Daily NCSC-FI news followup 2021-08-06

Angry Affiliate Leaks Conti Ransomware Gang Playbook

threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/ A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service (RaaS) operation, according to a report. Data revealed by the post included the IP addresses for the group’s Cobalt Strike command-and-control servers (C2s) and a 113MB archive that contains numerous tools and training material for how Conti performs ransomware attacks, according to the report, which was later verified by Kremez on Twitter.

Conti ransomware affiliate goes rogue, leaks “gang data”

nakedsecurity.sophos.com/2021/08/06/conti-ransomware-affiliate-goes-rogue-leaks-company-data/ Ultimately, the data leaked by the disaffected affiliate doesn’t really amount to much. The criminals at the core of so-called ransomware-as-a-service groups keep the source code, the decryption keys and the blackmail payment details to themselves.

Computer hardware giant GIGABYTE hit by RansomEXX ransomware

www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/ Taiwanese motherboard maker has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid. According to the Chinese news site United Daily News, Gigabyte confirmed they suffered a cyberattack that affected a small number of servers. BleepingComputer has attempted to contact Gigabyte about the attack but has not heard back at this time.

Guide to Cyber Security Measures

english.ncsc.nl/publications/publications/2021/august/4/guide-to-cyber-security-measures The Guide to Cyber Security Measures lists eight measures that every organisation should take to prevent cyber-attacks. Examples of these measures are enabling logging, implementing multi-factor authentication, creating backups and encrypting sensitive information. Furthermore, the Guide to Cyber Security Measures provides the organisational context in which you apply these measures. Organisations can use the Guide to Cyber Security Measures to discuss their internal cyber security policy and in contacts with their suppliers about the security of their products and services. The accompanying infographic provides a clear overview of the eight basic measures.

Board toolkit: five questions for your board’s agenda

www.ncsc.gov.uk/guidance/board-toolkit-five-questions-your-boards-agenda A range of questions that the NCSC believe will help generate constructive cyber security discussions between board members and their CISOs. CISOs and technical teams are one of the greatest assets any organisation has, and their role in improving your knowledge of relevant cyber security issues shouldn’t be underestimated. For this reason, the NCSC have identified a range of questions which will help generate the right discussions between board members and their CISOs and increase awareness of key topics in cyber security.

Apple to Scan Every Device for Child Abuse Content But Experts Fear for Privacy

thehackernews.com/2021/08/apple-to-scan-every-device-for-child.html Apple on Thursday said it’s introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos,. in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts (aged under 13) to warn parents of sexually explicit photos in the messaging platform. Furthermore, Apple also plans to update Siri and Search to stage an intervention when users try to perform searches for CSAM-related topics, alerting the “interest in this topic is harmful and problematic.”

Black Hat: How cybersecurity incidents can become legal minefields

www.zdnet.com/article/black-hat-how-cybersecurity-can-be-a-legal-minefield-for-lawyers/#ftag=RSSbaffb68 When a company becomes the victim of a cyberattack, executives are faced with a tsunami of challenges: containing a breach, remediation, informing customers and stakeholders, identifying those responsible, and conducting a forensic analysis of the incident — to name but a few. However, it is not just the real-world issues faced, in the now, that businesses have to tackle: the legal ramifications of a security incident have become more important than ever to consider. Speaking to attendees at Black Hat USA in Las Vegas, Nick Merker, partner at Indianapolis-based legal firm Ice Miller LLP said that before becoming a lawyer, he worked as an information security professional — and this experience allowed him to transition into the legal field through a cybersecurity lens. Merker emphasised that companies more often “need to actually use an incident response plan in an incident situation, ” and said that documentation should be a key focus. Timelines, logs, major decisions, and status summaries should be kept as regulators — or plaintiffs – will be asking questions, and you need to know “what you did, and why you did it.”

Microsoft listasi tärkeimpiä tietoturvatutkijoita mukana kaksi suomalaista

www.tivi.fi/uutiset/microsoft-listasi-tarkeimpia-tietoturvatutkijoita-mukana-kaksi-suomalaista/020287c7-13bb-468a-8f06-4f3641eccbdf Suomalaiset Aapo Oksman ja Nestori Syynimaa ylsivät Microsoftin vuoden 2021 tärkeimpien tietoturvatutkijoiden listalle.

Critical Cisco Bug in VPN Routers Allows Remote Takeover

threatpost.com/critical-cisco-bug-vpn-routers/168449/ Security researchers warned that at least 8, 800 vulnerable systems are open to compromise. A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a remote, unauthenticated attacker to take over a device and researchers said there are at least 8, 800 vulnerable systems open to compromise. Cisco addressed the bugs (CVE-2021-1609) as part of a slew of patches rolled out this week.

Windows PetitPotam vulnerability gets an unofficial free patch

www.bleepingcomputer.com/news/microsoft/windows-petitpotam-vulnerability-gets-an-unofficial-free-patch/ A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. The 0patch micropatching service has released today a free unofficial patch that can be used to block PetitPotam NTLM relay attacks on Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 and Windows Server 2008 R2. If you can’t immediately deploy one of these temporary patches, you can also defend against PetitPotam attacks using NETSH RPC filters that block remote access to the MS-EFSRPC API, effectively removing the unauthenticated PetitPotam attack vector.

Ivanti Releases Security Update for Pulse Connect Secure

us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system.

You might be interested in …

Daily NCSC-FI news followup 2019-07-22

Fuzz rising www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security […]

Read More

Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.