-ransomware-variant-uses-golang-packer/ CrowdStrike recently observed a ransomware sample borrowing implementations from previous HelloKitty and FiveHands variants and using a Golang packer compiled with the most recent version of Golang (Go1.16, released mid-February 2021). Golang-written malware and packers are not new, compiling it with the latest Golang (Go1.16) makes it challenging to debug for malware researchers. That’s because all necessary libraries are statically linked and included in the compiler binary and the function name recovery is difficult.

EA ignored domain vulnerabilities for months despite warnings and breaches

www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/ Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers.

One billion dollars lost by over-60s through online fraud in 2020

hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.html According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. In the IC3’s Elder Fraud Report, the FBI detailed that approximately 28% of all fraud losses are sustained by victims who are over 60 years old with losses totalling approaching US $1 billion.

What is the WireGuard VPN protocol?

blog.malwarebytes.com/101/2021/06/what-is-the-wireguard-vpn-protocol/ WireGuard is the newest player in the VPN protocol world and has many advantages over older types of protocols. Many experts are excited about WireGuard because it trims the fat to be faster and lighter than protocols like OpenVPN.

You might be interested in …

Daily NCSC-FI news followup 2021-03-22

Näin haittaohjelma tulee älypuhelimeen ja miten se estetään pjarvinen.blogspot.com/2021/03/nain-haittaohjelma-tulee-alypuhelimeen.html?m=1&s=09 Pari päivää sitten puhelimeeni kilahti tekstiviesti: “[OmaPosti] Sinulla on paketti, joka on allekirjoitettava, tarkista…” (ja is.gd-linkkilyhennyspalvelun taakse piilotettu osoite). Haittaohjelmien yhä lisääntyessä virustorjuntaohjelma saattaa olla paikallaan, varsinkin jos puhelimeen ladataan pelejä ja sitä käytetään huolimattomasti. Ilman torjuntaohjelmaakin pärjää, kunhan ei lataa epämääräisiä ohjelmia eikä ikinä asenna […]

Read More

Daily NCSC-FI news followup 2020-12-02

Using Speakeasy Emulation Framework Programmatically to Unpack Malware www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will […]

Read More

Daily NCSC-FI news followup 2020-10-08

Saitko tekstiviestin Postin nimissä? Varothan, viesti voi olla huijaus www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Päivitetty 07.10.2020 14:28. Uudessa huijaustyypissä tekstiviestillä lähetetystä linkistä aukeava kalastelusivu muuntautuu päätelaitteesi mukaan: iOS-laitteilta kalastellaan iCloud-tunnuksia, Androideille tarjotaan haitallista sovellusta (.apk-paketti). Android Users Beware: Delete These 240 Malicious Apps Now www.forbes.com/sites/kateoflahertyuk/2020/10/08/android-users-beware-delete-these-240-malicious-apps-now/ Android users need to check their devices today after security researchers revealed 240 malicious […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.