Daily NCSC-FI news followup 2020-04-14

Koronan ja 5g:n yhdistävä salaliittoteoria leviää nyt tukiasemat palavat Hollannissa

www.is.fi/digitoday/mobiili/art-2000006474027.html Tuhopoltoiksi epäillyt tukiasemapalot levisivät Britanniasta Hollantiin.

Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic

thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminalswith no conscience and empathyare continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.. see also


Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

threatpost.com/oracle-tackles-405-bugs-for-april-quarterly-patch-update/154737/ Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.

FBI warns of ongoing COVID-19 scams targeting govt, health care

www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-covid-19-scams-targeting-govt-health-care/ The U.S. Federal Bureau of Investigation (FBI) warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers.

Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines

threatpost.com/cyberattacks-healthcare-orgs-coronavirus-frontlines/154768/ Cybercriminals arent sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.

Russian state hackers behind San Francisco airport hack

www.zdnet.com/article/russian-state-hackers-behind-san-francisco-airport-hack/ ESET says a Russian hacker group known as Energetic Bear (DragonFly) is behind a hack of two of the airport’s websites.. In a series of tweets today, ESET said that “the targeted information was NOT the visitor’s credentials to the compromised websites, but rather the visitor’s own Windows credentials.”

Microsoft April 2020 Patch Tuesday fixes 4 zero-days, 15 critical flaws

www.bleepingcomputer.com/news/microsoft/microsoft-april-2020-patch-tuesday-fixes-4-zero-days-15-critical-flaws/ With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low.. Of particular interest, Microsoft patched four zero-day vulnerabilities, with three of them being seen actively exploited in attacks.

Adobe Fixes Important Flaws in ColdFusion, After Effects and Digital Editions

threatpost.com/adobe-fixes-important-flaws-in-coldfusion-after-effects-and-digital-editions/154780/ While Adobes regularly scheduled security updates were light this month, they fixed important severity vulnerabilities.

US consumers report $12M in COVID-19 scam losses since January

www.bleepingcomputer.com/news/security/us-consumers-report-12m-in-covid-19-scam-losses-since-january/ The U.S. Federal Trade Commission says that approximately $12 million were lost to Coronavirus-related scams according to consumer reports received since January 2020.

RagnarLocker ransomware hits EDP energy giant, asks for 10M

www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/ Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or 9.9M).. EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy.

TA505 Continues to Infect Networks With SDBbot RAT

securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/ During analysis and comparison of malicious activity on enterprise networks, our team identified attacks likely linked to Hive0065, also known as TA505. We observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside other custom malware and continues to display tactics used against companies within the past year.

TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds

threatpost.com/tiktok-flaw-allows-threat-actors-to-plant-forged-videos-in-user-feeds/154760/ The popular video-sharing appss use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.

Sovelluskaupasta löydettiin yli 30 tilausansan sisältävää suosittua sovellusta tarkista musta lista täältä

www.tivi.fi/uutiset/tv/4c5850c3-066d-4bcb-b2c5-a0cae57edade Tietoturvayhtiö Sophos julkaisi viime viikolla tiedotteen, jonka mukaan yli 3,5 miljoonaa iOS-käyttäjää on asentanut tilausansoja sisältäviä fleeceware-sovelluksia, Techspot kirjoittaa.

With IoT, Common Devices Pose New Threats

www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats Coalfire decided to see how low the barrier was for hackers to attempt to cause life-threatening harm by weaponizing one of todays increasingly common and cheap devices. In this three-part blog post, we will identify the target, uncover challenges, and hopefully answer our query above.

NetWire RAT Targeting Taxpayers is Spreading via Legacy Microsoft Excel 4.0 Macro

www.fortinet.com/blog/threat-research/netwire-rat-targeting-taxpayers-is-spreading-via-legacy-microsoft-excel-4-0-macro.html FortiGuard Labs has observed the NetWire RAT (Remote Access Trojan) spreading widely over the past years. By analyzing NetWire samples, threat researchers have documented that the NetWire RAT focuses on stealing credential information, logging keystrokes, and stealing hardware information including hard drives, network cards, and similar components.

Think you know how to hide info in images?

www.kaspersky.com/blog/how-to-leak-image-info/34875/ We explain how to hide private data in images properly, without making rookie mistakes.

You might be interested in …

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.