Daily NCSC-FI news followup 2019-08-19

GAME OVER: Detecting and Stopping an APT41 Operation

www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html In August 2019, FireEye released the Double Dragon report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services.. In this blog post, were going to examine a recent instance where FireEye Managed Defense came toe-to-toe with APT41.

Kristiinankaupunkilaisten tietoja löytyi kirpputorilla myydyistä tietokoneista poliisi tutkii tietosuojarikoksena

yle.fi/uutiset/3-10928750 Poliisi tutkii Kristiinankaupungin tietokonelöytöä tietosuojarikoksena. Rikosilmoitus asiasta kirjattiin Porissa heinäkuun lopulla ja se siirtyi tutkittavaksi Pohjanmaan poliisille.

$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

www.bleepingcomputer.com/news/security/11m-email-scam-at-caterpillar-pinned-to-nigerian-businessman/ A Nigerian national that was on Forbes’ list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/ In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro Deep Discovery Inspector that turned out to be related to EternalBlue.

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/ The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.

The Rise of Bulletproof Residential Networks

krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.. But this story is about so-called bulletproof residential VPN services that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the worlds largest ISPs and mobile data providers.

Influence Operations Kill Chain

www.schneier.com/blog/archives/2019/08/influence_opera.html Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.”

How Video Became a Dangerous Delivery Vehicle for Malware Attacks

securityintelligence.com/articles/how-video-became-a-dangerous-delivery-vehicle-for-malware-attacks/ Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive.

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

www.theregister.co.uk/2019/08/19/clickjacking_countermeasures_chrome/ After inaction, technical changes promise better fraud defense

You might be interested in …

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Daily NCSC-FI news followup 2021-07-13

June 2021s Most Wanted Malware: Trickbot Remains on Top blog.checkpoint.com/2021/07/13/june-2021s-most-wanted-malware-trickbot-remains-on-top/ Our latest Global Threat Index for June 2021 has revealed that Trickbot is still the most prevalent malware, having first taken the top spot in May. Trickbot is a botnet and banking trojan that can steal financial details, account credentials, and personally identifiable information, as […]

Read More

Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi: chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi: www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/ DNS cache poisoning, the Internet […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.