Daily NCSC-FI news followup 2020-01-08

No, the US Army isnt drafting you for WWIII by text message

www.theverge.com/2020/1/7/21055797/us-army-draft-ww3-scam-text-message-fake On Tuesday, the Army put out a news bulletin alerting the public of fraudulent text messages from people claiming to be recruiters. Some texts tell the person receiving them to head to their local recruiting office for immediate departure to Iran. Others expand on that message, saying that if the person doesnt respond, theyll be fined and sent to jail for minimum 6 years.

Tik or Tok? Is TikTok secure enough?

research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/ In the recent months, Check Point Research teams discovered multiple vulnerabilities within the TikTok application. The vulnerabilities described in this research allow attackers to do the following: Get a hold of TikTok accounts and manipulate their content, Delete videos, Upload unauthorized videos, Make private hidden videos public, Reveal personal information saved on the account such as . private email addresses. Also



Tricky Phish Angles for Persistence, Not Passwords

krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/ As we can see from the URL in the image directly above, the link tells Microsoft to forward the authorization token produced by a successful login to the domain officesuited[.]com. From there, the user will be presented with a prompt that says an app is requesting permissions to read your email, contacts, OneNote notebooks, access your files, read/write to your mailbox settings, sign you in, read . your profile, and maintain access to that data.. […] this phishing tactic is worth highlighting because recent examples of it received relatively little press coverage. Expecting swift action from Microsoft might not be ideal: From my testing, Microsoft appears to have disabled the malicious app being served from officesuited[.]com sometime around Dec. 19 roughly one week after it went live.

Naive IoT botnet wastes its time mining cryptocurrency

www.zdnet.com/article/naive-iot-botnet-wastes-its-time-mining-cryptocurrency/ Security researchers from Romanian antivirus vendor Bitdefender have discovered a botnet that infects home routers and other Internet of Things (IoT) smart devices and then attempts to mine for cryptocurrency.. This marks the third such IoT botnet that wastes its time by attempting to mine cryptocurrency on devices that clearly don’t support these types of operations.. Original at


Las Vegas Suffers Cyber-Attack

www.infosecurity-magazine.com/news/las-vegas-suffers-cyber-attack/ City spokesperson David Riggleman said that it was likely that the threat actors gained access to the city’s network via a malicious email.

MP Says Austria Unprepared After Cyberattack on Foreign Ministry

www.bleepingcomputer.com/news/security/mp-says-austria-unprepared-after-cyberattack-on-foreign-ministry/ “The recent and ongoing hacker attack on the Foreign Ministry clearly shows how important cyber defense is and how little Austria is apparently prepared to ward off cyberattacks,” Austrian Parliament lower house member Robert Laimer said in a statement.. Laimer, SPÖ’s (Social Democratic Party of Austria) regional defense spokesman also added that Austrian’s Armed Forces should receive funding for cybersecurity training courses.

ATM skimmer sentenced for fleecing $400,000 out of US banks

www.zdnet.com/article/atm-skimmer-sentenced-for-fleecing-400000-out-of-new-jersey-banks/ A member of an ATM skimming ring has landed in jail after participating in a criminal scheme that netted $400,000 from banks across Massachusetts, New York, and New Jersey.. Between August 2014 and November 2016, Rusu and other members of the group compromised ATMs across the US, targeting a variety of banks and areas.

Medical Info of Roughly 50K Exposed in Minnesota Hospital Breach

www.bleepingcomputer.com/news/security/medical-info-of-roughly-50k-exposed-in-minnesota-hospital-breach/ The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health.

SNAKE Ransomware Is the Next Threat Targeting Business Networks

www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/ When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.

Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online

www.buzzfeednews.com/article/craigsilverman/disinformation-for-hire-black-pr-firms One firm promised to use every tool and take every advantage available in order to change reality according to our client’s wishes.. The emergence of black PR firms means investigators at platforms, security firms, and within the intelligence community are spending increasing amounts of time looking at the disinformation-for-hire services that are out there, said Otis.

Operation AppleJeus Sequel

securelist.com/operation-applejeus-sequel/95596/ The actor altered their macOS and Windows malware considerably, adding an authentication mechanism in the macOS downloader and changing the macOS development framework. The binary infection procedure in the Windows system differed from the previous case. They also changed the final Windows payload significantly from the well-known Fallchill malware used in the previous attack. We believe the . Lazarus groups continuous attacks for financial gain are unlikely to stop anytime soon.

INTERPOL-led action takes aim at cryptojacking in Southeast Asia

www.interpol.int/en/News-and-Events/News/2020/INTERPOL-led-action-takes-aim-at-cryptojacking-in-Southeast-Asia During the five months of the operation, cybercrime investigators and experts from police and national Computer Emergency Response Teams (CERTs) across the 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) worked together to locate the infected routers, alert the victims and patch the devices so they were no longer under the . control of the cybercriminals. INTERPOLs ASEAN Desk facilitated the exchange of information and follow-up actions amongst the countries involved.. When the operation concluded in late November, the number of infected devices had been reduced by 78 per cent. Efforts to remove the infections from the remaining devices continue.

Policy and Disclosure: 2020 Edition

googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html For vulnerabilities reported starting January 1, 2020, we are changing our Disclosure Policy: Full 90 days by default, regardless of when the bug is fixed. . The full 90 day window is available to perform root cause and variant analysis. We expect to see iterative and more thorough patching from vendors, removing opportunities that attackers currently have to make minor changes to their exploits and revive their zero-day exploits.. We’re also being explicit on improving patch adoption, since we’re incentivising that vendors should be able to offer updates and encourage installation to a large population within 90 days. . Also


You might be interested in …

Daily NCSC-FI news followup 2019-12-15

(Lazy) Sunday Maldoc Analysis: A Bit More … isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis+A+Bit+More/25608/ At the end of my diary entry “(Lazy) Sunday Maldoc Analysis”, I wrote that there was something unusal about this document. Let’s take a look at the content of the file and compare that with the file size. Luulitko älylukon olevan turvallinen? Varoittava esimerkki panee miettimään […]

Read More

Daily NCSC-FI news followup 2021-04-28

Jos puhelin näyttää tällaisen ilmoituksen, älä missään nimessä vastaa myöntävästi www.is.fi/digitoday/tietoturva/art-2000007945801.html Verkkosivuilta Android-puhelimiin syötetyt haittaohjelmat ovat yleinen riesa. Opi tunnistamaan tilanteet, joissa puhelimellesi yritetään ujuttaa ulkopuolisia sovelluksia. Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware thehackernews.com/2021/04/cybercriminals-widely-abusing-excel-40.html Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as […]

Read More

Daily NCSC-FI news followup 2020-07-28

Älykelloissa käytettävät Garmin-sovellukset toimivat jälleen usean päivän jälkeen yhtiö myöntää olleensa kyberhyökkäyksen kohde yle.fi/uutiset/3-11467797 Muun muassa älykelloja valmistava Garmin myöntää olleensa kyberhyökkäyksen kohteena. Yhtiön mukaan sen sovellukset olivat maanantaina palaamassa jälleen toimintaan usean päiävän käyttökatkon jälkeen. Niiden pitäisi palautua normaaleiksi muutaman päivän kuluessa. Lisäksi www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/ ja www.tivi.fi/uutiset/tv/5beb6fe2-dc58-4e3b-9494-0ab3284c8ffd. ja www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/. Lisäksi arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ ja www.is.fi/digitoday/tietoturva/art-2000006584082.html ja www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.