Daily NCSC-FI news followup 2021-11-01

Trojan Source’ Bug Threatens the Security of All Code

krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/ Virtually all compilers programs that transform human-readable source code into computer-executable machine code are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Report:

trojansource.codes/trojan-source.pdf

Canadian province health care system disrupted by cyberattack

www.bleepingcomputer.com/news/security/canadian-province-health-care-system-disrupted-by-cyberattack/ The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.

Ransomware attack disrupts Toronto’s public transportation system

therecord.media/ransomware-attack-disrupts-torontos-public-transportation-system/ A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity.”

Ransomware decryptor roundup: BlackByte, Atom Silo, LockFile, Babuk decryptors released

www.zdnet.com/article/ransomware-decryptor-roundup-blackbyte-atom-silo-lockfile-babuk-decryptors-released/ This follows the release of multiple decryptors over the past few months, including REvil/Sodinokibi. Ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks, highlighting some amount of progress in the fight against a few of the smaller ransomware gangs.

Cring ransomware continues assault on industrial organizations with aging applications, VPNs

www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/ A Sophos report attributed a recent Cring attack to hackers in Belarus and Ukraine. The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year.

Critical Flaws Uncovered in Pentaho Business Analytics Software

thehackernews.com/2021/11/critical-flaws-uncovered-in-pentaho.html Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application.

FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics

www.bleepingcomputer.com/news/security/fbi-hellokitty-ransomware-adds-ddos-attacks-to-extortion-tactics/ The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.

BlackShadow hackers breach Israeli hosting firm and extort customers

www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/ The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company’s services.

Lessons from a real-life ransomware attack

blog.malwarebytes.com/ransomware/2021/11/lessons-from-a-real-life-ransomware-attack/ Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily, since news articles about ransomware attacks often focus on the attack, the suspected threat actors, the ransomware type, and, well, not much else. In immediate recovery, first prioritize and then look for “surprise” systems

Microsoft warns of rise in password sprays targeting cloud accounts

www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/ The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.

Kaspersky’s stolen Amazon SES token used in Office 365 phishing

www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/ Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

Microsoft Defender for Windows is getting a massive overhaul

www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/ Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard.

Alleged Trickbot malware gang member extradited to United States, and appears in court

www.bitdefender.com/blog/hotforsecurity/trickbot-member-extradited-united-states-court/ A 38-year-old Russian national has appeared in a US federal court, after being extradited from South Korea, to face charges of his alleged involvement in the notorious Trickbot malware gang. The US Department of Justice believes that Vladimir Dunaev (also known as “FFX”) was a malware developer for the Trickbot group, which became infamous for its data-stealing Trojan horse that helped cybercriminals defraud innocent internet users since 2015.

You might be interested in …

Daily NCSC-FI news followup 2021-09-12

Windows MSHTML zero-day exploits shared on hacking forums www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/ Threat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, […]

Read More

Daily NCSC-FI news followup 2021-01-27

Kyberharjoitusskenaariot 2021 – uusia ideoita kyberharjoituksiin www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoitusskenaariot-2021-uusia-ideoita-kyberharjoituksiin Uusi Kyberharjoitusskenaariot 2021 -julkaisumme sisältää todentuntuisia kyberuhkia maksujärjestelmän tietovuodosta laajamittaiseen epidemiaan. Skenaarioiden tarkoitus on auttaa organisaatioita löytämään itselleen sopivimmat uhkakuvat, joiden torjumista ne voivat harjoitella. WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action Law enforcement and judicial authorities worldwide have this week disrupted one of most […]

Read More

Daily NCSC-FI news followup 2021-04-21

Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities us-cert.cisa.gov/ncas/alerts/aa21-110a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actoror actorsbeginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Lisäksi: threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/. […]

Read More