Daily NCSC-FI news followup 2019-08-02

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards

www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Between July 19 and July 25, 2019, several spear phishing emails were identifiedtargeting three US companies in the utilities sector. . The phishing messages were found to contain a Microsoft Word document attachment that uses VBA macros to installLookBack malware.. LookBackmalware is a remote accessTrojanwritten in C++ that relies on a proxy communication tool to relay datafrom the infected host to a command and control IP.

WaterISAC: 15 Security Fundamentals You Need to Know

www.tripwire.com/state-of-security/ics-security/waterisac-security-fundamentals/ WaterISAC published 15 guidelines which water and wastewater utilities can use to protect against digital threats.

Why Every Organization Needs an Incident Response Plan

www.darkreading.com/edge/theedge/why-every-organization-needs-an-incident-response-plan/b/d-id/1335395 OK, perhaps that’s obvious. The question is, how come so many organizations still wait for an incident to trigger their planning?

What Capital One’s cybersecurity team did (and did not) get right

www.cyberscoop.com/capital-one-cybersecurity-data-breach-what-went-wrong/ There was no months-old, unpatched Apache flaw. A S3 bucket wasnt publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the companys bug bounty program.. While its tempting to knock Capital One for this breach, theres a lot they got right, said Mark Orlando, the chief technology officer for cyber protection solutions at Raytheon.. also:


Scammer Arrested After Defrauding US Universities of Over $870K

www.bleepingcomputer.com/news/security/scammer-arrested-after-defrauding-us-universities-of-over-870k/ Amil Hassan Raage was arrested for defrauding two U.S. Universities of more than $870,000 as part of a business email compromise (BEC) fraud scheme he ran during last year.. Raage pleaded guilty of receiving multiple payments totaling $749,158.37 from the University of California San Diego (UCSD) and $123,643.77 from a Pennsylvania university.

Varo uutta kiristysohjelmaa tutulta tullut tekstiviesti voi tehdä puhelimelle tylyn tempun

www.is.fi/digitoday/tietoturva/art-2000006191257.html Android-puhelimiin levitetään seksisimulaattorilta näyttävää ohjelmaa, joka ei todellakaan tarjoa tyydytystä muille kuin rikollisille.

DHCP Client Remote Code Execution Vulnerability Demystified

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/dhcp-client-remote-code-execution-vulnerability-demystified/ CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets.. This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making it a critical vulnerability.

Eavesdropping smartphones: Fact or fiction?

www.kaspersky.com/blog/smartphones-eavesdropping/27817/ Its an oft-repeated tale: Someone talks with a friend about a certain thing, and then, bang, an ad for it appears on the smartphone screen.

GermanWiper ransomware hits Germany hard, destroys files, asks for ransom

www.zdnet.com/article/germanwiper-ransomware-hits-germany-hard-destroys-files-asks-for-ransom/#ftag=RSSbaffb68 For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data.. As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them recover their files.

Cobalt Group Returns To Kazakhstan

research.checkpoint.com/cobalt-group-returns-to-kazakhstan/ Cobalt Group is a financially motivated cyber-crime gang that has been active since at least 2016. The group is mainly interested in carrying out attacks against banks, in an attempt to access the banks internal networks and potentially take over sensitive components, such as ATM-controlling servers or card-processing systems. . Although the Europol arrested Cobalt Groups leader in 2018, the group remains active until this day.

Lotsy group targets Italian and Spanish-speaking users

securityaffairs.co/wordpress/89287/cyber-crime/lotsy-group-scam-campaigns.html Group-IB discovered massive fraudulent campaigns carried out by Lotsy group involving the use of dozens of well-known brands aimed at Italian and Spanish-speaking customers.. Group-IB has discovered a new wave of massive fraudulent campaigns involving the use of dozens of well-known brands including Alitalia, Carrefour, Conad, etc. . Italian and Spanish-speaking customers have become the primary targets of the group of scammers, dubbed Lotsy by Group-IB, whose aim is to trick people into visiting websites for marketing purposes.

– From Carnaval to Cinco de Mayo The journey of Amavaldo

www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/ The first in an occasional series demystifying Latin American banking trojans. We have learned a lot we have identified more than 10 new malware families, studied the distribution chains and linked them to the new families accordingly, and dissected the internal behavior of the banking trojans. . In this initial blog post, we will start by describing this type of banking trojan in general and then move to the first newly identified malware family well discuss Amavaldo.

APT trends report Q2 2019

securelist.com/apt-trends-report-q2-2019/91897/ For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. . The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. . They aim to highlight the significant events and findings that we feel people should be aware of.. This is our latest installment, focusing on activities that we observed during Q2 2019.

Kokemäen kaupunki kaiveli varmuuskopioitaan kiristysohjelman lukitsemasta datasta osa saatu avattua

yle.fi/uutiset/3-10905778 Kokemäen tietomurron tuhot ovat hallintojohtaja Mikko Löfbackan mukaan pelättyä pienemmät. Osa järjestelmistä on jo saatu palautettua testikäyttöön. Löfbacka arvioi, että viikon päästä ne saattavat olla jo julkisessa käytössä.

Apple keskeyttää käytäntönsä, jossa työntekijät ovat kuunnelleet älylaitteista tallennettua puhetta

www.hs.fi/talous/art-2000006192006.html Teknologiayhtiö Apple keskeyttää käytäntönsä, jossa sen alihankkijoiden työntekijät ovat kuunnelleet Siri-sovellukselle saneltuja ääniviestejä.. Apple keskeyttää luokitteluksi kutsumansa laaduntarkkailun kaikkialla maailmassa. Samalla yhtiö kertoo aikovansa selvittää, kuuleeko Siri komentoja aina oikein vai käynnistyykö se myös vahingossa.

You might be interested in …

Daily NCSC-FI news followup 2020-08-31

Bluetoothin turvallinen käyttö älylaitteissa www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/bluetoothin-turvallinen-kaytto-alylaitteissa Suomen korona-altistuksia jäljittävä sovellus auttaa katkaisemaan tartuntaketjuja ja hillitsemään viruksen leviämistä. Jäljittäminen perustuu Bluetooth Low Energy (BLE) -tekniikkaan: laitteet tunnistavat olevansa toisen laitteen lähellä BLE-signaalien voimakkuuden perusteella. Tässä artikkelissa korjaamme oletuksia ja vastaamme kysymyksiin, jotka liittyvät Bluetoothin käytön tietoturvariskeihin. Cisco warns of actively exploited bug in carrier-grade routers www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/ Cisco […]

Read More

Daily NCSC-FI news followup 2020-07-05

CVE-2020-5902 F5 BIG-IP Exploitation Attempt isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310 A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability CVE-2020-5902. Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data www.forbes.com/sites/daveywinder/2020/07/05/reddit-latest-to-get-caught-by-apple-ios-14-clipboard-data-copying-alerts-iphone-privacy/ Yesterday it was LinkedIn that was making the news after being exposed by Apple’s iOS 14 new privacy notification feature. The same developer that […]

Read More

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.