Daily NCSC-FI news followup 2021-10-01

Flubot Android malware now spreads via fake security updates

www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/ The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

thehackernews.com/2021/09/update-google-chrome-asap-to-patch-2.html Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.

Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires

www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/ Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt.

Masters of Mimicry: new APT group ChamelGang and its arsenal

www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/ In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an energy company. The investigation revealed that the company’s network had been compromised by an unknown group for the purpose of data theft. We gave the group the name ChamelGang (from the word “chameleon”), because the group disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.

ESET Threat Report T2 2021

www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/ A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Report (PDF):


WatchGuard Threat Lab Reports 91.5% of Malware Arrived over Encrypted Connections in Q2 2021

www.watchguard.com/wgrd-news/press-releases/watchguard-threat-lab-reports-915-malware-arrived-over-encrypted New research also shows dramatic increases in fileless malware, malware detections per appliance, and booming network and ransomware attacks

Vaarantavatko puutteet tietojärjestelmissä potilasturvallisuuden? Tuore tutkimus paljastaa merkittäviä ongelmia, jotka ovat ratkottavissa

www.tivi.fi/kumppanisisallot/intersystems/vaarantavatko-puutteet-tietojarjestelmissa-potilasturvallisuuden-tuore-tutkimus-paljastaa-merkittavia-ongelmia-jotka-ovat-ratkottavissa/ Potilasturvallisuus voi olla yllättävän usein koetuksella terveydenhoidon it-järjestelmissä, kertoo InterSystemsin teettämä hätkähdyttävä tutkimus. It-järjestelmillä on valtava potentiaali parantaa hoitoa, mutta ensin täytyy ratkaista joitain merkittäviä haasteita. Apotin, Duodecimin ja InterSystemsin johtajat kertovat, mitkä ovat kriittisimmät haasteet ja miten tilannetta voidaan korjata.

Today’s cars are mobile data centers, and that data needs to be protected

www.helpnetsecurity.com/2021/10/01/cars-mobile-data-centers/ Our cars can no longer be considered as independent machines providing for our personal transportation. The integration of mobile communications, infotainment, geo-location, and emergency monitoring systems render cars as a connected device within a distributed mesh of different data services.

A Death Due to Ransomware

www.schneier.com/blog/archives/2021/10/a-death-due-to-ransomware.html The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.

Hydra malware targets customers of Germany’s second largest bank

www.bleepingcomputer.com/news/security/hydra-malware-targets-customers-of-germanys-second-largest-bank/ The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution.

New Tool to Add to Your LOLBAS List: cvtres.exe

isc.sans.edu/diary/rss/27892 LOLBAS (“Living Off the Land Binaries And Scripts”) is a list of tools that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation). What’s the purpose of this tool? CvtRes stands for “Convert Resource Files To COFF Objects”. It converts “.res” resource files into Common Object File Format (COFF) “.obj” object files that the linker can link into a finished “.exe” PE application file.

Introducing the Secure Open Source Pilot Program

security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html Today, we are excited to announce our sponsorship for the Secure Open Source (SOS) pilot program run by the Linux Foundation. This program financially rewards developers for enhancing the security of critical open source projects that we all depend on. We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.

Wikipedia blames pro-China infiltration for bans

www.bbc.com/news/technology-58559412 Wikipedia has suffered an “infiltration” that sought to advance the aims of China, the US non-profit organisation that owns the volunteer-edited encyclopaedia has said.

Kyberuhkaan tulee varautua ajoissa “voidaan tarvittaessa rinnastaa aseelliseen hyökkäykseen”

www.tivi.fi/uutiset/tv/7e3c01f8-fb5c-4988-9e06-5fa34728425c Laajamittainen kyberhyökkäys Suomea vastaan voidaan rinnastaa vaikutuksiltaan vastaavanlaiseen aseelliseen hyökkäykseen, sanoo Catharina Candolin. Silloin meillä pitäisi olla valmius vastatoimiin.

Why the cybersecurity industry should treat civil society as critical infrastructure

therecord.media/why-the-cybersecurity-industry-should-treat-civil-society-as-critical-infrastructure/ Cybersecurity risks now affect everyone, but those risks aren’t the same everywhere. The Record spoke with Access Now’s Asia Policy Director and Senior International Counsel Raman Jit Singh Chima about how the human rights organization helps secure activists and journalists around the world. Chima, who also serves as the organization’s global security lead, shared details about risks facing human rights defenders in the Asia-Pacific regionfrom spyware and social media monitoring to disrupting access to certain apps or the entire Internet. Protecting civil society from these threats must be a key part of cybersecurity policy discussions, Chima told The Record, much like we think about how we need to protect power grids and other utilities that keep society functioning.

Introduction to ICS Security Part 3

www.sans.org/blog/introduction-to-ics-security-part-3/ In part 3 we will look at Remote Access Connections into ICS, examine why they are here to stay, and review the best practices for securing them.

You might be interested in …

Daily NCSC-FI news followup 2020-07-12

TrickBot malware mistakenly warns victims that they are infected www.bleepingcomputer.com/news/security/trickbot-malware-mistakenly-warns-victims-that-they-are-infected/ The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. Testissä 6 salasanojen hallintasovellusta – näillä helpotat elämää tuntuvasti www.tivi.fi/uutiset/tv/b5c602b4-8ed5-46d9-aa32-8bc76ce4298a Satojen eri käyttäjätunnusten ja salasanojen yhdistelmiä on lähes mahdoton muistaa. Miksi edes pitäisi […]

Read More

Daily NCSC-FI news followup 2020-06-24

Why cloud first is not a security problem www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem When considering moving to the public cloud, one of the first questions is often, Is the cloud secure?. This is a natural question. Although the public cloud offers an impressive array of tools and services, hidden beneath that slick visible layer are the complex layers of […]

Read More

Daily NCSC-FI news followup 2019-10-12

These are the 29 countries vulnerable to Simjacker attacks www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/ Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.. Simjacker attacks spotted in Mexico, Colombia and Peru. Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ The RIG exploit kit is now pushing a cocktail […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.