Daily NCSC-FI news followup 2022-01-08

Organized Cybercrime Cases: What CISOs Need to Know

www.trendmicro.com/en_us/ciso/22/a/organized-cybercrime-what-cisos-need-to-know.html Recently, Trend Micro Research analyzed a new service offering, called Access as a Service (AaaS), in the undergrounds whereby malicious actors are selling access into business networks. AaaS is part of a developing trend in cybercrime, which is the increased specialization of services within CaaS and increased collaboration among these groups. Thinking from an incident response mentality, this means they will have to identify these different groups completing specific aspects of the overall attack, making it tougher to detect and stop attacks.

FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware

therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/ The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks. “Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries, ” the Bureau said in a security alert sent yesterday to US organizations. “There are two variations of packagesthose imitating HHS [US Department of Health and Human Services ] are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”

SonicWall: Y2K22 bug hits Email Security, firewall products

www.bleepingcomputer.com/news/security/sonicwall-y2k22-bug-hits-email-security-firewall-products/ SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022. Microsoft was also hit by the same bug, with Microsoft Exchange on-premise servers stopping email delivery starting on January 1st, 2022, due to the Y2K22 bug’s impact on the FIP-FS anti-malware scanning engine, which would crash when scanning messages. Starting with January 1st, Honda and Acura car owners began reporting that their in-car navigation systems’ clocks would automatically get knocked back 20 years, to January 1st, 2002.

Patchwork APT caught in its own web

blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. Instead of focusing entirely on victimology, we decided to shade some light on this APT. Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own RAT, resulting in captured keystrokes and screenshots of their own computer and virtual machines.

CDN Cache Poisoning Allows DoS Attacks Against Cloud Apps

www.darkreading.com/cloud/cache-poisoning-of-cdns-allows-dos-attacks-against-cloud-apps A Romanian vulnerability researcher has discovered more than 70 flaws in combinations of cloud applications and content delivery networks (CDNs) that could be used to poison the CDN caches and result in denial-of-service (DoS) attacks on the applications. The research shows that poisoning Web caches is still a significant threat to cloud applications, Ladunca said in the recap of his research. “Even though Web Cache Poisoning has been around for years, the increasing complexity in technology stacks constantly introduces unexpected behavior which can be abused to achieve novel cache poisoning attacks, ” he stated. also: youst.in/posts/cache-poisoning-at-scale/

WebSpec, a formal framework for browser security analysis, reveals new cookie attack

www.theregister.com/2022/01/08/webspec_browser_security/ Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security. And they’ve used it to identify multiple logical flaws affecting web browsers, revealing a new cookie-based attack and an unresolved Content Security Policy contradiction. These logical flaws are not necessarily security vulnerabilities, but they can be. They’re inconsistencies between Web platform specifications and the way these specs actually get implemented within web browsers.

500M Avira Antivirus Users Introduced to Cryptomining

krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus which has built a base of 500 million users worldwide largely by making the product free was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

You might be interested in …

Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019 securelist.com/mobile-malware-evolution-2019/96280/ Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users thehackernews.com/2020/02/firefox-dns-over-https.html Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks thehackernews.com/2020/02/google-chrome-zero-day.html New OpenSMTPD RCE Flaw Affects Linux and OpenBSD […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi: chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi: www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/ DNS cache poisoning, the Internet […]

Read More