Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals

www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals published on their website records from some of our volunteers screening visits. The website is not visible on the public web, and those records have since been taken down. The records were from some of our volunteers with surnames beginning with D, G, I or J. The records were scanned copies of documents and results we . collected at screening

DDoS attacks took down Italys social security website amid COVID-19 crisis

www.teiss.co.uk/ddos-attacks-italy-inps-website/ Frequent cyber attacks forced Italys social security and welfare department to temporarily shut down its website at a time when thousands of vulnerable citizens were trying to apply for financial assistance in the middle of the crisis.

Android Users Beware: 100 Million Users Must Delete This Very Dangerous App Now

www.forbes.com/sites/zakdoffman/2020/04/07/android-users-beware-100-million-users-must-delete-this-very-dangerous-app-now/ According to VPNpro, SuperVPN allows hackers to intercept communications between the user and the provider, and even redirect users to a hackers malicious server instead of the real VPN server. There is no inference that the apps developer was responsible for any attacks or data interception. But the risks were well known and publicised, making it an open vulnerability for others to . exploit.

A Familiar Storm Approaches: April 14ths Vulnerability Fujiwhara Event

www.riskbasedsecurity.com/2020/04/08/a-familiar-storm-approaches-april-14ths-vulnerability-fujiwhara-event/ Back in January, we first warned organizations about the Vulnerability Fujiwhara Effect that will hit three times this year. These major security events, in which Microsoft, Oracle and other multiple large vendors disclose vulnerabilities in popular products on the same day, pose a particular challenge for Vulnerability Management teams who are left analyzing and prioritizing hundreds of . disclosures before remediation can even begin. We have already seen the impacts of the first storm that occurred on January 14th.

Radio frequency: An invisible espionage threat to enterprises

www.helpnetsecurity.com/2020/04/08/radio-frequency-threats/ The cybersecurity industry has seen an increase in enterprise attacks from vulnerable RF devices. From unmanageable device attacks and IoT devices being more vulnerable than corporate-managed computers to IoT security breaches, RF espionage is a growing concern for enterprises, but the concern still lags behind the threat.

Spam and phishing in 2019

securelist.com/spam-report-2019/96527/ In 2019, scammers found new ways to exploit popular resources and social networks to spread spam and sell non-existent goods and services. They actively used Youtube and Instagram comments to place ads and links to potentially malicious pages, and created numerous social media accounts that they promoted by commenting on the posts of popular bloggers.

PowerPoint Weakness Opens Door to Malicious Mouse-Over Attack

threatpost.com/powerpoint-weakness-mouse-over-attack/154589/ A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link.. The technique does require a victim to accept one pop-up dialogue box to run or install a program. For those reasons, Microsoft does not consider this a vulnerability. Mandar Satam, independent security researcher, disagrees.

Tältä näyttää zoombombing viranomaiselta jykevät ohjeet

www.is.fi/digitoday/tietoturva/art-2000006469731.html Kyberturvallisuuskeskus opastaa turvalliseen videoneuvotteluun. Etenkin Zoomin on oltava tarkkana.

US Senate, German government tell employees not to use Zoom

www.zdnet.com/article/us-senate-german-government-tell-employees-not-to-use-zoom/ The two organizations now join a list that also includes the Taiwanese government, the Australian government, SpaceX, Google, and New York state area schools.

Cisco Critical Update Phishing Attack Steals Webex Credentials

threatpost.com/cisco-critical-update-phishing-webex/154585/ Emails purporting to be a Cisco critical security advisory are actually part of a phishing campaign trying to steal victims Webex credentials.

APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure

blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/ – From late January, several cyber-criminal and state-sponsored groups have begun using coronavirus-based phishing as their infection vectors to gain a foothold on their victims machines. Just like the spread of coronavirus itself, China was the first targeted by APT groups and as the virus spread worldwide, so did the attacks. . full whitepaper


7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

thehackernews.com/2020/04/cronavirus-hackers.html Here, we took a look at some of the wide range of unseen threats rising in the digital space, powered by coronavirus-themed lures that cybercriminals are using for espionage and commercial gain.

Virven oma verkko ajetaan alas: Viranomaisten kriittinen viestintä siirtyy Elisan verkkoon

www.is.fi/digitoday/art-2000006469945.html Erillisverkot-konserni kertoo hankkivansa laajakaistaisen Virve 2.0:n radioverkon palveluna Elisalta ja keskeisimmät tietojärjestelmät Ericssonilta. Tavoitteena on turvata yhteiskunnan kriittisen viestinnän jatkuvuus ja viranomaistoiminta kaikissa olosuhteissa myös jatkossa.

Phishing emails impersonate the White House and VP Mike Pence

www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/ Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams.

Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure

www.recordedfuture.com/iran-cyber-operations-structure/ Recorded Futures Insikt Group® is conducting ongoing research on the organizations involved in Irans cyber program. This report serves to provide greater insight into the major military and intelligence bodies involved in Irans offensive cyber program.. full report


Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations

securityintelligence.com/posts/phishers-and-iphone-thieves-rolling-out-multimillion-dollar-operations/ IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market.

March 2020s Most Wanted Malware: Dridex Banking Trojan Ranks On Top Malware List For First Time

blog.checkpoint.com/2020/04/09/march-2020s-most-wanted-malware-dridex-banking-trojan-ranks-on-top-malware-list-for-first-time/ Our latest Global Threat Index for March 2020 shows the well-known banking trojan Dridex, which first appeared in 2011, has entered the top ten malware list for the first time, as the third most prevalent malware in March. Dridex has been updated and is now being used in the early attack stages for downloading targeted ransomware, such as BitPaymer and DoppelPaymer.

Unbreakable Smart Lock Draws FTC Ire for Deceptive Security Claims

threatpost.com/unbreakable-smart-lock-ftc-deceptive-security-claims/154600/ Tapplock catches heat for patched vulnerabilities because of its claims that its smart locks cant be hacked.

Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling ‘Security! We have a problem…’

www.theregister.co.uk/2020/04/09/which_car_hacking_report/ Modern connected cars contain security threats, consumer org Which? has said after commissioning analyses of two models, a Ford and a Volkswagen.

You might be interested in …

Daily NCSC-FI news followup 2020-12-15

Yhdysvalloissa on hakkeroitu lisää hallinnon järjestelmiä kotimaan turvallisuusvirasto oli viimeisimmän kyberhyökkäyksen uhri yle.fi/uutiset/3-11697114 Yhdysvaltain kotimaan turvallisuusviraston vastuulla on maan suojeleminen perinteisiä sekä verkkohyökkäyksiä vastaan. No One Knows How Deep Russia’s Hacking Rampage Goes www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury/ Dark Halo Leverages SolarWinds Compromise to Breach Organizations www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ Volexity is releasing additional research and indicators associated with compromises impacting customers […]

Read More

Daily NCSC-FI news followup 2020-04-10

Large email extortion campaign underway, DON’T PANIC! www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends. Ransomware scumbags leak Boeing, Lockheed […]

Read More

Daily NCSC-FI news followup 2021-08-05

Energy group ERG reports minor disruptions after ransomware attack www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/ Italian energy company ERG reports “only a few minor disruptions” affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. Linux version of BlackMatter ransomware targets VMware ESXi servers www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/ The BlackMatter gang has joined the ranks of ransomware operations […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.