Daily NCSC-FI news followup 2019-08-19

GAME OVER: Detecting and Stopping an APT41 Operation

www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html In August 2019, FireEye released the Double Dragon report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services.. In this blog post, were going to examine a recent instance where FireEye Managed Defense came toe-to-toe with APT41.

Kristiinankaupunkilaisten tietoja löytyi kirpputorilla myydyistä tietokoneista poliisi tutkii tietosuojarikoksena

yle.fi/uutiset/3-10928750 Poliisi tutkii Kristiinankaupungin tietokonelöytöä tietosuojarikoksena. Rikosilmoitus asiasta kirjattiin Porissa heinäkuun lopulla ja se siirtyi tutkittavaksi Pohjanmaan poliisille.

$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

www.bleepingcomputer.com/news/security/11m-email-scam-at-caterpillar-pinned-to-nigerian-businessman/ A Nigerian national that was on Forbes’ list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/ In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro Deep Discovery Inspector that turned out to be related to EternalBlue.

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/ The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.

The Rise of Bulletproof Residential Networks

krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.. But this story is about so-called bulletproof residential VPN services that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the worlds largest ISPs and mobile data providers.

Influence Operations Kill Chain

www.schneier.com/blog/archives/2019/08/influence_opera.html Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.”

How Video Became a Dangerous Delivery Vehicle for Malware Attacks

securityintelligence.com/articles/how-video-became-a-dangerous-delivery-vehicle-for-malware-attacks/ Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive.

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

www.theregister.co.uk/2019/08/19/clickjacking_countermeasures_chrome/ After inaction, technical changes promise better fraud defense

You might be interested in …

Daily NCSC-FI news followup 2019-11-14

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices thehackernews.com/2019/11/qualcomm-android-hacking.html According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be the most protected part of a mobile device.. Report at research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/ […]

Read More

Daily NCSC-FI news followup 2020-09-16

Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään Katso, miten suomalaiset on jaoteltu yle.fi/uutiset/3-11544521 Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa. Pitkään kestävä syysmyrsky huolettaa sähköyhtiöitä “Valmiudessa on moninkertainen määrä työntekijöitä” yle.fi/uutiset/3-11547019 Keski-Pohjanmaalla toimivat sähköyhtiöt ovat nostaneet selvästi varautumistaan voimakkaan ja poikkeuksellisen pitkäkestoisen syysmyrskyn varalle. Yhä useampi on huolissaan lähipiiriinsä kohdistuvista […]

Read More

Daily NCSC-FI news followup 2020-06-24

Why cloud first is not a security problem www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem When considering moving to the public cloud, one of the first questions is often, Is the cloud secure?. This is a natural question. Although the public cloud offers an impressive array of tools and services, hidden beneath that slick visible layer are the complex layers of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.