Daily NCSC-FI news followup 2020-04-14

Koronan ja 5g:n yhdistävä salaliittoteoria leviää nyt tukiasemat palavat Hollannissa

www.is.fi/digitoday/mobiili/art-2000006474027.html Tuhopoltoiksi epäillyt tukiasemapalot levisivät Britanniasta Hollantiin.

Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic

thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminalswith no conscience and empathyare continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.. see also


Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

threatpost.com/oracle-tackles-405-bugs-for-april-quarterly-patch-update/154737/ Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.

FBI warns of ongoing COVID-19 scams targeting govt, health care

www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-covid-19-scams-targeting-govt-health-care/ The U.S. Federal Bureau of Investigation (FBI) warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers.

Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines

threatpost.com/cyberattacks-healthcare-orgs-coronavirus-frontlines/154768/ Cybercriminals arent sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.

Russian state hackers behind San Francisco airport hack

www.zdnet.com/article/russian-state-hackers-behind-san-francisco-airport-hack/ ESET says a Russian hacker group known as Energetic Bear (DragonFly) is behind a hack of two of the airport’s websites.. In a series of tweets today, ESET said that “the targeted information was NOT the visitor’s credentials to the compromised websites, but rather the visitor’s own Windows credentials.”

Microsoft April 2020 Patch Tuesday fixes 4 zero-days, 15 critical flaws

www.bleepingcomputer.com/news/microsoft/microsoft-april-2020-patch-tuesday-fixes-4-zero-days-15-critical-flaws/ With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low.. Of particular interest, Microsoft patched four zero-day vulnerabilities, with three of them being seen actively exploited in attacks.

Adobe Fixes Important Flaws in ColdFusion, After Effects and Digital Editions

threatpost.com/adobe-fixes-important-flaws-in-coldfusion-after-effects-and-digital-editions/154780/ While Adobes regularly scheduled security updates were light this month, they fixed important severity vulnerabilities.

US consumers report $12M in COVID-19 scam losses since January

www.bleepingcomputer.com/news/security/us-consumers-report-12m-in-covid-19-scam-losses-since-january/ The U.S. Federal Trade Commission says that approximately $12 million were lost to Coronavirus-related scams according to consumer reports received since January 2020.

RagnarLocker ransomware hits EDP energy giant, asks for 10M

www.bleepingcomputer.com/news/security/ragnarlocker-ransomware-hits-edp-energy-giant-asks-for-10m/ Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or 9.9M).. EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy.

TA505 Continues to Infect Networks With SDBbot RAT

securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/ During analysis and comparison of malicious activity on enterprise networks, our team identified attacks likely linked to Hive0065, also known as TA505. We observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside other custom malware and continues to display tactics used against companies within the past year.

TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds

threatpost.com/tiktok-flaw-allows-threat-actors-to-plant-forged-videos-in-user-feeds/154760/ The popular video-sharing appss use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.

Sovelluskaupasta löydettiin yli 30 tilausansan sisältävää suosittua sovellusta tarkista musta lista täältä

www.tivi.fi/uutiset/tv/4c5850c3-066d-4bcb-b2c5-a0cae57edade Tietoturvayhtiö Sophos julkaisi viime viikolla tiedotteen, jonka mukaan yli 3,5 miljoonaa iOS-käyttäjää on asentanut tilausansoja sisältäviä fleeceware-sovelluksia, Techspot kirjoittaa.

With IoT, Common Devices Pose New Threats

www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats Coalfire decided to see how low the barrier was for hackers to attempt to cause life-threatening harm by weaponizing one of todays increasingly common and cheap devices. In this three-part blog post, we will identify the target, uncover challenges, and hopefully answer our query above.

NetWire RAT Targeting Taxpayers is Spreading via Legacy Microsoft Excel 4.0 Macro

www.fortinet.com/blog/threat-research/netwire-rat-targeting-taxpayers-is-spreading-via-legacy-microsoft-excel-4-0-macro.html FortiGuard Labs has observed the NetWire RAT (Remote Access Trojan) spreading widely over the past years. By analyzing NetWire samples, threat researchers have documented that the NetWire RAT focuses on stealing credential information, logging keystrokes, and stealing hardware information including hard drives, network cards, and similar components.

Think you know how to hide info in images?

www.kaspersky.com/blog/how-to-leak-image-info/34875/ We explain how to hide private data in images properly, without making rookie mistakes.

You might be interested in …

[NCSC-FI News] Crowd-sourced attacks present new risk of crisis escalation

An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques. Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine Based […]

Read More

Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an […]

Read More

Daily NCSC-FI news followup 2021-05-08

Largest U.S. pipeline shuts down operations after ransomware attack www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/ Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack. Colonial Pipeline transports refined petroleum products between refineries located in the Gulf Coast and markets throughout the southern and eastern United […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.