Daily NCSC-FI news followup 2021-12-04

Why the Future Needs Passwordless Authentication

securityintelligence.com/future-needs-passwordless-authentication/ As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed. Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Russian internet watchdog announces ban of six more VPN products

www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/ Russia’s internet watchdog, Roskomnadzor’, has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. The latest services added to the list of banned VPN services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel.

Key Characteristics of Malicious Domains: Report

www.darkreading.com/threat-intelligence/research-outs-the-providers-more-likely-to-host-malicious-content The newness of top-level domains as well as infrastructure located in certain countries continue to be reliable signs of whether network traffic could be malicious, while the use of self-signed Secure Sockets Layer (SSL) certificates or those issued by the free Let’s Encrypt service are not abnormally risky, according to new research.

Really stupid “smart contract” bug let hackers steal $31 million in digital coin

arstechnica.com/information-technology/2021/12/hackers-drain-31-million-from-cryptocurrency-service-monox-finance/ Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges.

Technical Problem or Cyber Crime? How to Tell the Difference

securityintelligence.com/articles/attack-cyber-crime-difference/ As soon as the Oct. 4 Facebook mega outage took place, questions about the cause ran rampant. Was it a cyber crime or a technical glitch?? Who was at fault?. The outage reportedly resulted in the loss of some $60 to $100 million dollars of revenue, and Facebook’s stock plunged 4.9% on the same day. That’s a total of $47.3 billion in lost market cap.

End-to-end Testing: How a Modular Testing Model Increases Efficiency and Scalability

www.crowdstrike.com/blog/how-a-modular-testing-model-increases-efficiency-and-scalability/ In our last post, Testing Data Flows using Python and Remote Functions, we discussed how organizations can use remote functions in Python to create an end-to-end testing and validation strategy. Here we build on that concept and discuss how it is possible to design the code to be more flexible.

Colorado energy company loses 25 years of data after cyberattack while still rebuilding network

www.zdnet.com/article/colorado-energy-company-loses-25-years-of-data-after-cyberattack-still-rebuilding-network/#ftag=RSSbaffb68 Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. The energy company hired cybersecurity experts to investigate the incident, but they are still having issues recovering nearly a month later.

Microsoft Exchange servers hacked to deploy BlackByte ransomware

www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackbyte-ransomware/ The BlackByte ransomware gang is now breaching corporate networks by exploiting Microsoft Exchange servers using the ProxyShell vulnerabilities. Detailed report:

redcanary.com/blog/blackbyte-ransomware/

ProxyShell exploitation leads to BlackByte ransomware

redcanary.com/blog/blackbyte-ransomware/ The BlackByte ransomware operators leverage ProxyShell Microsoft Exchange vulnerabilities for initial access along with Cobalt Strike for lateral movement. Here’s what to look out for.

Who Is the Network Access Broker Babam’?

krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/ Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam, ” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.

Espoon Otaniemeen syntyi täysin uudenlainen tietokone

www.is.fi/digitoday/art-2000008445161.html Otaniemessä sijaitsee Suomen ensimmäinen toimiva kvanttitietokone. Teknologia saattaa mullistaa maailmaa, ilman että moni sitä ensin edes huomaa.

You might be interested in …

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Daily NCSC-FI news followup 2021-08-13

Microsoft Exchange servers are getting hacked via ProxyShell exploits www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-are-getting-hacked-via-proxyshell-exploits/ Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution. Vice Society Leverages PrintNightmare In Ransomware Attacks […]

Read More

Daily NCSC-FI news followup 2020-11-19

Tahmaako netti? Liisa-myrskyn aiheuttamia tuhoja korjaillaan www.tivi.fi/uutiset/tv/e78e181b-62f7-45cb-ac38-e30eee4f8017 Liisa-myrskyn aiheuttamat sähkökatkokset aiheuttavat parhaillaan häiriöitä matkapuhelinverkossa. Accused Ringleader of FIN7 Hacking Group Pleads Guilty www.bankinfosecurity.com/accused-ringleader-fin7-hacking-group-pleads-guilty-a-15397 Andrii Kolpakov, who is a Ukrainian national, pleaded guilty to charges of conspiracy to commit wire fraud and conspiracy to commit computer hacking. He faces up to a 25-year federal prison term […]

Read More