Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla.

Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa

www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty Turla-ryhmä soluttautui iranilaiseen haittaohjelmaan ja hyökkäsi kymmeniin kohteisiin.. NCSC-UK & NSA:

www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims

Postimaksukoneiden toiminta heikentynyt Pitney Bowesin haittaohjelmasaastunnan takia.

azolver.fi/ Viikonlopun aikana on saatu seuraavat latauskeskukset toimimaan Englannissa, Irlannissa sekä Ranskassa. Valitettavasti Suomen latauskeskus ei ole vielä toiminnassa. Pitney Bowesin tietojärjestelmiin tehty kyberhyökkäys on paljastunut RYUK-haittaohjelmaksi.. maintenance.pb.com/pbcom/outage.html

Suomalainen kybertutkija jäljittää verkon alamaailman huume- ja asekauppiaita Aasiassa

yle.fi/uutiset/3-11008487 Mikko Niemelä johtaa YK:n huume- ja rikosviraston darknet-tutkimusta Singaporessa.. – Darknetin rikollisjärjestöt ovat tyypillisesti samoja, jotka olivat olemassa jo ennen darknetin syntymää. Ne ovat vain siirtyneet digitaaliseen muotoon. Darknet on tarjonnut niille salaisuuden verhon, Niemelä kertoo.

NordVPN confirms it was hacked

nordvpn.com/blog/official-response-datacenter-breach/ In early 2018, one isolated datacenter in Finland was accessed without authorization. That was done by exploiting a vulnerability of one of our server providers that hadnt been disclosed to us. No user credentials have been intercepted. No other server on our network has been affected. The affected server does not exist anymore and the contract with the server provider has been terminated.

CCleaner maker Avast target of supply-chain attack via compromised VPN profile

blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss We found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA.. We believed that CCleaner was the likely target of a supply chain attack, as was the case in a 2017 CCleaner breach.. See also:

www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/

Most Effective Phishing Tactic Is to Make People Think They’ve Been Hacked

www.infosecurity-magazine.com/news/most-effective-phishing-tactic/ The results found that simulated phishing test emails with the subject “Password Check Required Immediately” were the most clicked on, with 43% of users falling for this security-based ruse.

Office 365 Now Warns About Suspicious Emails with Unverified Senders

www.bleepingcomputer.com/news/microsoft/office-365-now-warns-about-suspicious-emails-with-unverified-senders/ Microsoft is currently rolling out a new Office 365 feature dubbed ‘Unverified Sender’ and designed to help users identify potential spam or phishing emails that reach their Outlook client’s inbox.

Fortinet: New Variant of Remcos RAT Observed In the Wild

www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html The analysis in this blog focuses on the latest phishing email received by our system. However, we will include all IoCs related to this campaign at the end of this post.

Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies

www.zdnet.com/article/researchers-find-stealthy-mssql-server-backdoor-developed-by-chinese-cyberspies/ The backdoor has been linked to “the Winnti Group,” a generic name ESET uses to describe Chinese state-sponsored hackers.

Open database leaked 179GB in customer, US government, and military records

www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/ An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.. The database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.

Shikata Ga Nai Encoder Still Going Strong

www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html Despite Metasploits over 15 year existence, there are still core techniques that go undetected, allowing malicious actors to evade detection. One of these core techniques is the Shikata Ga Nai (SGN) payload encoding scheme.

Interview: Former Twitter CISO shares his advice for IT security hiring and cybersecurity

www.zdnet.com/article/former-twitter-ciso-shares-his-advice-for-it-security-hiring-and-cybersecurity/ Michael Coates, CEO & Co-Founder of Altitude Networks and the former CISO at Twitter, share best practices for building strong security teams and for starting a career in cybersecurity.

Microsoft announces Secured-core PCs to counter firmware attacks

venturebeat.com/2019/10/21/microsoft-announces-secured-core-pcs-to-counter-firmware-attacks/ Microsoft partnered with chip and computer makers to apply security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system. Secured-core PCs will be available from Dell, Dynabook, HP, Lenovo, Panasonic, and Surface. Also

www.microsoft.com/en-us/windowsforbusiness/windows10-secured-core-computers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.