Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia

blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two documents written in Russian language and weaponized with the same malicious macro. One of the lures is about the trade and economic issues between Russia and the Korean Peninsula. The other one is about a meeting of the intergovernmental Russian-Mongolian commission. In this blog post we [Malwarebytes] provide on overview of this campaign that uses two different UAC bypass techniques and clever obfuscation tricks to remain under the radar.

Veikkaus epäilee: satoja pelitilejä yritetty hakkeroida robotin avulla “Kannattaa arvioida oma salasana”

www.kauppalehti.fi/uutiset/veikkaus-epailee-satoja-pelitileja-yritetty-hakkeroida-robotin-avulla-kannattaa-arvioida-oma-salasana/ac1559b9-a1e0-40c6-84d5-57195795f8ff Veikkaus on havainnut normaalista poikkeavia yrityksiä kirjautua yrityksen verkkopalveluun. Asiasta tehdyn tutkinnan perusteella epäilyttävät kirjautumisyritykset keskittyvät heinäkuun alkuun 2021. Hyökkääjän epäillään käyttäneen ohjelmallisia työkaluja, joiden avulla robotti pyrki kirjautumaan asiakkaiden pelitileille arvaamalla käyttäjätunnuksen ja salasanan. Veikkauksen verkkosivujen mukaan hyökkääjä on tällä tavoin saattanut päästä kirjautumaan enintään noin 800 asiakkaan pelitilille. Yhtiö on ottanut yhteyttä mahdollisen hyökkäyksen kohteeksi joutuneisiin asiakkaisiin ja nollannut heidän vanhat salasanansa.

Hundreds of thousands of Realtek-based devices under attack from IoT botnet

therecord.media/hundreds-of-thousands-of-realtek-based-devices-under-attack-from-iot-botnet/ A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang. The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog. Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs). According to the research team, the vulnerability, which resided in a web panel used to configure the SDK/device, allowed a remote attacker to connect to these devices via malformed URL web panel parameters, bypass authentication, and run malicious code with the highest privileges, effectively taking over the device.

Do Open-Source Supply Chains Leave Security Gaps in Your Organization?

www.infosecurity-magazine.com/opinions/open-source-supply-chainssecurity/ There has been a 430% year-on-year increase in attacks targeting open source components to infect software supply chains in the last year. Infiltrating open source libraries can also be a more covert approach than directly attacking organizations if it’s already part of a trusted supply chain, its malicious activity will be detected. Organizations need to ensure that developers are armed with the automation and clear processes required to incorporate security and vulnerability checks in new software; repositories also need to shoulder the burden and review the submitted code.

You might be interested in …

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in […]

Read More

Daily NCSC-FI news followup 2021-08-25

Ransomware: These four rising gangs could be your next major cybersecurity threat www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/#ftag=RSSbaffb68 Cybersecurity researchers have warned of four emerging families of ransomware that could pose a significant cybersecurity threat to businesses. . Ransomware remains one of the key cybersecurity threats facing businesses around the world as cyber criminals try to compromise networks and encrypt […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.