Flubot Android malware now spreads via fake security updates
www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/ The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.
Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws
thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.
Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires
www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/ Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt.
Masters of Mimicry: new APT group ChamelGang and its arsenal
www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/ In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company’s network had been compromised by an unknown group for the purpose of data theft. We gave the group the name ChamelGang (from the word “chameleon”), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.
ESET Threat Report T2 2021
www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/ A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Report (PDF):
WatchGuard Threat Lab Reports 91.5% of Malware Arrived over Encrypted Connections in Q2 2021
www.watchguard.com/wgrd-news/press-releases/watchguard-threat-lab-reports-915-malware-arrived-over-encrypted New research also shows dramatic increases in fileless malware, malware detections per appliance, and booming network and ransomware attacks
Vaarantavatko puutteet tietojärjestelmissä potilasturvallisuuden? Tuore tutkimus paljastaa merkittäviä ongelmia, jotka ovat ratkottavissa
www.tivi.fi/kumppanisisallot/intersystems/vaarantavatko-puutteet-tietojarjestelmissa-potilasturvallisuuden-tuore-tutkimus-paljastaa-merkittavia-ongelmia-jotka-ovat-ratkottavissa/ Potilasturvallisuus voi olla yllättävän usein koetuksella terveydenhoidon it-järjestelmissä, kertoo InterSystemsin teettämä hätkähdyttävä tutkimus. It-järjestelmillä on valtava potentiaali parantaa hoitoa, mutta ensin täytyy ratkaista joitain merkittäviä haasteita. Apotin, Duodecimin ja InterSystemsin johtajat kertovat, mitkä ovat kriittisimmät haasteet ja miten tilannetta voidaan korjata.
Today’s cars are mobile data centers, and that data needs to be protected
www.helpnetsecurity.com/2021/10/01/cars-mobile-data-centers/ Our cars can no longer be considered as independent machines providing for our personal transportation. The integration of mobile communications, infotainment, geo-location, and emergency monitoring systems render cars as a connected device within a distributed mesh of different data services.
A Death Due to Ransomware
www.schneier.com/blog/archives/2021/10/a-death-due-to-ransomware.html The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.
Hydra malware targets customers of Germany’s second largest bank
www.bleepingcomputer.com/news/security/hydra-malware-targets-customers-of-germanys-second-largest-bank/ The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution.
New Tool to Add to Your LOLBAS List: cvtres.exe
isc.sans.edu/diary/rss/27892 LOLBAS (“Living Off the Land Binaries And Scripts”) is a list of tools that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation). What’s the purpose of this tool? CvtRes stands for “Convert Resource Files To COFF Objects”. It converts “.res” resource files into Common Object File Format (COFF) “.obj” object files that the linker can link into a finished “.exe” PE application file.
Introducing the Secure Open Source Pilot Program
security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html Today, we are excited to announce our sponsorship for the Secure Open Source (SOS) pilot program run by the Linux Foundation. This program financially rewards developers for enhancing the security of critical open source projects that we all depend on. We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.
Wikipedia blames pro-China infiltration for bans
www.bbc.com/news/technology-58559412 Wikipedia has suffered an “infiltration” that sought to advance the aims of China, the US non-profit organisation that owns the volunteer-edited encyclopaedia has said.
Kyberuhkaan tulee varautua ajoissa “voidaan tarvittaessa rinnastaa aseelliseen hyökkäykseen”
www.tivi.fi/uutiset/tv/7e3c01f8-fb5c-4988-9e06-5fa34728425c Laajamittainen kyberhyökkäys Suomea vastaan voidaan rinnastaa vaikutuksiltaan vastaavanlaiseen aseelliseen hyökkäykseen, sanoo Catharina Candolin. Silloin meillä pitäisi olla valmius vastatoimiin.
Why the cybersecurity industry should treat civil society as critical infrastructure
therecord.media/why-the-cybersecurity-industry-should-treat-civil-society-as-critical-infrastructure/ Cybersecurity risks now affect everyone, but those risks aren’t the same everywhere. The Record spoke with Access Now’s Asia Policy Director and Senior International Counsel Raman Jit Singh Chima about how the human rights organization helps secure activists and journalists around the world. Chima, who also serves as the organization’s global security lead, shared details about risks facing human rights defenders in the Asia-Pacific regionfrom spyware and social media monitoring to disrupting access to certain apps or the entire Internet. Protecting civil society from these threats must be a key part of cybersecurity policy discussions, Chima told The Record, much like we think about how we need to protect power grids and other utilities that keep society functioning.
Introduction to ICS Security Part 3
www.sans.org/blog/introduction-to-ics-security-part-3/ In part 3 we will look at Remote Access Connections into ICS, examine why they are here to stay, and review the best practices for securing them.