Daily NCSC-FI news followup 2021-10-09

FinSpy: the ultimate spying tool

www.kaspersky.com/blog/finspy-for-windows-macos-linux/42383/ FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users. Heres what it can do and how to stay protected. At Kasperskys recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelists post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it.

Tips for DFIR Analysts, pt III

windowsir.blogspot.com/2021/10/tips-for-dfir-analysts-pt-iii.html Learn to think critically. Don’t take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not…you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.).

Cox Media Group confirms ransomware attack that took down broadcasts

www.bleepingcomputer.com/news/security/cox-media-group-confirms-ransomware-attack-that-took-down-broadcasts/ American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The company acknowledged the attack in data breach notification letters sent today via U.S. Mail to over 800 impacted individuals believed to have had their personal information exposed in the attack. The group first informed potentially affected individuals of the incident via email on July 30.

Hardware Bolsters Medical Device Security

www.darkreading.com/vulnerabilities-threats/hardware-bolsters-medical-device-security The medical device industry has transformed over the last decade, driven by an explosion in the Internet of Mobile Things and increased connectivity. As complexity around the technology, supply chains, and management of these devices grows, so have security concerns. Traditionally benefiting from no connectivity, or security through obscurity, today’s medical devices are complex systems with multiple layers of commodity-based hardware and software. As a result, medical devices today are more vulnerable to generic threats that target mainstream software libraries and operating systems like Windows and Linux.

Demo: A Guide to Virtual Machine App Security

www.trendmicro.com/en_us/devops/21/j/virtual-machine-security-guidelines.html It may seem like containers are the go-to method for cloud building, however 95% applications run on traditional infrastructure deployments like dedicated servers, shared hosting, and virtual machines (VMs). While Gartner has predicted that by 2022 15% of organizations will be using containers, that still leaves 85% continuing to run many applications and services as server-based deployments. Servers dont seem to be going anywhere anytime soon.. Enterprises have run legacy architectures for more than a decade while serving their growing customer base. During this time, theyve addressed capacity constraint challenges with cloud platforms.

ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux

www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. In this blogpost, we summarize the findings published in full in our white paper.

Google Confirms Powerful Password Shield Heading For 150 Million Chosen Ones

www.forbes.com/sites/daveywinder/2021/10/09/googles-powerful-password-shield-heads-for-150-million-automatically-opted-in-users/ Google has confirmed that it will be pushing forward, on an ‘automatic enrollment’ basis, with a bold security update for some 150 million users before the year-end. I am sure you are wondering if you will be among the chosen ones who get opted into using this powerful password shield and, if so, what exactly does this mean?. The confirmation from Google came by way of an official safety and security blog posting this week. The announcement by Google’s Chrome group product manager, AbdelKarim Mardini and director of Google account security and safety, Guemmy Kim, reinforces the password security switch message I wrote about back in May.

Vastaamon entiset potilaat vaativat jopa 10 000 euron korvauksia tietomurrosta konkurssipesä pitää 2 500:aa euroa ylärajana

yle.fi/uutiset/3-12134525 Psykoterapiakeskus Vastaamon konkurssipesä on ensimmäistä kertaa arvioinut asiakkaille maksettavien vahingonkorvauksien enimmäismäärää. Konkurssipesän mukaan yksityishenkilöt voisivat saada korvauksia enimmillään 2 500 euroa. Arvio selviää tiedotteesta, jonka pesänhoitaja on lähettänyt velkojille. Summa ei kuitenkaan tarkoita sitä, että vahingonkorvauksia vaativat saisivat tuon rahamäärän.

You might be interested in …

Daily NCSC-FI news followup 2021-12-18

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works.. Based on […]

Read More

[NCSC-FI News] An Investigation of the BlackCat Ransomware via Trend Micro Vision One

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model. Our data indicates that BlackCat is […]

Read More

[NCSC-FI News] How to protect your ADFS from password spraying attacks

A password spraying attack is a specialized password attack commonly used by attackers that is reasonably effective and helps avoid detection by traditional password defenses. Instead of trying many different passwords on a single user account, the password spraying attack may try one or two common passwords across many different accounts and services It may […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.