Daily NCSC-FI news followup 2021-07-27

Microsoft Teams now automatically blocks phishing attempts

www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/ Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.. This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 months since the start of the pandemic and the quick switch to remote work.. Also

www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-now-secures-removable-storage-printers/

UK worries Starlink and OneWeb may interfere with each other, plans new rules

arstechnica.com/information-technology/2021/07/starlink-and-similar-networks-could-block-each-others-signals-uk-warns/ A UK government agency is worried that OneWeb, SpaceX’s Starlink, and similar low Earth orbit (LEO) satellite-broadband systems could block each others’ signals.. “The potential for harmful interference between different satellite systems is usually managed by operators cooperating with each other under the ITU satellite coordination procedures,” Ofcom wrote. The agency added: However, coordination between NGSO systems is proving to be more challenging due to the dynamic nature of these systems […]

New Attacks on Kubernetes via Misconfigured Argo Workflows

www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/ We have identified infected nodes and there is the potential for larger scale attacks due to hundreds of misconfigured deployments. We have detected exposed instances of Argo Workflows that belong to companies from different sectors including technology, finance and logistics.

IDEMIA fixes vulnerability that can allow threat actors to open doors remotely

therecord.media/idemia-fixes-vulnerability-that-can-allow-threat-actors-to-open-doors-remotely/ Tracked as CVE-2021-35522, the vulnerability impacted IDEMIA devices like VisionPass facial recognition devices, SIGMA fingerprint terminals, and MorphoWave and MorphoAccess vein and fingerprint authentication solutions.

Biden administration officials endorse ransomware reporting rules

therecord.media/biden-administration-officials-endorse-ransomware-reporting-rules/ Also in the UK,

www.theregister.com/2021/07/27/uk_security_breach_reporting_law_thresholds/

A Controversial Tool Calls Out Thousands of Hackable Websites

www.wired.com/story/punkspider-web-site-vulnerabilities/ At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to releaseor, rather, to upgrade and re-release after a years-long hiatusa tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible

The Challenges of Vulnerability Management in OT Environments

www.dragos.com/blog/the-challenges-of-vulnerability-management-in-ot-environments/ After careful analysis and field validation, Dragos has found that publicly announced vulnerability severity scores are often inaccurate, incomplete and lack both context and guidance. This means that industrial teams are struggling with how to interpret and apply them in their environments and spending too much time chasing the wrong issues.. Whitepaper at

hub.dragos.com/hubfs/Whitepapers/Understanding%20the%20Challenges%20of%20OT%20Vulnerability%20Management%20and%20How%20to%20Tackle%20Them%20-%20Dragos%202021.pdf

A new chapter for Googles Vulnerability Reward Program

security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com.. We also want to take a moment to shine a light on some aspects of the VRP that are not yet well-known, such as: Submitting patches to open-source software is eligible for a reward. We have rewards for research papers on the security of open source. Your open-source software might be eligible for a subsidy

HP finds 75% of threats were delivered by email in first six months of 2021

www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/ HP’s researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools are able to solve CAPTCHA challenges using computer vision techniques. . Report at

threatresearch.ext.hp.com/wp-content/uploads/2021/07/HP_Wolf_Security_Threat_Insights_Report_H1_2021.pdf

Hackers Turning to ‘Exotic’ Programming Languages for Malware Development

thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html Earlier this year, enterprise security firm Proofpoint discovered new malware written in Nim (NimzaLoader) and Rust (RustyBuer) that it said were being used in active campaigns to distribute and deploy Cobalt Strike and ransomware strains via social engineering campaigns. In a similar vein, CrowdStrike last month observed a ransomware sample that borrowed implementations from previous HelloKitty . and FiveHands variants, while using a Golang packer to encrypt its main C++-based payload.

Threat Actors Exploit Misconfigured Apache Hadoop YARN

www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html It should be noted that the exposure of these cloud services is not because they are inherently unsecure, but only because of misconfiguration. Nevertheless, this is an alarming security risk as it allows remote code execution (RCE) on the cluster. Unfortunately, threat actors have been actively exploiting these services for years.

Online Retail Fraud in the Criminal Underground

go.recordedfuture.com/hubfs/reports/cta-2021-0726.pdf In 2021 and for the foreseeable future, we believe that the sale of compromised customer data and account information, credential stuffing tools, and refund fraud tutorials will each likely remain among the most serious threats targeting online retail organizations and e-commerce platforms. . Looking ahead, threat actors likely will continue to use dark web marketplaces, forums, and shops to advertise compromised victim PII, account information and rewards, and payment or gift cards. Threat actors advertising these commodities seemingly do not target specific retailers exclusively, instead regularly selling similar data from many retail and e-commerce entities.

PHOBOS ransomware infection at the Clinical Hospital No.1 CF Witting in Bucharest

www.databreaches.net/phobos-ransomware-infection-at-the-clinical-hospital-no-1-cf-witting-in-bucharest/ Moreover, the present attack is similar to the one in the summer of 2019, when 4 other hospitals in Romania were affected by PHOBOS, in the context of the lack of antivirus solutions at the level of the IT&C infrastructure used by them. PHOBOS ransomware has a medium level of complexity, using as a method of infection, mainly Remote Desktop Protocol (RDP) connections.

‘Praying Mantis’ threat actor targeting Windows internet-facing servers with malware

www.zdnet.com/article/praying-mantis-threat-actor-targeting-windows-internet-facing-servers-with-malware/#ftag=RSSbaffb68 The report said that the advanced and persistent threat actor — which they have named “Praying Mantis” or “TG1021” — mostly used deserialization attacks to load a completely volatile, custom malware platform tailored for the Windows IIS environment.. Report at

f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf

You might be interested in …

Daily NCSC-FI news followup 2019-08-12

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording www.forbes.com/sites/zakdoffman/2019/08/11/nasty-new-malware-waits-until-you-visit-a-pornsite-then-starts-recording/#120b21d7568d At the end of last week, ESET’s security researchers disclosed the discovery of a new strain of malware that takes the trend for sextortion to a new level. Varenyky, as the malware was named by its finders, monitors the activity on infected […]

Read More

Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. Leaky Gekko Group database exposes info on hotel brands, travelers www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over […]

Read More

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.