Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan

www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a different Android payload. As in their previous campaigns, this payload consists of a packer and a payload. However, both of these are different from the ones we have encountered previously.

A malicious website can infect my iPhone. Fact or fiction?

www.kaspersky.com/blog/malicious-websites-infect-iphones/28493/ The idea that iPhones are totally immune to threats has been debunked time after time. In fact, though the Apple smartphones may present a smaller target than Android devices, some say you can pick up all sorts of malware just by opening a dangerous website, without knowingly downloading and installing anything from that site. In this post, we find out whether that is true.

The Zero Trust Approach for the Cloud

blog.paloaltonetworks.com/2019/09/cloud-zero-trust-approach/ The term Zero Trust has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are tasked with protecting their systems from outside attacks as well as from within the organization.

How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

securityintelligence.com/posts/how-can-financial-services-stem-the-tide-of-mobile-phishing-attacks/ According to Forgerock, the financial services industry suffered $6.2 billion in damage from cyberattacks in Q1 2019, up from $8 million in Q1 2018 a 77,400 percent increase. HSBC, JP Morgan and PayPal are just a few of the financial institutions that have experienced data breaches. Even less established digital natives such as Monzo, Nutmeg and Coinbase have fallen foul. No one is immune.

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html Ransomware is a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization – including the loss of access to data, systems, and operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementation of new security processes and controls can be overwhelming. Ransomware has become an increasingly popular choice for attackers over the past few years, and its easy to understand why given how simple it is to leverage in campaigns while offering a healthy financial return for attackers.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abuses-php-functions-for-persistence-uses-compromised-devices-for-evasion-and-intrusion/ One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam site to specific email addresses. While some of the samples we found were for spamming and for redirecting users to cryptocurrency scam sites, the spam botnets routine may be used to spread malware to more systems and vulnerable servers.

Apple iOS Attack Underscores Importance of Threat Research

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/apple-ios-attack-underscores-importance-of-threat-research/ The recent discovery of exploit chains targeting Apple iOS is the latest example of how cybercriminals can successfully operate malicious campaigns, undetected, through the use of zero-day vulnerabilities. In this scenario, a threat actor or actors operated multiple compromised websites, using at least one or more zero-day vulnerabilities and numerous unique exploit chains and known vulnerabilities to compromise iPhones, even the latest versions of the operating system, for more than two years. It takes remarkable talent and resources to operate this kind of infrastructure without being detected, as potentially thousands of users were compromised without the ca

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

threatpost.com/android-zero-day-bug-opens-door-to-privilege-escalation-attack-researchers-warn/148014/ The zero-day vulnerability could enable privilege escalation, and is not part of Googles Android September security update. Researchers are warning of a high-severity zero-day vulnerability in Googles Android operating system, which if exploited could give a local attacker escalated privileges on a targets device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 does not validate the existence of an object prior to performing operations on the object, according to researchers with Zero Day Initiative (ZDI). . Also: www.zdnet.com/article/zero-day-disclosed-in-android-os/.


A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/ Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers. A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks.

A huge database of Facebook users phone numbers found online

techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/ Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

Sipe Santapukki joutui nettihuijauksen keulakuvaksi: Kyllähän tuo vit

You might be interested in …

Daily NCSC-FI news followup 2019-08-20

Guccifer Rising? Months-Long Phishing Campaign on ProtonMail Targets Dozens of Russia-Focused Journalists and NGOs www.bellingcat.com/news/uk-and-europe/2019/08/10/guccifer-rising-months-long-phishing-campaign-on-protonmail-targets-dozens-of-russia-focused-journalists-and-ngos/ A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the […]

Read More

Daily NCSC-FI news followup 2021-07-10

Cyber-attack disrupts Irans national railway system therecord.media/cyber-attack-disrupts-irans-national-railway-system/ Train services were canceled or delayed in Iran after a cyberattack crippled the national railway companys computer systems on Friday morning. The exact nature of the disruption is unclear, but the outage affected both passenger and cargo transportation services. According to multiple local media outlets, the system used […]

Read More

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.