Daily NCSC-FI news followup 2021-09-20

Alaska discloses sophisticated’ nation-state cyberattack on health service

therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/ A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week. While the DHSS made the incident public on May 18 and published two updates in June and August, the agency did not reveal any details about the intrusion until last week, when it officially dispelled the rumor that this was a ransomware attack.

US farmer cooperative hit by $5.9M BlackMatter ransomware attack

www.bleepingcomputer.com/news/security/us-farmer-cooperative-hit-by-59m-blackmatter-ransomware-attack/ U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor. In a weekend ransomware attack, the threat actors demand a 5.9 million dollar ransom, which will increase to $11.8 million if a ransom is not paid in five days.

EventBuilder misconfiguration exposes Microsoft event registrant data

www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/ Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. EventBuilder is a software solution for creating virtual events (webinars, training, online learning, conferences) using Microsoft technologies and integrates with Microsoft Teams and Teams Live Events extension.

Tyhjistä sairaalatiloista löytyi taas salaiseksi tarkoitettuja tietoja

yle.fi/uutiset/3-12107416 Lukituista tiloista löytynyt tietosuojattava materiaali on tuhottu ja tietoturvaloukkauksista on tehty ilmoitukset tietosuojavaltuutetun toimistoon. Pirkanmaan sairaanhoitopiirin alueella olevista tyhjistä sairaalatiloista on löytynyt taas salaiseksi tarkoitettuja tietoja. Kyseessä on jo kolmas kerta lyhyen ajan sisällä.

VoIP.ms phone services disrupted by DDoS extortion attack

www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/ Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that’s severely disrupting the company’s operation. VoIP.ms is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world.

iOS 15 Is Available Now With These Stunning New iPhone Privacy Features

www.forbes.com/sites/kateoflahertyuk/2021/09/20/ios-15-is-available-now-with-these-stunning-new-iphone-privacy-features/ It’s been a long time coming but iOS 15 is now available, along with a bunch of stunning new iPhone privacy features you can start using straight away.

An in-depth analysis of ExpressVPN’s terrible, horrible, no good, very bad week

www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/ ExpressVPN has been all over the news for the past week, and not in a good way. Kape Technologies has announced plans to acquire ExpressVPN for $986 million. Kape was once considered a malware provider. Additionally, a report in Reuters indicating that ExpressVPN CIO Daniel Gericke is among three men fined $1.6 million by the US Department of Justice for hacking and spying on US citizens on behalf of the government of the UAE (United Arab Emirates).

A Journey in Organizational Cyber Resilience Part 2: Business Continuity

securityintelligence.com/articles/organizational-cyber-resilience-part-2-business-continuity/ Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic: business continuity. So, how do you make sure that your business processes and functions keep running during a disruption?

#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports

isc.sans.edu/diary/rss/27852 After the “OMIGOD” vulnerability details were made public, and it became obvious that exploiting vulnerable hosts would be trivial, researchers and attackers started pretty much immediately to scan for vulnerable hosts.

You might be interested in …

[NCSC-FI News] Qbot and Zerologon Lead To Full Domain Compromise

Soon after execution of the Qbot payload, the malware established C2 connectivity and created persistence on the beachhead. Successful exploitation of the Zerologon vulnerability (CVE-2020-1472) allowed the threat actors to obtain domain admin privileges. This level of access was abused to deploy additional Cobalt Strike beacons and consequently pivot to other sensitive hosts within the […]

Read More

Daily NCSC-FI news followup 2021-06-24

FIN7 manager sentenced to 7 years for role in global hacking scheme therecord.media/fin7-manager-sentenced-to-7-years-for-role-in-global-hacking-scheme/ A key member of the international cybercrime group FIN7 was sentenced to 84 months in prison and ordered to pay $2.5 million in restitution Hacker wipes database of NewsBlur RSS reader therecord.media/hacker-wipes-database-of-newsblur-rss-reader/ NewsBlur was in process of a database migration when MongoDB […]

Read More

Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. When coffee makers are demanding a ransom, you know IoT is screwed arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water. Threat […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.