Daily NCSC-FI news followup 2019-10-02

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

www.helpnetsecurity.com/2019/10/01/prying-eye-vulnerability/ Cequence Securitys CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected.

How SMBs Can Mitigate the Growing Risk of File-based Attacks

thehackernews.com/2019/10/business-cybersecurity-tips.html In the midst of rising threats, here are some ways on how SMBs can mitigate file-based attacks.

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

thehackernews.com/2019/10/yahoo-email-hacking.html An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos.

A recent example of Emotet malspam

isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/ Shown below is an example of malicious spam (malspam) pushing Emotet malware. It has an attached Word document with macros designed to install Emotet on a vulnerable Windows host.

Ransomware Attacks Leave U.S. Hospitals Turning Away Patients

threatpost.com/ransomware-attacks-leave-u-s-hospitals-turning-away-patients/148823/ A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments.

Falcon OverWatch Threat Hunting Report Finds an Increase in eCrime as Adversaries Mature Their Skills

www.crowdstrike.com/blog/falcon-overwatch-report-finds-increase-in-ecrime/ The CrowdStrike® Falcon OverWatch elite threat hunting team has released a new report, The 2019 OverWatch Mid-Year Report: Observations from the Front Lines of Threat Hunting.

Fake Browser Updates Infect Enterprises with Ransomware, Bankers

www.bleepingcomputer.com/news/security/fake-browser-updates-infect-enterprises-with-ransomware-bankers/ Attackers are utilizing hacked web sites that promote fake browser updates to infect targets with banking trojans. In some cases, post exploitation toolkits are later executed to encrypt the compromised network with ransomware.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service What The Code Tells Us

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ McAfees Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story?

This is the second installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab, the most prolific Ransomware-as-a-Service (RaaS) Campaign of 2018 and mid-2019.


Virus Bulletin 2019: Japanese Attacks Highlight Savvy APT Strategy

threatpost.com/virus-bulletin-japanese-attacks-apt-strategygy/148859/ According to researchers at JPCERT in Japan, speaking at Virus Bulletin 2019, both the APT17 and Bronze Butler threat groups have carried out ongoing campaigns that use the same techniques, swapping out exploits as new exploits are developed.

Threat Group Uses Bit.ly, BlogSpot, Pastebin to Deliver Trojans, RATs

www.bleepingcomputer.com/news/security/threat-group-uses-bitly-blogspot-pastebin-to-deliver-trojans-rats/ A malicious campaign targeting corporations from all over the world was observed while using a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to deliver Azorult and RevengeRAT malware

Poliisin kyberkeskuksen uusi päällikkö muistuttaa: “Kyberrikollisuus löytää jatkuvasti uusia muotoja, joihin kaikkien tulee varautua”

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisin_kyberkeskuksen_uusi_paallikko_muistuttaa_kyberrikollisuus_loytaa_jatkuvasti_uusia_muotoja_joihin_kaikkien_tulee_varautua_84730?language=fi Jokaisen netinkäyttäjän tulee varautua siihen, että verkkoviestintä ei ole aina täysin turvallista. Vaikka kyberrikollisuus on yhä monimuotoisempaa, muutamalla perustoimenpiteellä pääsee hyvään alkuun: huolehdi tietokoneen tietoturvasta, käyttäjätunnuksista ja salasanoista ja mieti mitä tietoja annat itsestäsi internetissä, muistuttaa Poliisin kyberkeskuksen uusi päällikkö, rikostarkastaja Mikko Rauhamaa.

You might be interested in …

Daily NCSC-FI news followup 2020-09-21

JAMK kartoitti kyberharjoitusympäristöjä: Euroopassa tietoverkkohyökkäyksiä vastaan harjoitellaan aktiivisesti www.epressi.com/tiedotteet/tietoturva/jamk-kartoitti-kyberharjoitusymparistoja-euroopassa-tietoverkkohyokkayksia-vastaan-harjoitellaan-aktiivisesti.html Jyväskylän ammattikorkeakoulussa (JAMK) on selvitetty eurooppalaisia kyberturvallisuusympäristöjä ja niiden ominaisuuksia. Laaja selvitys on Euroopassa ensimmäinen laatuaan. Raportoituja eurooppalaisia kyberturvallisuusharjoitusympäristöjä (cyber range) löytyi selvityksessä kolmekymmentäyhdeksän. Suomalaisia harjoitusympäristöjä raportointiin maakohtaisesti eniten, yhteensä seitsemän. Slightly broken overlay phishing isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ At the Internet Storm Center, we often receive examples of […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.