Daily NCSC-FI news followup 2021-09-08

Government still gauging impact of Wednesday’s denial-of-service attacks

www.stuff.co.nz/business/300402182/government-still-gauging-impact-of-wednesdays-denialofservice-attacks ANZ and Kiwibank appear to have made progress recovering from a cyber attack that made their online services inaccessible for many New Zealanders on Wednesday.

AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle

www.theregister.com/2021/09/08/att_alien_labs_warns_of/ Now, AT&T’s Alien Labs has shone more light on Chimaera – and says that not only has it been in active use since July but that it is “responsible for thousands of infections globally” across Windows, Linux, AWS, Docker, and Kubernetes targets – and all while avoiding detection from anti-virus and anti-malware tools.

Patch now? Why enterprise exploits are still partying like it’s 1999

www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/ Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report (CVE-1999-0517, impacting Simple Network Management Protocol) dated back to 1999. Which raises the question, why are threat actors being allowed to party like it’s, um… 1999?

Attacking Google Chrome’s Strict Site Isolation via Speculative Execution and Type Confusion

www.spookjs.com/ Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google’s attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.. More specifically, we show that an attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are autofilled. We further demonstrate that the attacker can retrieve data from Chrome extensions (such as credential managers) if a . user installs a malicous extension.. Also

therecord.media/new-cpu-side-channel-attack-takes-aim-at-chromes-site-isolation-feature/

Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.

www.fireeye.com/blog/threat-research/2021/09/pro-prc-influence-campaign-social-media-websites-forums.html The scope of activity, in terms of languages and platforms used, is far broader than previously understood. Most reporting has highlighted English and Chinese-language activity occurring on the social media giants Facebook, Twitter, and YouTube. However, we have now observed this pro-PRC activity taking place on 30 social media platforms and over 40 additional websites and niche forums, and in . additional languages including Russian, German, Spanish, Korean, and Japanese. . Accounts in the network have actively sought to physically mobilize protestors in the U.S. in response to the COVID-19 pandemic, though we have seen no indication that these attempts motivated any real-world activity.

You might be interested in …

Daily NCSC-FI news followup 2021-12-17

Log4j – What should boards be asking? www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking The Log4j issue has the potential to cause severe impact to many organisations. As cyber security experts attempt to detect which software and organisations are vulnerable, attackers start to exploit the vulnerability. Initial reports indicate this is likely to include remote control malware and ransomware. However the […]

Read More

Daily NCSC-FI news followup 2020-02-24

Operation DRBControl www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-drbcontrol-uncovering-a-cyberespionage-campaign-targeting-gambling-companies-in-southeast-asia Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia. The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns. EU Commission to staff: Switch to Signal messaging app www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/ The European Commission has told its staff to start […]

Read More

Daily NCSC-FI news followup 2020-06-10

Ransomware attacks spike by 140%, 57% of organizations agree to pay atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.