Daily NCSC-FI news followup 2021-08-20

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in Chinese espionage.”

Cybercrime Group Asking Insiders for Help in Planting Ransomware

thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme. The sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom.

SynAck ransomware decryptor lets victims recover files for free

www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/ Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. The SynAck ransomware gang launched its operation in 2017 but rebranded as the El_Cometa gang in 2021. As part of this rebranding, the threat actors released the master decryption keys and documentation for their encryption algorithm on their Tor data leak site.

Pegasus iPhone hacks used as lure in extortion scheme

www.bleepingcomputer.com/news/security/pegasus-iphone-hacks-used-as-lure-in-extortion-scheme/ A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software. The scammer says that they have been using Pegasus to monitor the recipient’s activities and have created videos of them during “the most private moments” of their lives. The email warns that if a 0.035 bitcoin (approximately $1, 600) payment is not paid, the threat actors will send the videos to the recipient’s family, friends, and business associates.

You can post LinkedIn jobs as almost ANY employer so can attackers

www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/ Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company. For example, if Google’s LinkedIn company page is vulnerable, we will be able to post a job on their behalf and add some parameters to redirect applicants to a new website where we can harvest [personal information and credentials] and what not usual tricks of social engineering. In tests by BleepingComputer, I used an unaffiliated LinkedIn account and was able to successfully publish a new job posting on behalf of BleepingComputer, almost anonymously. The job listing would appear authentic as if coming straight from BleepingComputer. It also did not show the user account that created the postingâ”an option set by the user who posts the job, rather than the employer.

Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack

therecord.media/cloudflare-says-it-mitigated-a-record-breaking-17-2m-rps-ddos-attack/ Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service (DDoS) attack that was recorded to date. The attack, which took place last month, targeted one of Cloudflare’s customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20, 000 infected devices to flung HTTP requests at the customer’s network in order to consume and crash server resources. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.

Cisco Small Business routers vulnerable to remote attacks, won’t get a patch

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/ In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The affected routers have entered the end-of-life process and so Cisco has not released software updates to fix the problem. According to the security advisory, it seems they have no plans to do so either.

You might be interested in …

Daily NCSC-FI news followup 2020-12-01

Introducing the protocol design principles www.ncsc.gov.uk/blog-post/introducing-the-protocol-design-principles Systems comprise many building blocks, and protocols describe how they interact. The word protocol comes from Greek: prtos first + kolla glue’, so you could say that protocols are the glue that holds the internet together. A number of observations motivated the production of the white paper. We observe […]

Read More

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More

[NCSC-FI News] Amid Russian invasion, Ukraine granted formal role with NATO cyber hub

Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col. Jaak Tarien, the institution’s director, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.