Daily NCSC-FI news followup 2021-07-26

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes

www.forbes.com/sites/kateoflahertyuk/2021/07/26/ios-1471-apple-issues-urgent-iphone-update-with-important-security-fixes/ Its only been a week since Apple released iOS 14.7, which itself included critical security fixes, but did not address a vulnerability in iMessage that adversaries could have been taking advantage of to attack iPhones with the Pegasus spyware.

Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities

www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrend-backup-vulnerabilities/ Last week, the Dutch Institute for Vulnerability Disclosure (DIVD) issued a TLP:AMBER advisory about three unpatched vulnerabilities in the Kaseya Unitrends backup product.. While DIVD released this advisory under the TLP:AMBER designation, DIVD Chairman Victor Gevers told BleepingComputer that it was originally shared with 68 government CERTs under a coordinated disclosure.. However, one of the recipients uploaded it to an online analyzing platform, where it became public to those with access to the service.

PlugwalkJoe Does the Perp Walk

krebsonsecurity.com/2021/07/plugwalkjoe-does-the-perp-walk/ [News coverage on the arrest of Joseph PlugwalkJoe OConnor] overlooks sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks all in a frenzied effort to seize control over social media accounts.. According to the indictment, a week after the Twitter hack a man identifying himself as OConnor called federal investigators in Northern California. Specifically, the call went to the REACT Task Force. REACT is a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that is focused on catching criminal SIM swappers, and by this point REACT already had plenty of audio from . phone calls traced back to OConnor in which he allegedly participated in a SIM swapping or swatting attack.

No More Ransom saves almost 1 billion in ransomware payments in 5 years

www.bleepingcomputer.com/news/security/no-more-ransom-saves-almost-1-billion-in-ransomware-payments-in-5-years/ The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost 1 billion in ransomware payments.


www.keeper.io/hubfs/2021_Ransomware_Impact_Report/2021_Ransomware_Impact_Report.pdf But what happens within an organization post-attack? How are internal processes affected? Whats the impact on employee efficiency and productivity? To find out, Keeper surveyed 2,000 employees across the U.S. whose employers had suffered a ransomware attack in the previous 12 months.. 49% of respondents told Keeper that their employers paid the ransom. However, this money didnt fall out of the sky: 93% reported that their employers tightened budgets in other areas following the ransom payment.. 26% of respondents reported that their employers disclosed the attack only to partners and customers (not the general public), while 15% didnt tell anyone. This indicates that ransomware attacks are likely far more pervasive than anyone realizes.

Disrupting Ransomware by Disrupting Bitcoin

www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html We suggest an easier alternative: merely disrupt the cryptocurrency markets. Making them harder to use will have the effect of making them less useful as a ransomware payment vehicle, and not just because victims will have more difficulty figuring out how to pay. The reason requires understanding how criminals collect their profits.

Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority The average ransom payment declined to $136,576 while the median fell to $47,008, levels not seen since the beginning of 2021. The decrease was primarily driven by a growing number of disparate Ransomware-as-a-Service brands that have proliferated recently, and which have diluted the concentration of attacks controlled by just a few.. [Interesting chart on the various degrees of state responsibility for cyber attacks https://images.squarespace-cdn.com/content/v1/5ab16578e2ccd10898976178/1627049256926-84KBU1XKAFQ6HWRKRW0U/State+responsibility.png]

Estonian Citizen Pleads Guilty to Computer Fraud and Abuse

www.justice.gov/usao-ak/pr/estonian-citizen-pleads-guilty-computer-fraud-and-abuse According to court documents, Pavel Tsurkan, 33, operated a criminal proxy botnet by remotely accessing and compromising more than 1,000 computer devices and internet routers worldwide, including at least 60 victims in Alaska. He used the victims devices to build and operate an Internet of Things (IoT)-based botnet dubbed the Russian2015 using the domain Russian2015.ru. . Also


Clubhouse denies data breach, experts debunk claims of leaked phone numbers

techzimo.com/clubhouse-denies-data-breach-experts-debunk-claims-of-leaked-phone-numbers/ On July 23, a hacker group claimed that they have got access to over 3.8 billion phone numbers from Clubhouse servers. The claim posted on a hackers forum alleging the leak states that the list of numbers contains cellphone, fixed, private, and professional numbers. The information about the claim was shared on Twitter by Jiten Jain, Director, Voyager Infosec.. The social audio app has now denied the leak and after examining the claims, several security experts have also said that these are false allegations against the company.

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/ Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope.. Report at


Meet Package Hunter: A tool for detecting malicious code in your dependencies

about.gitlab.com/blog/2021/07/23/announcing-package-hunter/ Package Hunter is a tool to analyze a program’s dependencies for malicious code and other unexpected behavior by installing the dependencies in a sandbox environment and monitoring system calls executed during the installation. Any suspicious system calls are reported to the user for further examination. It currently supports testing NodeJS modules and Ruby Gems.

You might be interested in …

Daily NCSC-FI news followup 2020-07-15

Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans – starting September 1, 2020 rootdaemon.com/2020/07/14/mozilla-joins-apple-google-in-reducing-tls-certificate-lifespans/ Currently, SSL/TLS certificates have a maximum lifespan of 825 days, but, in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days. The TLS […]

Read More

Daily NCSC-FI news followup 2019-12-28

U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility www.bleepingcomputer.com/news/security/us-coast-guard-says-ryuk-ransomware-took-down-maritime-facility/ The systems encrypted by Ryuk Ransomware directly impacted the facility’s “entire corporate IT network (beyond the footprint of the facility)” [emphasis ours] and physical access and camera control systems, and it also led to “loss of critical process control monitoring systems.” Ransomware Hits Maastricht […]

Read More

Daily NCSC-FI news followup 2020-11-17

Nordean tietomurrosta kahdelle vankeutta yhden syytteet hylättiin Pohjanmaan käräjäoikeudessa yle.fi/uutiset/3-11652084?origin=rss Rikokset ajoittuivat kesään 2019. Käräjäoikeus määräsi tiistaina tuomitut maksamaan pankille yhteensä yli 276 000 euroa vahingonkorvauksia. Delhin poliisi pidätti 17 ihmistä “Microsoftin palvelukeskuksesta” www.tivi.fi/uutiset/tv/79cbdf6d-9551-46b5-b6ff-06a378686a75 Poliisin antamien tietojen mukaan huijariporukka oli ehtinyt petkuttaa ihmisiä jo runsaan vuoden ajan. Uhrien määräksi kerrotaan 2268 ja saaliiksi runsaat 0, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.