Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365

www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months.

US Government Sites Give Bad Security Advice

krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers.

Recent Dridex activity

isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ This week, I’ve seen a lot of malicious spam (malspam) pushing Dridex malware. Today’s diary, provides a quick rundown on the types of malspam I’ve seen, and it also covers what an infected Windows host looks like.

Tupperware website hacked and infected with payment card skimmer

www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/ Hackers have breached the website of Tupperware, a US company known for its plastic food container products, and placed malicious code on its website to collect payment card details from site buyers. Report:

blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/. Also:



Miten turvaamme Suomen digitaalisen itsenäisyyden? Neljä muistisääntöä varautumiseen

blog.kauppalehti.fi/turvallisuus-tehdaan-yhdessa/erillisverkot-miten-turvaamme-suomen-digitaalisen-itsenaisyyden-nelja-muistisaantoa-varautumiseen Bitit eivät tunne rajoja eivätkä tarvitse passia. Tieto on yksi tärkeimmistä vaihdon välineistä, ja tiedolla vaikuttaminen on yhä taitavampaa. Mitä meidän tulee tehdä, jotta kykenemme säilyttämään digitaalisen itsenäisyytemme? Miten varmistamme tiedon oikeellisuuden ja riittävän suojauksen maailmassa, jossa kaikki toimijat eivät tahdo vain hyvää?

ISS Update On The Impact Of Malware Crisis

www.twinfm.com/article/iss-provides-update-on-the-impact-of-malware-crisis In an official company announcement, ISS World has today confirmed that they have regained control of the vast majority of their IT infrastructure. This update comes after contracted staff at Lewisham and Greenwich NHS Trust experienced issues with their pay, with ISS apologising about the administrative error.

Valmistaja varoittaa: Osa kiintolevyistämme tuhoaa itsensä pian mitään ei voi palauttaa, asenna korjauspäivitys välittömästi

www.tivi.fi/uutiset/tv/fcadfb02-ebc3-47b8-b1d5-ce30220996d3 Osasta Hewlett Packard Enterprisen (HPE) ssd-kiintolevyjä on löytynyt erittäin vakava ohjelmistovirhe, joka tuhoaa levyt 40 000 käyttötunnin jälkeen. Vika täytyy korjata heti, ja se koskee eri levyjä kuin aiempi samankaltainen virhe.. Myös:





Three More Ransomware Families Create Sites to Leak Stolen Data

www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/ Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches. Ever since Maze created their “news” site to publish stolen data of their victims who choose not to pay, other ransomware actors such as Sodinokibi/REvil, Nemty, and DoppelPaymer have been swift to follow.

How Attackers Could Use Azure Apps to Sneak into Microsoft 365

www.darkreading.com/cloud/how-attackers-could-use-azure-apps-to-sneak-into-microsoft-365/d/d-id/1337399 Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions. Microsoft Azure applications could be weaponized to break into Microsoft 365 accounts, report researchers who are investigating new attack vectors as businesses transition to cloud environments.

Vulnerability reporting is dysfunctional

freedom-to-tinker.com/2020/03/25/vulnerability-reporting-is-dysfunctional/ In January, we released a study showing the ease of SIM swaps at five U.S. prepaid carriers. These attacksin which an adversary tricks telecoms into moving the victims phone number to a new SIM card under the attackers controldivert calls and SMS text messages away from the victim. This allows attackers to receive private information such as SMS-based authentication codes, which are . often used in multi-factor login and password recovery procedures.

Malware Disguised as Google Updates Pushed via Hacked News Sites

www.bleepingcomputer.com/news/security/malware-disguised-as-google-updates-pushed-via-hacked-news-sites/ Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans. After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites.

Brit housing association blabs 3,500 folks’ sexual orientation, ethnicity in email blunder

www.theregister.co.uk/2020/03/25/watford_community_housing_data_breach/ Updated A UK housing association blurted 3,500 people’s sensitive personal data as part of a bungled “please update your contact details” email exercise, The Register has been told. Watford Community Housing (WCH) sent the email on the night of 23 March to people it thought were its tenants. The email included a spreadsheet with 3,544 rows that included people’s names, addresses, dates of birth, religion, sexual orientation, ethnic origin and disability status.

Python backdoor attacks and how to prevent them

www.helpnetsecurity.com/2020/03/24/python-backdoor-attacks/ Python backdoor attacks are increasingly common. Iran, for example, used a MechaFlounder Python backdoor attack against Turkey last year. Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region.

How the Iranian Cyber Security Agency Detects Emissary Panda Malware

blog.team-cymru.com/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/ Other threat intelligence groups have previously publicised that the Chinese-attributed threat group, Emissary Panda (aka APT27, TG-3390, BRONZE UNION, Iron Tiger and LuckyMouse), have been targeting various sectors in the Middle East, including government organisations. On 15 December 2019, Irans Minister of Communications and Information Technology, Mohammad Javad Azari-Jahromi, announced that Iranian authorities had detected foreign spying malware on their government servers which they attributed to the well-known APT27

You might be interested in …

Daily NCSC-FI news followup 2019-10-08

CISO series: Lessons learned from the Microsoft SOCPart 3a: Choosing SOC tools www.microsoft.com/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/ Over the course of the series, weve discussed how we operate our SOC at Microsoft. In the last two posts, Part 2a, Organizing people, and Part 2b: Career paths and readiness, we discussed how to support our most valuable resourcespeoplebased on successful […]

Read More

Daily NCSC-FI news followup 2021-06-16

Ukrainian Police Nab Six Tied to CLOP Ransomware krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/ Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOPs victims this year alone include Stanford University Medical School, the University […]

Read More

[NCSC-FI News] Top Russian meat producer hit with Windows BitLocker encryption attack

Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor – the Russian federal veterinary and phytosanitary supervision service The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack According to the […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.