Daily NCSC-FI news followup 2019-07-01

The Worm That Nearly Ate the Internet

www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer.

Nordean palveluissa häiriöitä jatkuneet jo tuntien ajan

www.tivi.fi/uutiset/tv/5156b4b9-db06-4dc0-a465-e156836e785c Joitakin Nordean verkko- ja mobiilipankin palveluita vaivaa tilapäinen häiriö.

Trump officials weigh encryption crackdown

www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306 Senior Trump administration officials met on Wednesday to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement cant break a provocative step that would reopen a long-running feud between federal authorities and Silicon Valley.

OceanLotus APT Uses New Ratsnif Trojan for Network Attacks

www.bleepingcomputer.com/news/security/oceanlotus-apt-uses-new-ratsnif-trojan-for-network-attacks/ A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking.

Operation Tripoli

research.checkpoint.com/operation-tripoli/ Check Point Research recently came across a large-scale campaign that for years was using Facebook pages to spread malware across mobile and desktop environments, with one target country in mind: Libya.

Phishing-as-a-Service Fuels Evasion Methods, Email Scam Growth

www.bleepingcomputer.com/news/security/phishing-as-a-service-fuels-evasion-methods-email-scam-growth/ With much of the world’s corporate communication being done through email, scammers increasingly target corporate users with phishing scams that allow them to steal credentials that can be used for BEC scams, social engineering, or to steal corporate secrets.. Instead of hacking into servers to host landing pages and developing their own phishing kits, new Phishing-as-a-Service (PhaaS) sites are being created where criminals can select from a variety of phishing landing pages and hosting for one month.

Florida city fires IT employee after paying ransom demand last week

www.zdnet.com/article/florida-city-fires-it-employee-after-paying-ransom-demand-last-week/ Officials from Lake City, Florida, have fired an IT employee last week after the city was forced to approve a gigantic ransomware payment of nearly $500,000 last Monday.

Germany to publish standard on modern secure browsers

www.zdnet.com/article/germany-to-publish-standard-on-modern-secure-browsers/ Germany’s cyber-security agency is working on a set of minimum rules that modern web browsers must comply with in order to be considered secure.

Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps

blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/ As mobile ad spending increases year by year the projected mobile ad spend for U.S. advertisers in 2019 is estimated to exceed US$16 billion cybercriminals will continue to try to illicitly profit via adware that have increasingly insidious tricks.. As proof to this point, we recently observed an active adware campaign (detected by Trend Micro as AndroidOS_HiddenAd.HRXAA and AndroidOS_HiddenAd.GCLA) concealed in 182 free-to-download game and camera apps, majority of which were found on the Google Play Store and collectively had millions of downloads.

Team Whack -tähti pyrkii poistamaan mystisyyden hakkeroinnin ympäriltä pitää podcastia tietoturvasta

www.tivi.fi/uutiset/tv/15c60857-78af-4589-9b01-ebecc9f0ef01 Laura Kankaala työskentelee F-Securen tietoturvakonsulttina ja esiintyy Ylen Team Whack -ohjelmassa murtautumistestaajana eli valkohattuhakkerina. Hän tekee myös tietoturvaan liittyvää podcastia nimeltä We need to talk about infosec.

Illegal Card Enrollment Services Hijack Online Bank Accounts

www.bleepingcomputer.com/news/security/illegal-card-enrollment-services-hijack-online-bank-accounts/ Cybercriminals are exploring all avenues to get the most out of stolen payment card information. Access to an online banking account opens the door to a new revenue stream, and services providing it have grown more attractive.

Singapore government to run another bug bounty

www.zdnet.com/article/singapore-government-to-run-another-bug-bounty/ Its third with bug bounty platform HackerOne, the Singapore government is looking to identify potential security holes across nine online digital services as well as ICT systems with high user engagement.

Billions of Records Including Passwords Leaked by Smart Home Vendor

www.bleepingcomputer.com/news/security/billions-of-records-including-passwords-leaked-by-smart-home-vendor/ A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.

Hacking our bosss smart home

www.kaspersky.com/blog/hacking-things/27431/ The idea of a smart home is becoming more and more mainstream nowadays. Previously appealing mostly to geeks and people who always buy the newest toys, smart home setups have become quite popular, and a basic setup can even be affordable.

Sockpuppies!

labsblog.f-secure.com/2019/07/01/sockpuppies/ Yesterday, a colleague of mine, Eero Kurimo, told me about something odd hed seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets.