Daily NCSC-FI news followup 2021-10-01

Flubot Android malware now spreads via fake security updates

www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/ The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.

Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires

www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/ Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt.

Masters of Mimicry: new APT group ChamelGang and its arsenal

www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/ In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company’s network had been compromised by an unknown group for the purpose of data theft. We gave the group the name ChamelGang (from the word “chameleon”), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.

ESET Threat Report T2 2021

www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/ A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Report (PDF):

www.welivesecurity.com/wp-content/uploads/2021/09/eset_threat_report_t22021.pdf

WatchGuard Threat Lab Reports 91.5% of Malware Arrived over Encrypted Connections in Q2 2021

www.watchguard.com/wgrd-news/press-releases/watchguard-threat-lab-reports-915-malware-arrived-over-encrypted New research also shows dramatic increases in fileless malware, malware detections per appliance, and booming network and ransomware attacks

Vaarantavatko puutteet tietojärjestelmissä potilasturvallisuuden? Tuore tutkimus paljastaa merkittäviä ongelmia, jotka ovat ratkottavissa

www.tivi.fi/kumppanisisallot/intersystems/vaarantavatko-puutteet-tietojarjestelmissa-potilasturvallisuuden-tuore-tutkimus-paljastaa-merkittavia-ongelmia-jotka-ovat-ratkottavissa/ Potilasturvallisuus voi olla yllättävän usein koetuksella terveydenhoidon it-järjestelmissä, kertoo InterSystemsin teettämä hätkähdyttävä tutkimus. It-järjestelmillä on valtava potentiaali parantaa hoitoa, mutta ensin täytyy ratkaista joitain merkittäviä haasteita. Apotin, Duodecimin ja InterSystemsin johtajat kertovat, mitkä ovat kriittisimmät haasteet ja miten tilannetta voidaan korjata.

Today’s cars are mobile data centers, and that data needs to be protected

www.helpnetsecurity.com/2021/10/01/cars-mobile-data-centers/ Our cars can no longer be considered as independent machines providing for our personal transportation. The integration of mobile communications, infotainment, geo-location, and emergency monitoring systems render cars as a connected device within a distributed mesh of different data services.

A Death Due to Ransomware

www.schneier.com/blog/archives/2021/10/a-death-due-to-ransomware.html The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.

Hydra malware targets customers of Germany’s second largest bank

www.bleepingcomputer.com/news/security/hydra-malware-targets-customers-of-germanys-second-largest-bank/ The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution.

New Tool to Add to Your LOLBAS List: cvtres.exe

isc.sans.edu/diary/rss/27892 LOLBAS (“Living Off the Land Binaries And Scripts”) is a list of tools that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation). What’s the purpose of this tool? CvtRes stands for “Convert Resource Files To COFF Objects”. It converts “.res” resource files into Common Object File Format (COFF) “.obj” object files that the linker can link into a finished “.exe” PE application file.

Introducing the Secure Open Source Pilot Program

security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html Today, we are excited to announce our sponsorship for the Secure Open Source (SOS) pilot program run by the Linux Foundation. This program financially rewards developers for enhancing the security of critical open source projects that we all depend on. We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.

Wikipedia blames pro-China infiltration for bans

www.bbc.com/news/technology-58559412 Wikipedia has suffered an “infiltration” that sought to advance the aims of China, the US non-profit organisation that owns the volunteer-edited encyclopaedia has said.

Kyberuhkaan tulee varautua ajoissa “voidaan tarvittaessa rinnastaa aseelliseen hyökkäykseen”

www.tivi.fi/uutiset/tv/7e3c01f8-fb5c-4988-9e06-5fa34728425c Laajamittainen kyberhyökkäys Suomea vastaan voidaan rinnastaa vaikutuksiltaan vastaavanlaiseen aseelliseen hyökkäykseen, sanoo Catharina Candolin. Silloin meillä pitäisi olla valmius vastatoimiin.

Why the cybersecurity industry should treat civil society as critical infrastructure

therecord.media/why-the-cybersecurity-industry-should-treat-civil-society-as-critical-infrastructure/ Cybersecurity risks now affect everyone, but those risks aren’t the same everywhere. The Record spoke with Access Now’s Asia Policy Director and Senior International Counsel Raman Jit Singh Chima about how the human rights organization helps secure activists and journalists around the world. Chima, who also serves as the organization’s global security lead, shared details about risks facing human rights defenders in the Asia-Pacific regionfrom spyware and social media monitoring to disrupting access to certain apps or the entire Internet. Protecting civil society from these threats must be a key part of cybersecurity policy discussions, Chima told The Record, much like we think about how we need to protect power grids and other utilities that keep society functioning.

Introduction to ICS Security Part 3

www.sans.org/blog/introduction-to-ics-security-part-3/ In part 3 we will look at Remote Access Connections into ICS, examine why they are here to stay, and review the best practices for securing them.

You might be interested in …

Daily NCSC-FI news followup 2019-07-06

ACSC Releases Updated Essential Eight Maturity Model www.us-cert.gov/ncas/current-activity/2019/07/05/acsc-releases-updated-essential-eight-maturity-model The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential EightACSCs list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model […]

Read More

Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current […]

Read More

[NCSC-FI News] A month into the Russian invasion, Ukraine is still mostly online

A month into the Russian invasion of Ukraine, the country’s internet is still largely online thanks to its diverse telecommunications ecosystem and frontline technicians braving a warzone to keep Ukraine connected. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.