Daily NCSC-FI news followup 2019-08-19

GAME OVER: Detecting and Stopping an APT41 Operation

www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html In August 2019, FireEye released the Double Dragon report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services.. In this blog post, were going to examine a recent instance where FireEye Managed Defense came toe-to-toe with APT41.

Kristiinankaupunkilaisten tietoja löytyi kirpputorilla myydyistä tietokoneista poliisi tutkii tietosuojarikoksena

yle.fi/uutiset/3-10928750 Poliisi tutkii Kristiinankaupungin tietokonelöytöä tietosuojarikoksena. Rikosilmoitus asiasta kirjattiin Porissa heinäkuun lopulla ja se siirtyi tutkittavaksi Pohjanmaan poliisille.

$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

www.bleepingcomputer.com/news/security/11m-email-scam-at-caterpillar-pinned-to-nigerian-businessman/ A Nigerian national that was on Forbes’ list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/ In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro Deep Discovery Inspector that turned out to be related to EternalBlue.

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/ The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.

The Rise of Bulletproof Residential Networks

krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.. But this story is about so-called bulletproof residential VPN services that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the worlds largest ISPs and mobile data providers.

Influence Operations Kill Chain

www.schneier.com/blog/archives/2019/08/influence_opera.html Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.”

How Video Became a Dangerous Delivery Vehicle for Malware Attacks

securityintelligence.com/articles/how-video-became-a-dangerous-delivery-vehicle-for-malware-attacks/ Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive.

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

www.theregister.co.uk/2019/08/19/clickjacking_countermeasures_chrome/ After inaction, technical changes promise better fraud defense

You might be interested in …

Daily NCSC-FI news followup 2020-07-08

Redirect auction securelist.com/redirect-auction/ Razor Enhanced, a legitimate assistant tool for Ultima Online, caught our eye when it started trying to access a malicious URL.. The WHOIS data told us that its owner had stopped paying for the domain name, and that it had been purchased using a service for tracking released domains, and then put […]

Read More

Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals […]

Read More

Daily NCSC-FI news followup 2019-06-28

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.. The malware, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.