Daily NCSC-FI news followup 2021-07-31

Experts Uncover Several C&C Servers Linked to WellMess Malware

thehackernews.com/2021/07/experts-uncover-several-c-servers.html Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said in a report shared with The Hacker News.

Justice Department says Russians hacked federal prosecutors

apnews.com/article/technology-europe-russia-election-2020-5486323e455277b39cd3283d70a7fd64 The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said Friday.

Some ransomware gangs lose interest in extortion sites

therecord.media/some-ransomware-gangs-lose-interest-in-extortion-sites/ In late 2019, the ransomware group known as Maze pioneered a tactic that soon spread throughout the cybercrime underground: steal encrypted data and threaten to release it publicly unless a ransom is paid. But according to data collected from the sites these groups operate, the practice that’s sometimes referred to as “double extortion” appears to be declining.

Hackers leak full EA data after failed extortion attempt

therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/ The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The hackers said they used the authentication cookies to mimick an already-logged-in EA employee’s account and access EA’s Slack channel and then trick an EA IT support staffer into granting them access to the company’s internal network.

Google shuts down malicious ad posing as Brave browser but delivering malware

therecord.media/google-shuts-down-malicious-ad-posing-as-brave-browser-but-delivering-malware/ Internet surfers looking to download a copy of the Brave browser were fooled this week by a cleverly disguised ad that redirected them to a malicious website where they infected their systems with malware.

Cisco researchers spotlight Solarmarker malware

www.zdnet.com/article/cisco-researchers-spotlight-solarmarker-malware/ A new report said the Solarmarker campaign is being conducted by “fairly sophisticated” actors focusing their energy on credential and residual information theft.

Infected With a.reg File

isc.sans.edu/diary/rss/27692 Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage[1]. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values from the Registry (export) but they can also be used to add or change values in the Registry (import). Being text files, they don’t look suspicious.

“Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics

www.recordedfuture.com/beijing-one-pass-benefits-software-spyware/ During preliminary analysis, Insikt Group found that the “Beijing One Pass” PC client exhibits behaviors similar to spyware applications. The software contains built-in functionality that, taken in aggregation, raise considerable suspicions about the implication of its data collection capabilities:

An Incredibly Simple Trick Can Help Make Your Phone More Secure

www.forbes.com/sites/leemathews/2021/07/31/an-incredibly-simple-trick-can-help-make-your-phone-more-secure/ Ready? Here it is. Turn your phone off and then turn it back on. Turning your phone off and on may not be enough to thwart the likes of Israel’s secretive NSO Group or sophisticated state-sponsored hackers. But since the process requires zero technical ability, only takes a minute or two and has the ability to expel common threats from your phone’s memory banks… why not make regular phone restarts a part of your security regimen?

Linux eBPF bug gets root privileges on Ubuntu – Exploit released

www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/ A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.

Google to block logins on old Android devices starting September

www.bleepingcomputer.com/news/google/google-to-block-logins-on-old-android-devices-starting-september/ Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 (Gingerbread) and lower.

Public print server gives anyone Windows admin privileges

www.bleepingcomputer.com/news/microsoft/public-print-server-gives-anyone-windows-admin-privileges/ To illustrate his research, Delpy created an Internet-accessible print server at \\printnightmare[.]gentilkiwi[.]com that installs a print driver and launches a DLL with SYSTEM privileges.

You might be interested in …

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign […]

Read More

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.