Daily NCSC-FI news followup 2019-06-26

Security flaw in LTE networks can let hackers send false presidential alerts

cyware.com/news/security-flaw-in-lte-networks-can-let-hackers-send-false-presidential-alerts-109ceabf A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts.

New Silex malware is bricking IoT devices, has scary plans

www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.. See also:

www.tivi.fi/uutiset/tv/6eae251e-8f36-4c6b-bf72-263d43089db7

Second Florida city pays giant ransom to ransomware gang in a week

www.reuters.com/article/us-china-cyber-cloudhopper-special-repor/special-report-inside-the-wests-failed-fight-against-chinas-cloud-hopper-hackers-idUSKCN1TR1DK Hacked by suspected Chinese cyber spies five times from 2014 to 2017, security staff at Swedish telecoms equipment giant Ericsson had taken to naming their response efforts after different types of wine.. An internal chart from mid-2017 helped top brass keep track of investigations codenamed for customers. Rubus dealt with Finnish conglomerate Valmet. Silver Scale was Brazilian mining giant Vale. Greenxmass was Swedish manufacturer SKF, and Oculus covered Ericsson.. See also:

www.itproportal.com/news/china-accused-of-stealing-valuable-data-from-a-handful-of-tech-giants/

Second Florida city pays giant ransom to ransomware gang in a week

www.zdnet.com/article/second-florida-city-pays-giant-ransom-to-ransomware-gang-in-a-week/ Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city’s administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000.. See more:

www.bleepingcomputer.com/news/security/attackers-earn-over-1-million-in-florida-ransomware-attacks/ and

threatpost.com/second-florida-city-pays-hackers-500k-post-ransomware-attack/146018/

Microsoft Adds 2FA-Protected “Personal Vault” Within OneDrive Cloud Storage

thehackernews.com/2019/06/microsoft-onedrive-personal-vault.html Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault, the new OneDrive folder can only be accessed with an additional step of identity verification, such as your fingerprint, face, PIN, or a two-factor authentication code sent to you via email or SMS.

Email Threats Continue to Grow as Attackers Evolve, Innovate

www.darkreading.com/attacks-breaches/email-threats-continue-to-grow-as-attackers-evolve-innovate/d/d-id/1335054 Threat actors increasingly using malicious URLs, HTTPS domains, file-sharing sites in email attacks, FireEye says. Email continues to be an extremely effective vector for delivering malicious content because of how adept attackers have become at tricking users over the years.

A Deep Dive Into Three Popular CVE-2019-3396 PoCs Used in Confluence Attacks

www.lacework.com/cve-2019-3396-poc-deep-dive/ When a new CVE comes out there is a dilemma between releasing and not releasing proof of concepts (PoCs). This dilemma is exacerbated by the potential impact of the vulnerability. Nothing illustrates this more than the anticipation surrounding BlueKeep, a vulnerability if exploited with RCE that could have major impacts. To date, there have been multiple claims and demos of working PoCs that have not been released. In the case of CVE-2019-3396, a vulnerability affecting Confluence, a number of PoCs emerged in short order. We recently blogged about the post-exploit attacks we observed from the vulnerability. In this blog, we discuss the attack attempts we see along with the corresponding public PoCs.

Wipro wasn’t a one-off: Same hacking crew targeted scores of firms, big and small researchers

www.theregister.co.uk/2019/06/26/wipro_hack_crew_much_bigger_operation_riskiq/ The criminals behind the Wipro phishing attack from earlier this year also targeted Western Union, Expedia, Rackspace and a whole host of other big companies, according to threat intel outfit RiskIQ. In a report published this morning the firm said the Wipro attackers were running a much larger series of phishing campaigns, aimed at extracting cash from hapless businesses whose files had been forcibly encrypted.

Black Market T-Mobile Location Data Tied to Spot of a Triple Murder

www.vice.com/en_us/article/vb9nzx/black-market-tmobile-phone-location-data-bounty-hunter-murder In 2017, two bounty hunters and a fugitive died in a chaotic shoot-out. Shortly after their deaths, someone started tracking one of the bounty hunter’s phones.

Malicious Microsoft Word docs warning: Think before you click on unexpected emails

www.zdnet.com/article/malicious-microsoft-word-docs-warning-think-before-you-click-on-unexpected-emails/ There’s been a surge in the number of malicious Word documents being spammed out by cyber crooks, according to tech security company WatchGuard. These documents might look legitimate but come packed with code that could put your corporate network at risk.

Here’s how I survived a SIM swap attack – and how my mobile carrier failed me

www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/ Last week, I shared a horror story: My SIM was swapped. My Google and Twitter accounts were also stolen, and $25,000 was withdrawn from my bank account for a Bitcoin purchase. I thought I was targeted for my online presence. Turns out, the attack was likely driven by a Coinbase account I experimented with in early 2018 that was never closed.

Huawei Telecom Gear Much More Vulnerable to Hackers Than Rivals’ Equipment, Report Says

www.wsj.com/articles/huawei-telecom-gear-much-more-vulnerable-to-hackers-than-rivals-equipment-report-says-11561501573 Telecommunications gear made by Chinas Huawei Technologies Co. is far more likely to contain flaws that could be leveraged by hackers for malicious use than equipment from rival companies, according to new research by cybersecurity experts that top U.S. officials said appeared credible. Over half of the nearly 10,000 firmware images encoded into more than 500 variations of enterprise network-equipment devices tested by the researchers contained at least one such exploitable vulnerability, the researchers found. Firmware is the software that powers the hardware components of a computer.. See also:

www.itproportal.com/news/huaweis-communications-gear-more-susceptible-to-hacks-experts-claim/

Blogi: Drone Nordean ikkunan takana mitäs nyt tehdään?

www.nordea.com/fi/media/uutiset-ja-lehdistotiedotteet/finanssimaailma-blogi/2019-06-26-blogi-drone-nordean-ikkunan-takana-mitas-nyt-tehdaan.html Nordean tilinpäätös julkistettiin helmikuun alussa varhain aamulla. Koko päivä oli aikamoista haipakkaa erilaisten tulokseen liittyvien asioiden selvittelyssä. Kun tulos oli saatu ulos, aloimme valmistella pörssitiedotetta, joka julkistettiin aikaisin seuraavana aamuna. Yht äkkiä konserniviestinnän tiloihin tulee kollegani samasta kerroksesta ja sanoo, että kerroksen ikkunan takana on drone. Lähimmillään kahden metrin päässä ikkunasta paikallaan. Hämmentynyt kysymys: Mitä meidän pitäisi nyt tehdä?

ViceLeaker Operation: mobile espionage targeting Middle East

securelist.com/fanning-the-flames-viceleaker-operation/90877/ In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky spyware sensors caught the signal of an attack from the device of one of the victims; and a hash of the APK involved (Android application) was tagged in our sample feed for inspection. Once we looked into the file, we quickly found out that the inner-workings of the APK included a malicious payload, embedded in the original code of th. During the course of our research, we noticed that we were not the only ones to have found the operation. Researchers from Bitdefender also released an analysis of one of the samples in a blogpost. Although something had already been published, we decided to do something different with the data we acquired. The following month, we released a private report on our Threat Intelligence Portal to alert our clients about this newly discovered operation and be. The operation of ViceLeaker is still ongoing, as is our research. The attackers have taken down their communication channels and are probably looking for ways to assemble their tools in a different manner. Kaspersky detects and blocks samples of the ViceLeaker operation using the following verdict: Trojan-Spy.AndroidOS.ViceLeaker.*. Actually, we are currently investigating whether this group might also be behind a large-scale web-oriented attack at the end of 2018 using code injection and exploiting SQL vulnerabilities. Even when this would not be directly related to the Android malware described in this blogpost, it would be an indicator of wider capabilities and objectives of this actor.

FIDO Alliance to Tackle Identity Verification and IoT Authentication

www.darkreading.com/endpoint/fido-alliance-to-tackle-identity-verification-and-iot-authentication/d/d-id/1335044 See more:

www.crn.com/news/internet-of-things/intel-arm-to-help-create-new-iot-standard-for-device-onboarding

YouTube Bitcoin Scams Pushing the njRAT Backdoor InfoStealer

www.bleepingcomputer.com/news/security/youtube-bitcoin-scams-pushing-the-njrat-backdoor-infostealer/ YouTube scams are promoting software that pretends to allow users to get free Bitcoins, but instead installs the njRAT remote access trojan and password stealer. These YouTube videos pretend to be hack scripts, giveaways, or games that allow you to win free cryptocurrency such as bitcoins. These videos tend to have the “FREEBITCO IN” string in the title or description, which makes it easy to find the videos that are part of this campaign.

Security Flaws in Electronic Artss Origin Platform

blog.checkpoint.com/2019/06/26/electronic-arts-ea-origin-platform-vulnerability-cyber-security-hacking-account-takeover/ In the last few weeks, Check Point Research has combined forces with CyberInt to identify a chain of vulnerabilities that, once exploited, could have led to the takeover of millions of player accounts within the worlds second largest gaming company, EA Games. The potential damage could have involved an attacker gaining access to a users credit card information and the ability to fraudulently purchase in game currency on behalf of the user.. CyberInt and Check Point immediately notified EA Games of these security gaps and together leveraged their expertise to support EA in fixing them to protect their gaming customers.. See also:

threatpost.com/ea-games-account-hijacking-bug/146031/,

thehackernews.com/2019/06/ea-origin-game-hacking.html and

www.zdnet.com/article/ea-fixes-cloud-flaw-that-could-have-left-user-accounts-at-risk/

Riltok Android Banker Takes Over SMS App, Spawns Phishing Screens

www.bleepingcomputer.com/news/security/riltok-android-banker-takes-over-sms-app-spawns-phishing-screens/ A family of banking trojans for Android has spread beyond Russia, a region it normally targeted, and operates in an aggressive way to replace the default SMS app and deploy phishing screens on compromised devices. Dubbed Riltok, the strain has been known since March 2018 and operated mainly in Russia, where 90% of its victims are located.

Phishing Scam Says You Won $2.5M For Using Google’s Services

www.bleepingcomputer.com/news/security/phishing-scam-says-you-won-25m-for-using-googles-services/ This scam comes in the form of an email with a subject line of “Powered by Google” that states “You have been selected a winner for using Google services.”.

Tech Support Scammers Target Search Ads on ISP Start Pages

www.bleepingcomputer.com/news/security/tech-support-scammers-target-search-ads-on-isp-start-pages/ Tech support scammers are targeting users through search ads for recipes on ISP start pages and custom search result pages that redirect users to browser lockers stating that their computers are infected.

Iran-linked APT33 Shakes Up Cyberespionage Tactics

threatpost.com/iranian-apt33-shakes-up-cyberespionage-tactics/146041/ After a March report exposed Iran-linked APT33s infrastructure and operations, the cyberespionage group has adopted new tactics and techniques. The infrastructure overhaul stems from a March 2019 Symantec report exposing the groups wide-ranging infrastructure and cyberespionage efforts, including a three-year campaign against multiple firms in Saudi Arabia and the United States. In a report released Wednesday, Recorded Future researchers said that, days after the March report went live, they observed APT33 had reassigned its key domain infrastructure and starting using a new remote access tro

Yli 50 rikosilmoitusta suositusta nettikaupasta tulee tavaraa tilaamatta

www.is.fi/digitoday/tietoturva/art-2000006154641.html Useampi suomalainen on joutunut Wish-verkkokaupan kautta tehtyjen petosten uhriksi. Ainakin osassa petoksista on hyödynnetty maksupalveluyhtiö Klarnaa, joka ei pidä käytäntöjensä muuttamista tärkeänä.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.