Daily NCSC-FI news followup 2021-09-10

Indonesian intelligence agency compromised in suspected Chinese hack

therecord.media/indonesian-intelligence-agency-compromised-in-suspected-chinese-hack/ Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN). The intrusion, discovered by Insikt Group, the threat research division of Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region[1, 2]. Insikt researchers first discovered this campaign in April this year, when they detected PlugX malware command and control (C&C) servers, operated by the Mustang Panda group, communicating with hosts inside the networks of the Indonesian government. These communications were later traced back to at least March 2021. The intrusion point and delivery method of the malware are still unclear.

Healthcare orgs in California, Arizona send out breach letters for nearly 150, 000 after SSNs accessed during ransomware attacks

www.zdnet.com/article/healthcare-orgs-in-california-arizona-send-out-breach-notice-letters-for-nearly-150000-after-ssns-accessed-during-ransomware-attacks/#ftag=RSSbaffb68 Two healthcare organizations have begun sending out breach notification letters to thousands of people in California and Arizona after both revealed that sensitive information — including social security numbers, treatment information and diagnosis data — were accessed during recent cyberattacks. LifeLong Medical Care, a California health center, is sending letters to about 115, 000 people about a ransomware attack that took place on November 24, 2020. The letter does not say which ransomware group was involved but said Netgain, a third-party vendor that provides services to LifeLong Medical Care, “discovered anomalous network activity” and only determined it was a ransomware attack by February 25, 2021.

Stolen Credentials Led to Data Theft at United Nations

threatpost.com/data-theft-united-nations/169357/ A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” linked to the breach, St©phane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday. In another high-profile attack in January 2020, the operators behind the notorious Emotet malware took aim at the UN with a concerted phishing campaign, the intent of which was to steal credentials and deliver the TrickBot trojan. The attack ultimately was found to be the result of a Microsoft SharePoint flaw, allowing attackers to steal 400 GB of sensitive data.

Meet Meris, the new 250, 000-strong DDoS botnet terrorizing the internet

therecord.media/meet-meris-the-new-250000-strong-ddos-botnet-terrorizing-the-internet/ A new botnet consisting of an estimated 250, 000 malware-infected devices has been behind some of the biggest DDoS attacks over the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month. Named Mris, the Latvian word for “plague, ” the botnet has been primarily used as part of a DDoS extortion campaign against internet service providers and financial entities across several countries, such as Russia, the UK, the US, and New Zealand. The group behind the botnet typically sends menacing emails to large companies asking for a ransom payment. The emails, which target companies with extensive online infrastructure and which can’t afford any downtime, contain threats to take down crucial servers if the group is not paid a certain amount of cryptocurrency by a deadline.

Facebook puts on Ray-Bans, struts into the privacy minefield of smart glasses

blog.malwarebytes.com/privacy-2/2021/09/facebook-puts-on-ray-bans-struts-into-the-privacy-minefield-of-smart-glasses/ Facebook, neck-deep in virtual / augmented reality with the Oculus headset, continues to move things up a gear. It’s announced “Ray-Ban stories”, smart glasses which take video and photos. The company may yet go one step further and incorporate these features into Augmented Reality (AR) specs which a Facebook rep said were in development. Facebook’s decision to enter the smart glass market is remarkable considering what’s come before. About ten years ago, another tech giant with a similarly-tarnished reputation for gathering personal data tried it with Google Glass. This was the first mainstream attempt to put glasses with cameras on our heads. It didn’t work. Famously. As you’ll see from the video in the BBC article linked at the beginning of this article, both the presenter and Facebook rep dive into the privacy angle. “Can people film me without me knowing about it?” is absolutely a valid question.

Atlassian Confluence WebWork OGNL Injection

packetstormsecurity.com/files/164122/atlassian_confluence_webwork_ognl_injection.rb.txt This Metasploit module exploits an OGNL injection in Atlassian Confluence’s WebWork component to execute commands as the Tomcat user.

You might be interested in …

Daily NCSC-FI news followup 2021-08-15

T-Mobile Investigating Claims of Massive Customer Data Breach www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile […]

Read More

Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays! nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you! Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London […]

Read More

Daily NCSC-FI news followup 2021-05-21

Insurance company paid $40 million in ransom after march cyberattack www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack CNA Financial paid $40 million in late March to regain control of its network after a ransomware attack. The payment is bigger than any previously disclosed payments to hackers. Microsoft Warns of Data Stealing Malware StrRAT That Pretends to Be Ransomware threatpost.com/email-campaign-fake-ransomware-rat/166378/ On Thursday […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.