Daily NCSC-FI news followup 2021-08-19

Health authorities in 40 countries targeted by COVID19 vaccine scammers

www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/ INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries.

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

www.databreachtoday.co.uk/does-abandoning-embassy-in-kabul-pose-cybersecurity-risks-a-17309 It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say. “Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent, ” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team and co-founder and CTO at BreachQuest. “However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first.”

Trend-spotting email techniques: How modern phishing emails hide in plain sight

www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/ This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight these techniques based on their observed impact to organizations, their relevance to active email campaigns, and because they are intentionally designed to be difficult to detect.

Dogged Persistence – The Name of the Game for One DDoS Attacker

blogs.akamai.com/2021/08/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker.html DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out. Every now and then, however, we do see extreme examples of DDoS attacker persistence. This was the case starting late last month (July 2021). What made this particular series of DDoS events notable is not only the determination, but also the attack vector sizes targeting multiple IPs across several of the customer’s subnets.

Cobalt Strike: Detect this Persistent Threat

www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-persistent-threat/ This blog explains Cobalt Strike and practical steps to take if you believe that you are being targeted by Cobalt Strike or already compromised. We will demonstrate some real world examples of Cobalt Strike delivery and steps to detect each.

Wanted: Disgruntled Employees to Deploy Ransomware

krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/ Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action

www.zdnet.com/article/ransomware-this-amateur-attack-shows-how-clueless-criminals-are-trying-to-get-in-on-the-action/ Researchers dissect an email from an attacker asking people to help install ransomware on their company’s network for a cut of the profit. But while this campaign isn’t very successful, it shows how appealing ransomware has become.

US Census Bureau hacked in January 2020 using Citrix exploit

www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/ US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks, ” the OIG said.

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers

www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/ In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. “The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process.” The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.

New Google Chrome Security Warning: 7 Serious Flaws Confirmed

www.forbes.com/sites/daveywinder/2021/08/19/new-google-chrome-security-warning-7-serious-flaws-confirmed/ Google has confirmed a whole new bunch of alarmingly serious security vulnerabilities in Chrome 92, just two weeks after the last batch of flaws was fixed. To the best of my knowledge, and having asked around the cybersecurity community, there is no evidence of in-the-wild exploitation of any of these vulnerabilities.

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html Cisco Talos recently observed a new set of campaigns targeting Latin American countries. These campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT.

You might be interested in …

[NCSC-FI News] Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?

If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you’ll know that the version numbers of these products are currently at 97 and 98 respectively And if you’ve ever looked at your browser’s User-Agent string, you’ll know that these version numbers are, by default, transmitted to every web page […]

Read More

[NCSC-FI News] S-Pankin ja Ålands­bankenin häiriöt ohi

AAMUYHDEKSÄLTÄ alkanut S-Pankin verkkopankin ja S-mobiilin häiriö on saatu korjattua. S-Pankin viestintäjohtajan Aleksi Moision mukaan kyseessä oli verkkopankin ja S-mobiilin taustajärjestelmien häiriö, joka esti palveluihin kirjautumisen noin kello 9–11 välillä. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Security researcher uses exploits in ransomware to block encryption

Malware works by exploiting vulnerabilities in software and hardware. However, malware itself is also software, and inevitably has its own vulnerabilities. One security researcher has started taking advantage of this by publishing exploits using vulnerabilities in multiple strains of ransomware. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.