Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365

www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months.

US Government Sites Give Bad Security Advice

krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers.

Recent Dridex activity

isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ This week, I’ve seen a lot of malicious spam (malspam) pushing Dridex malware. Today’s diary, provides a quick rundown on the types of malspam I’ve seen, and it also covers what an infected Windows host looks like.

Tupperware website hacked and infected with payment card skimmer

www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/ Hackers have breached the website of Tupperware, a US company known for its plastic food container products, and placed malicious code on its website to collect payment card details from site buyers. Report:

blog.malwarebytes.com/hacking-2/2020/03/criminals-hack-tupperware-website-with-credit-card-skimmer/. Also:



Miten turvaamme Suomen digitaalisen itsenäisyyden? Neljä muistisääntöä varautumiseen

blog.kauppalehti.fi/turvallisuus-tehdaan-yhdessa/erillisverkot-miten-turvaamme-suomen-digitaalisen-itsenaisyyden-nelja-muistisaantoa-varautumiseen Bitit eivät tunne rajoja eivätkä tarvitse passia. Tieto on yksi tärkeimmistä vaihdon välineistä, ja tiedolla vaikuttaminen on yhä taitavampaa. Mitä meidän tulee tehdä, jotta kykenemme säilyttämään digitaalisen itsenäisyytemme? Miten varmistamme tiedon oikeellisuuden ja riittävän suojauksen maailmassa, jossa kaikki toimijat eivät tahdo vain hyvää?

ISS Update On The Impact Of Malware Crisis

www.twinfm.com/article/iss-provides-update-on-the-impact-of-malware-crisis In an official company announcement, ISS World has today confirmed that they have regained control of the vast majority of their IT infrastructure. This update comes after contracted staff at Lewisham and Greenwich NHS Trust experienced issues with their pay, with ISS apologising about the administrative error.

Valmistaja varoittaa: Osa kiintolevyistämme tuhoaa itsensä pian mitään ei voi palauttaa, asenna korjauspäivitys välittömästi

www.tivi.fi/uutiset/tv/fcadfb02-ebc3-47b8-b1d5-ce30220996d3 Osasta Hewlett Packard Enterprisen (HPE) ssd-kiintolevyjä on löytynyt erittäin vakava ohjelmistovirhe, joka tuhoaa levyt 40 000 käyttötunnin jälkeen. Vika täytyy korjata heti, ja se koskee eri levyjä kuin aiempi samankaltainen virhe.. Myös:





Three More Ransomware Families Create Sites to Leak Stolen Data

www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/ Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches. Ever since Maze created their “news” site to publish stolen data of their victims who choose not to pay, other ransomware actors such as Sodinokibi/REvil, Nemty, and DoppelPaymer have been swift to follow.

How Attackers Could Use Azure Apps to Sneak into Microsoft 365

www.darkreading.com/cloud/how-attackers-could-use-azure-apps-to-sneak-into-microsoft-365/d/d-id/1337399 Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions. Microsoft Azure applications could be weaponized to break into Microsoft 365 accounts, report researchers who are investigating new attack vectors as businesses transition to cloud environments.

Vulnerability reporting is dysfunctional

freedom-to-tinker.com/2020/03/25/vulnerability-reporting-is-dysfunctional/ In January, we released a study showing the ease of SIM swaps at five U.S. prepaid carriers. These attacksin which an adversary tricks telecoms into moving the victims phone number to a new SIM card under the attackers controldivert calls and SMS text messages away from the victim. This allows attackers to receive private information such as SMS-based authentication codes, which are . often used in multi-factor login and password recovery procedures.

Malware Disguised as Google Updates Pushed via Hacked News Sites

www.bleepingcomputer.com/news/security/malware-disguised-as-google-updates-pushed-via-hacked-news-sites/ Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans. After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites.

Brit housing association blabs 3,500 folks’ sexual orientation, ethnicity in email blunder

www.theregister.co.uk/2020/03/25/watford_community_housing_data_breach/ Updated A UK housing association blurted 3,500 people’s sensitive personal data as part of a bungled “please update your contact details” email exercise, The Register has been told. Watford Community Housing (WCH) sent the email on the night of 23 March to people it thought were its tenants. The email included a spreadsheet with 3,544 rows that included people’s names, addresses, dates of birth, religion, sexual orientation, ethnic origin and disability status.

Python backdoor attacks and how to prevent them

www.helpnetsecurity.com/2020/03/24/python-backdoor-attacks/ Python backdoor attacks are increasingly common. Iran, for example, used a MechaFlounder Python backdoor attack against Turkey last year. Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region.

How the Iranian Cyber Security Agency Detects Emissary Panda Malware

blog.team-cymru.com/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/ Other threat intelligence groups have previously publicised that the Chinese-attributed threat group, Emissary Panda (aka APT27, TG-3390, BRONZE UNION, Iron Tiger and LuckyMouse), have been targeting various sectors in the Middle East, including government organisations. On 15 December 2019, Irans Minister of Communications and Information Technology, Mohammad Javad Azari-Jahromi, announced that Iranian authorities had detected foreign spying malware on their government servers which they attributed to the well-known APT27

You might be interested in …

Daily NCSC-FI news followup 2021-08-20

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in […]

Read More

Daily NCSC-FI news followup 2021-07-21

Virtuaalivaluuttoihin liittyviä rahanpesuilmoituksia alkuvuonna yli 3, 4 miljoonaa kappaletta, kertoo KRP www.is.fi/digitoday/tietoturva/art-2000008140592.html Selvittelykeskus kirjasi kesäkuun loppuun mennessä rahanpesurekisteriin ennätykselliset yli 3466000 epäilyttävää liiketoimea tai epäiltyä terrorismin rahoittamista koskevaa ilmoitusta. Näistä noin 26600 tuli muilta kuin virtuaalivaluuttapalveluihin liittyviltä tahoilta. Suomi ja Singapore 6g-yhteistyöhön “Voimme saavuttaa molemminpuolista etua” www.tivi.fi/uutiset/tv/45e16ffc-1ba1-411e-87be-edbcd797803f Oulun yliopiston koordinoima 6g-teknologian tutkimus- ja kehitysohjelma 6g […]

Read More

Daily NCSC-FI news followup 2021-05-21

Insurance company paid $40 million in ransom after march cyberattack www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack CNA Financial paid $40 million in late March to regain control of its network after a ransomware attack. The payment is bigger than any previously disclosed payments to hackers. Microsoft Warns of Data Stealing Malware StrRAT That Pretends to Be Ransomware threatpost.com/email-campaign-fake-ransomware-rat/166378/ On Thursday […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.