Daily NCSC-FI news followup 2021-07-23

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ Anything that can gain access to machineseven so-called commodity malwarecan bring in more dangerous threats. Weve seen this in banking Trojans serving as entry point for ransomware and hands-on-keyboard attacks. LemonDuck, an actively updated and robust malware thats primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more . sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.. LemonDucks threat to enterprises is also in the fact that its a cross-platform threat. Its one of a few documented bot malware families that targets Linux systems as well as Windows devices. It uses a wide range of spreading mechanismsphishing emails, exploits, USB devices, brute force, among othersand it has shown that it can quickly take advantage of news, events, or the release of . new exploits to run effective campaigns.

Top Organizations on GitHub Vulnerable to Dependency Confusion Attacks

redhuntlabs.com/blog/top-organizations-on-github-vulnerable-to-dependency-confusion-attack.html On analyzing these repositories, we found that 93 repositories out of Top 1000 GitHub Organizations are using a package that doesnt exist on a public package index which can be claimed by an attacker to cause a supply chain attack. On similar lines, we observed that 169 repositories were found to be installing dependencies from a host that isnt reachable over the internet and 126 repositories . were installing packages owned by a GitHub/Gitlab user that doesnt exist.

Uber found to have interfered with privacy of over 1 million Australians

www.zdnet.com/article/uber-found-to-have-interfered-with-privacy-of-over-1-million-australians/ Australia’s Information Commissioner and Privacy Commissioner Angelene Falk on Friday said US-based Uber Technologies Inc and Dutch-based Uber B.V. failed to appropriately protect the personal data of an estimated 1.2 million Australian customers and drivers, when it was accessed from a breach in October and November 2016.

The Fraud Family

blog.group-ib.com/fraud_family_nl Group-IB Threat Intelligence and Cyber Investigations teams uncovered a massive Fraud-as-a-Service operation. Our researchers identified a Dutch-speaking criminal syndicate, codenamed Fraud Family by Group-IB, which develops, sells and rents sophisticated phishing frameworks to other cybercriminals targeting users mainly in the Netherlands and Belgium. The phishing frameworks allow attackers with . minimal skills to optimize the creation and design of phishing campaigns to carry out massive fraudulent operations all the while bypassing 2FA.

Questions that help CISOs and boards have each others back

www.helpnetsecurity.com/2021/07/22/questions-board-members-security/ Boards of directors and executives seem increasingly interested in understanding their companies security posture. And why wouldnt they be?

The NSO Surveillance List: What It Is and Isnt

zetter.substack.com/p/the-nso-surveillance-list-what-it A series of blockbuster stories published this week around a leaked list of 50,000 phone numbers have created confusion about whether the owners of those numbers were targets of surveillance or not.. To give readers a little clarity about the list and its revelations, Ive laid out what we do and dont know about it and how it might have been used. . Also

www.calcalistech.com/ctech/articles/0,7340,L-3912882,00.html

Kyberisku Etelä-Afrikan satamiin rahti ei liiku ennen kuin järjestelmät on palautettu

www.tivi.fi/uutiset/tv/917f924b-9b09-4fd6-8f6c-ca1305e9568f Etelä-Afrikan pääsatamien toiminnasta vastaava valtionyhtiö Transnet on kärsinyt tänään torstaina it-ongelmista. Reutersin lähteiden mukaan kyse on kyberhyökkäyksestä, mutta yhtiö ei ole virallisesti vahvistanut asiaa.

Kvanttitietokoneet mullistavat salausmenetelmät kryptografian osaajista on nyt kasvava pula

www.tivi.fi/uutiset/kvanttitietokoneet-mullistavat-salausmenetelmat-kryptografian-osaajista-on-nyt-kasvava-pula/a0c16f9f-3246-4cf5-9055-203f00e1901f Kysyntä kryptografian osaajille kasvaa. Asia käy ilmi Kyberala ry:n vuosittaisesta jäsenkyselystä, jossa kryptografian osaajat nousivat kolmen kärkeen kysyttäessä, minkä sektorin osaajista on pulaa työmarkkinoilla.

You might be interested in …

Daily NCSC-FI news followup 2021-10-24

Verkkopankkitunnusten kalastelu jyrkässä nousussa yle.fi/uutiset/3-12157789 Tänä vuonna tehdään ennätyksiä tunnuskalasteluun menneissä rahamäärissä, sanoo tietoturva-asiantuntija Ville Kontinen liikenne- ja viestintävirasto Traficomista. Poliisin kyberrikostorjuntakeskuksen tietojen mukaan verkkopankkitunnusten kalastelulla on aiheutettu tänä vuonna jo yli 8, 5 miljoonan euron vahingot. Valeverkkopankkeihin on kirjautunut tänä vuonna jo satoja suomalaisia. BlackMatter ransomware victims quietly helped using secret decryptor www.bleepingcomputer.com/news/security/blackmatter-ransomware-victims-quietly-helped-using-secret-decryptor/ Cybersecurity […]

Read More

Daily NCSC-FI news followup 2021-10-02

Conti gang threatens to dump victim data if ransom negotiations leak to reporters therecord.media/conti-gang-threatens-to-dump-victim-data-if-ransom-negotiations-leak-to-reporters/ The Conti ransomware gang has published a rare public statement today threatening hacked companies that they will leak their stolen files if details or screenshots of the ransom negotiations process are leaked to journalists. US unites 30 countries to disrupt global […]

Read More

Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.