Daily NCSC-FI news followup 2021-09-03

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role

finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html Bloomberg News investigation has filled in significant new details, including why Sunnyvale, California-based Juniper, a top maker of computer networking equipment, used the NSA algorithm in the first place, and who was behind the attack.. Pentagon tied some future contracts for Juniper specifically to the use of Dual Elliptic Curve, the employees said. The request prompted concern among some Juniper engineers, but ultimately the code was added to appease a large customer, the employees said.. Members of a hacking group linked to the Chinese government called APT 5 hijacked the NSA algorithm in 2012, according to two people involved with Junipers investigation and an internal document detailing its findings that Bloomberg reviewed. The hackers altered the algorithm so they could decipher encrypted data flowing through the virtual private network connections created by NetScreen . devices. They returned in 2014 and added a separate backdoor that allowed them to directly access NetScreen products, according to the people and the document.

Apple Delays iPhone Child Sexual Abuse Scanning After Uproar

www.forbes.com/sites/thomasbrewster/2021/09/03/apple-delays-iphone-child-sexual-abuse-scanning-after-uproar/ Apple has apparently been listening to its critics. On Friday, it announced it was going to delay a controversial technology that would scan users iPhone photos before they went up to the iCloud to check them for known child sexual abuse material (CSAM).

Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor

www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor Anomali Threat Research discovered six malicious Windows 11 Alpha-themed Word documents with Visual Basic macros being used to drop JavaScript payloads, including a Javascript backdoor.

Babuk ransomware’s full source code leaked on hacker forum

www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/ A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.

FBI: Spike in sextortion attacks cost victims $8 million this year

www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/ The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July.


www.cisa.gov/publication/risk-considerations-msp-customers This CISA Insights provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.

More than 10% of Firebase databases are open and exposing data

therecord.media/more-than-10-of-firebase-databases-are-open-and-exposing-data/ In a research project conducted in July 2021 and published this week on Wednesday, cybersecurity firm Avast said it found nearly 19,300 Firebase databases from a grand total of 180,300 that were left exposed online without authentication.

New Zealand internet outage blamed on DDoS attack on nation’s third largest internet provider

www.theregister.com/2021/09/03/nz_outage/ Vocus the country’s third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre confirmed the cyberattack originated at one of its customers.

Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage

www.theregister.com/2021/09/03/how_to_be_a_ransomware/ Often he finds that the ransomware gang’s negotiating skills are quite weak. So part of his role is to make sure that the ransomware-flingers or their henchpersons don’t learn anything more during the negotiations than they already do about the company they’ve attacked and the data they’ve encrypted and/or stolen.

FTC bans ‘brazen’ stalkerware maker SpyFone, orders data deletion, alerts to victims

www.theregister.com/2021/09/02/ftc_spyfone_stalkerware/ America’s trade watchdog today banned stalkerware developer SpyFone and its CEO from the surveillance industry, effectively putting an end to its business.

You might be interested in …

Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/ Zoom reverses course to kill off Mac local web server www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more. New FinSpy iOS and Android implants revealed ITW securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is […]

Read More

[NCSC-FI News] Enemybot: A Look into Keksec’s Latest DDoS Botnet

In mid-March, FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to Keksec, a threat group that specializes in cryptomining and DDoS attacks This botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code It uses several methods of obfuscation […]

Read More

[NCSC-FI News] Chinese hackers behind most zero-day exploits during 2021

Threat analysts report that zero-day vulnerability exploitation is on the rise, with Chinese hackers using most of them in attacks last year. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.