Daily NCSC-FI news followup 2021-09-07

Important clarifications regarding arrest of climate activist

protonmail.com/blog/climate-activist-arrest/ We would like to provide important clarifications regarding the case of the climate activist who was recently arrested by French police on criminal charges. […] In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request.. As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. . Also

therecord.media/protonmail-forced-to-collect-an-activists-ip-address-in-police-investigation/

Ghostscript zero-day allows full server compromises

therecord.media/ghostscript-zero-day-allows-full-server-compromises/ Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks.

REvil ransomware’s servers mysteriously come back online

www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Today, both the Tor payment/negotiation site and REvil’s Tor ‘Happy Blog’ data leak site suddenly came back online.. It is unclear at this time whether the ransomware gang is back in operation, the servers have been turned back on by mistake, or it is due to the actions of law enforcement.

IoT Attacks Skyrocket, Doubling in 6 Months

threatpost.com/iot-attacks-doubling/169224/ According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks up from 639 million during the previous half year, which is more than twice the volume.

Ransomware attacks, all concerned how to prevent them and respond to an incident

www.ssi.gouv.fr/uploads/2021/08/anssi-guide-ransomware_attacks_all_concerned-v1.0.pdf Ransomware attacks are a current and growing trend, not only in France, but also worldwide. Because they are a serious threat, this guide translated into English aims at making our expertise and our recommendations available to a wider audience we hope that you find it useful.

UK data watchdog brings cookies to G7 meeting pop-up consent requests, not the delicious baked treats

www.theregister.com/2021/09/07/ico_cookies_g7/ The ICO said it would call on fellow G7 data protection and privacy authorities three of which used to be its fellow EU member states to work together to overhaul cookie consent pop-ups to make people’s privacy “more meaningfully protected” and help businesses offer “a better web browsing experience.”

Varo näitä viestejä näin suomalaisia huijataan nyt

www.is.fi/digitoday/tietoturva/art-2000008246431.html SUOMALAISILLE lähetetään parhaillaan ahkerasti huijausviestejä pankkien nimissä. Ainakin Nordean nimissä on nähty viime päivinä paljon sähköposteja.. Viestejä on ainakin kahta tyyppiä: yhdessä kerrotaan saapuneesta luottamuksellisesta viestistä tai asiakirjasta ja toisessa psd2-maksupalveludirektiivin vaatimista toimenpiteistä.

Ransomware gang threatens to leak data if victim contacts FBI, police

www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/ In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack.. The threat also applies to victims contacting data recovery experts to attempt decryption and conduct the negotiation process.

New Chainsaw tool helps IR teams analyze Windows event logs

www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/ Authored by James D, lead threat hunter at F-Secures Countercept division, Chainsaw is a Rust-based command-line utility that can go through event logs to highlight suspicious entries or strings that may indicate a threat.. The tool uses the Sigma rule detection logic to quickly find event logs relevant to the investigation.. Tool at

github.com/countercept/chainsaw

Irish Police ‘Significantly Disrupt’ Attackers’ Operations

www.bankinfosecurity.com/irish-police-significantly-disrupt-hse-attackers-ops-a-17466 Ireland’s cybercrime police, the Garda National Cyber Crime Bureau, have conducted a “significant disruption operation” targeting the IT infrastructure of a cybercrime group. As part of the operation, police seized several domains used in a May ransomware attack against Ireland’s national health services provider Health Service Executive, a spokesperson tells Information Security Media Group.

The Ideal Ransomware Victim: What Attackers Are Looking For

ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/ In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data. KELA explored what is valuable for threat actors buying accesses, especially ransomware . attackers, and built a profile of an ideal ransomware victim.. On average, the actors active in July 2021 aimed to buy access to US companies with revenue of more than 100 million USD. Almost half of them refused to buy access to companies from the healthcare and education industries.. The most common products (enabling network access) mentioned were Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco.. Ransomware attackers are ready to pay for access up to 100,000 USD, with most actors setting the boundaries at half of that price 56,250 USD.

You might be interested in …

Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019 securelist.com/mobile-malware-evolution-2019/96280/ Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users thehackernews.com/2020/02/firefox-dns-over-https.html Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks thehackernews.com/2020/02/google-chrome-zero-day.html New OpenSMTPD RCE Flaw Affects Linux and OpenBSD […]

Read More

Daily NCSC-FI news followup 2021-02-25

Attackers scan for vulnerable VMware servers after PoC exploit release www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/ After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. Lisäksi: www.zdnet.com/article/more-than-6700-vmware-servers-exposed-online-and-vulnerable-to-major-new-bug Health Website Leaks 8 Million COVID-19 Test Results threatpost.com/health-website-leaks-covid-19-test/164274/ A teenaged ethical […]

Read More

Daily NCSC-FI news followup 2019-07-19

Security Lessons From a New Programming Language www.darkreading.com/application-security/security-lessons-from-a-new-programming-language/d/d-id/1335300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process. It’s never good when ‘Magecart’ and ‘bulletproof’ appear in the same sentence, but here we are www.theregister.co.uk/2019/07/18/magecart_ukraine_hosting/ Researchers with security shop Malwarebytes […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.