Daily NCSC-FI news followup 2021-10-27

Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

therecord.media/free-decrypters-released-for-atomsilo-babuk-and-lockfile-ransomware-strains/ Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strainsAtomSilo, Babuk, and LockFile. The AtomSilo and LockFile decrypters are being offered as one single download because of the similarities between the two ransomware strains.

Babuk ransomware decryptor released to recover files for free

www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/ Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. According to Avast Threat Labs, the Babuk decryptor was created using leaked source code and decryption keys.

Workers sent home after ransomware attack on major automotive parts manufacturer

therecord.media/workers-sent-home-after-ransomware-attack-on-major-automotive-parts-manufacturer/ German multinational company Ebersp├Ącher Group has sent a part of its factory workforce home on paid leave while its management and IT teams are dealing with a ransomware attack that crippled its IT systems over the weekend. The Ebersp├Ącher Group currently employs more than 10, 000 workers, operates production plants in 80 locations across 28 countries, and is known for building air conditioning, heating, and exhaust systems, which it supplies to almost all of today’s top car brands.

Ransomware gang claims attack on NRA

therecord.media/ransomware-gang-claims-attack-on-nra/ The operators of the Grief ransomware have listed today the US National Rifle Association (NRA) as a victim of one of their attacks. The organization’s name was listed on a dark web portal, often called a “leak site, ” where the Grief gang typically lists companies they infected and which haven’t paid their ransom demands.

Spammers use Squirrelwaffle malware to drop Cobalt Strike

www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/ A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. The new malware tool spreads via spam campaigns dropping Qakbot and Cobalt Strike in the most recent campaigns.

Hackers arrested for infiltrating’ Ukraine’s health database

www.bleepingcomputer.com/news/security/hackers-arrested-for-infiltrating-ukraine-s-health-database/ The Security Service of Ukraine (SSU) has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine (NHSU) and entered false vaccination entries for other people. The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3, 000 hryvnias ($114).

Nightmare Email Attacks (and Tips for Blocking Them)

www.paloaltonetworks.com/blog/2021/10/email-attacks-mitigation-tips/ This type of attack is known as a business email compromise, or BEC. Each year, Unit 42 security consultants spend thousands of hours on BEC investigations, combing through logs to identify unauthorized activity, determine how unauthorized access occurred and find security gaps that need to be addressed.

Cyber-attack hits UK internet phone providers

www.bbc.com/news/technology-59053876 An “unprecedented” and co-ordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body. Industry body Comms Council UK said several of its members had been targeted by distributed denial of service (DDoS) attacks in recent weeks.

Twitter employees required to use security keys after 2020 hack

www.bleepingcomputer.com/news/security/twitter-employees-required-to-use-security-keys-after-2020-hack/ Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack. “Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks, ” they said.

Top 5 Cloud Native Security Challenges

blog.checkpoint.com/2021/10/27/top-5-cloud-native-security-challenges/ As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints, to compliance fines and new threats of attack. Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials. While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. In this blog, we’ll look at the top 5 cloud native security challenges and briefly cover ways to mitigate risk.

Multiple vulnerabilities in Apple iOS 14 and iPadOS 14 prior to iOS 14.8.1 and iPadOS 14.8.1

support.apple.com/en-us/HT212868 Update available to iOS and iPadOS, update to 14.8.1

Multiple vulnerabilities in Apple iOS 15 and iPadOS 15 prior to iOS 15.1 and iPadOS 15.1

support.apple.com/en-us/HT212867 Update available to iOS and iPadOS, update to 15.1

You might be interested in …

Daily NCSC-FI news followup 2021-12-07

Windows 10 Drive-By RCE Triggered by Default URI Handler threatpost.com/windows-10-rce-url-handler/176830/ According to a report posted Tuesday by Positive Security, the vulnerability is triggered by an argument injection, which is a type of attack that involves tampering with a page’s input parameters. It can enable attackers to see or to modify data via the user interface […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Daily NCSC-FI news followup 2020-09-25

Microsoft boots apps out of Azure used by China-sponsored hackers arstechnica.com/information-technology/2020/09/microsoft-boots-apps-used-by-china-sponsored-hackers-out-of-azure/ Active Directory apps used for command-and-control infrastructure are no more. Report: www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/ Feds Hit with Successful Cyberattack, Data Stolen threatpost.com/feds-cyberattack-data-stolen/159541/ The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations thehackernews.com/2020/09/finspy-malware-macos-linux.html […]

Read More