News – Page 525

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Posted on 6 July 2021

From blogs.cisco.com

NIST CSF Categories and Sub-Categories

IDENTIFY – Asset Management (H/W and S/W inventories; communication and data flow mapping)

[ID.AM-1 and ID.AM-2] Orbital gives detailed information about the H/W and running applications/processes by querying endpoints using WMI. It can also help in tracking disk space, memory and any other IT Ops artifacts. All this information can then be used to create H/W and S/W inventories for the organisation. Secure Endpoint can also be used to check system status (OS versions, patches, if host firewall is enabled, what application is allowed through etc).

IDENTIFY – Risk Assessment (vulnerabilities identified; threat intelligence received; threats identified; threats, vulnerabilities and impacts to determine risk)

DARPA nails cash to project ‘FENCE’ — a smart camera that only sends pics when pixels change

Posted on 6 July 2021

From theregister.com

The USA’s Defense Advanced Research Projects Agency (DARPA) has announced it will fund development of a new type of “event-based” camera that only transmits information about pixels that have changed.

The Agency last week announced last week that Raytheon, BAE Systems and Northrop Grumman will develop the new snapper under the Fast Event-based Neuromorphic Camera and Electronics (FENCE) program.

The research and development agency solicited proposals for the project in October 2020, when it sought help to build a camera that can sense motion and determine its importance, with low latency and consuming minimal energy.

Biggest supply chain attack since Sunburst strikes over US Independence Day weekend, affecting over 1000 organizations globally

Posted on 6 July 2021

From blog.checkpoint.com

Highlights

Massive supply chain attack carried out by REvil over the 4^th of July weekend impacts numerous Kaseya customers with millions of USD in ransom demands
Check Point Research (CPR) observes 15 new REvil attacks per week in the past 2 months with US, Germany, Brazil and India being the top countries affected by such attacks
Ransomware attacks continue to surge globally, hitting a 93% increase year on year
Attacked Check Point Harmony Endpoint customers remain protected

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

Posted on 6 July 2021

From thehackernews.com

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware.

While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability (CVE-2021-30116) in the software was leveraged to push ransomware to Kaseya’s customers.

Zqqw file virus Removal Guide

Posted on 5 July 2021

From 2-spyware.com

Zqqw ransomware is targeting Windows computers that lack sufficient protection. The threat can insert itself on the machine and act maliciously until the data gets locked and ransom note presented – the only symptom of this cryptocurrency extortion-based virus. Since the cryptovirus belongs to the Djvu ransomware family, these infections are mostly spread through file-sharing platforms, especially torrent websites. If your computer is infected with the article’s culprit, you probably downloaded a game crack, pirated software, or something similar from these high-risk websites.

Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Posted on 5 July 2021

From thehackernews.com

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core.

The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn’t impacted by the flaw.

Built on the .NET Common Language Runtime (CLR), PowerShell is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework.

Diavol Ransomware is Linked to Wizard Spider Cybercrime Group

Posted on 5 July 2021

From ehackingnews.com

The cybercrime group behind the Trickbot botnet, Wizard Spider, has been linked to a new ransomware strain dubbed Diavol, according to FortiGuard Labs security analysts. In early June 2021, Diavol and Conti ransomware payloads were delivered on several systems in a ransomware attack prevented by the company’s EDR technology.

Wizard Spider is a financially motivated criminal group based in Russia that manages the Trickbot botnet, which is used to distribute second-stage malware to infected devices and networks. Because it spreads over corporate networks, Trickbot is especially hazardous to companies. If it gains administrative access to a domain controller, it will also steal the Active Directory database, allowing the organization to harvest even more network credentials.