Daily NCSC-FI news followup 2019-08-19

GAME OVER: Detecting and Stopping an APT41 Operation

www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html In August 2019, FireEye released the Double Dragon report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services.. In this blog post, were going to examine a recent instance where FireEye Managed Defense came toe-to-toe with APT41.

Kristiinankaupunkilaisten tietoja löytyi kirpputorilla myydyistä tietokoneista poliisi tutkii tietosuojarikoksena

yle.fi/uutiset/3-10928750 Poliisi tutkii Kristiinankaupungin tietokonelöytöä tietosuojarikoksena. Rikosilmoitus asiasta kirjattiin Porissa heinäkuun lopulla ja se siirtyi tutkittavaksi Pohjanmaan poliisille.

$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

www.bleepingcomputer.com/news/security/11m-email-scam-at-caterpillar-pinned-to-nigerian-businessman/ A Nigerian national that was on Forbes’ list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/ In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro Deep Discovery Inspector that turned out to be related to EternalBlue.

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/ The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.

The Rise of Bulletproof Residential Networks

krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.. But this story is about so-called bulletproof residential VPN services that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the worlds largest ISPs and mobile data providers.

Influence Operations Kill Chain

www.schneier.com/blog/archives/2019/08/influence_opera.html Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.”

How Video Became a Dangerous Delivery Vehicle for Malware Attacks

securityintelligence.com/articles/how-video-became-a-dangerous-delivery-vehicle-for-malware-attacks/ Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive.

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

www.theregister.co.uk/2019/08/19/clickjacking_countermeasures_chrome/ After inaction, technical changes promise better fraud defense

You might be interested in …

Daily NCSC-FI news followup 2021-06-25

Clop gang partners laundered $500 Million in ransomware payments thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. While the bust was […]

Read More

Daily NCSC-FI news followup 2020-06-25

As organizations get back to business, cyber criminals look for new angles to exploit blog.checkpoint.com/2020/06/25/as-organizations-get-back-to-business-cyber-criminals-look-for-new-angles-to-exploit/ Criminals are using COVID-19 training for employees as phishing bait. Non coronavirus-related headline news (including Black Lives Matter) being used in phishing scams. Weekly cyber-attacks increase 18% compared to May average. However, Covid-19 related cyber-attacks down 24% compared to May. […]

Read More

Daily NCSC-FI news followup 2019-09-01

Latest Sextortion Email Scheme Sent by ChaosCC Hacker Group www.bleepingcomputer.com/news/security/latest-sextortion-email-scheme-sent-by-chaoscc-hacker-group/ A new sextortion scam is underway that claims to be from the ChaosCC hacker group who states they infected the recipient’s computer with a Trojan that videoed them on adult web sites. If you received this email, it is important to know from the beginning […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.