Daily NCSC-FI news followup 2020-04-16

Linksys asks users to reset passwords after hackers hijacked home routers last month

www.zdnet.com/article/linksys-asks-users-to-reset-passwords-after-hackers-hijacked-home-routers-last-month/ Linksys locks Smart WiFi cloud accounts and asks users to reset passwords after hackers hijacked routers to redirect traffic to malware sites.

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

www.us-cert.gov/ncas/alerts/aa20-107a This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organizations to immediately patch CVE-2019-11510an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances.. This Alert provides new detection methods for this activity, including a CISA-developed tool that helps network administrators search for indicators of compromise (IOCs) associated with exploitation of CVE-2019-11510.

Puhelimeen voi tulla koronan varjolla ikävä yllätys 16 haittaohjelmaa vaanii rahojasi ja tietojasi

www.is.fi/digitoday/tietoturva/art-2000006476230.html Verkkorikolliset ovat jo jonkin aikaa yrittäneet huijata verkonkäyttäjiä korona-aiheisilla sähköposteilla ja verkkosivuilla. Näiden ohella ihmisiä yritetään harhauttaa myös lataamaan puhelimeensa haittaohjelmia koronan varjolla, kertoo tietoturvayhtiö Check Point.

Kiristäjät löivät turbon päälle näin lisätään lunnaiden maksuhaluja

www.tivi.fi/uutiset/tv/60abbcdb-907c-484f-a783-185c2f22a6f9 Tietoturvayhtiö Check Point kertoo havainneensa, että etenkin sairaaloita ja yrityksiä pihteihinsä ottavat verkkorikolliset ovat ottaneet käyttöön entistä kovemmat keinot. Check Point puhuu kaksinkertaisesta kiristyksestä.

Pornoiskuja, rasistista huutelua ja vuodettuja salasanoja Suosittu Zoom-videopuhelupalvelu on kärsinyt tietoturvaongelmista

yle.fi/uutiset/3-11307551 Yhtiön käyttäjämäärät ja pörssikurssit ovat kohonneet räjähdysmäisesti ongelmista huolimatta.

Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

www.vice.com/en_us/article/qjdqgv/hackers-selling-critical-zoom-zero-day-exploit-for-500000 People who trade in zero-day exploits say there are two Zoom zero-days, one for Windows and one for MacOS, on the market.

Zoom-bombing disrupted a House Oversight Committee meeting

www.zdnet.com/article/zoom-bombing-disrupted-a-house-oversight-committee-meeting/ A US congressman says that miscreants have managed to disrupt a Zoom meeting held at the highest levels of the US government, despite warnings against using the software.

Streaming TV Fraudsters Steal Millions of Ad Dollars in ICEBUCKET Attack

threatpost.com/icebucket-streaming-tv-fraudsters-steal-ad-dollars/154852/ A massive television ad fraud campaign that abuses the programmatic advertising ecosystem for connected TV (CTV) has successfully impersonated more than 2 million people in over 30 countries so far during its run, defrauding more than 300 different brands out of their ad dollars.

Kernel vulnerabilities in Android devices using Qualcomm chips explored

www.zdnet.com/article/technical-details-of-kernel-vulnerabilities-in-android-devices-using-qualcomm-chips-revealed/ Updated: The security flaws that allowed attackers to achieve root capabilities on handsets have now been described in detail.

New AgentTesla variant steals WiFi credentials

blog.malwarebytes.com/cybercrime/2020/04/new-agenttesla-variant-steals-wifi-credentials/ Newer variants of AgentTesla seen in the wild have the capability to collect information about a victims WiFi profile, possibly to use it as a way to spread onto other machines. In this blog we provide details about how this new feature works.

SentinelOne researcher trolled in new MBRLocker ransomware campaign

www.zdnet.com/article/sentinelone-researcher-trolled-in-new-mbrlocker-ransomware-campaign/ Malware was released using the researchers name as author, alongside his contact details.

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

thehackernews.com/2020/04/rubygem-typosquatting-malware.html In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems packages written in Ruby programming language that supply chain attackers were caught recently distributing through the RubyGems repository.

Double Extortion Ransomware Attacks Spike

threatpost.com/double-extortion-ransomware-attacks-spike/154818/ More ransomware operators are setting up pages where they threaten to publish compromised data from victims an added pressure for victims to pay the ransom.

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” At this time, we do not believe this attack is associated with an already known threat actor.. Our research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus we believe the adversaries in this case want to target citizens of the country Azerbaijan, including private companies in the SCADA sector like wind turbine systems.

Coronavirus: Cisco wanted to delay patch for critical flaw in phone used by doctors

www.zdnet.com/article/coronavirus-cisco-wanted-to-delay-patch-for-critical-flaw-in-phone-used-by-doctors/ Cisco has gone ahead and disclosed a critical flaw in a range of its internet protocol (IP) phones. However, it had originally wanted to break from its own 90-day disclosure policy due to “extenuating circumstances” created by the COVID-19 coronavirus pandemic.

The secret behind unkillable Android backdoor called xHelper has been revealed

arstechnica.com/information-technology/2020/04/solved-how-android-backdoor-called-xhelper-survives-factory-resets/ The precise cause of the reinfections stumped researchers for months.

Sipping from the Coronavirus Domain Firehose

krebsonsecurity.com/2020/04/sipping-from-the-coronavirus-domain-firehose/ Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. . As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

AI spots critical Microsoft security bugs 97% of the time

venturebeat.com/2020/04/16/ai-spots-critical-microsoft-security-bugs-97-of-the-time/ Microsoft claims to have developed a system that correctly distinguishes between security and non-security software bugs 99% of the time, and that accurately identifies critical, high-priority security bugs on average 97% of the time. In the coming months, it plans to open-source the methodology on GitHub, along with example models and other resources.

Financial Cyberthreats in 2019


You might be interested in …

Daily NCSC-FI news followup 2020-09-02

Suomalaisyhtiö löysi vakavan tietoturva-aukon WordPress-julkaisualustasta yle.fi/uutiset/3-11524279 Suomalaisyhtiö Seravo on löytänyt merkittävän tietoturva-aukon internetin WordPress-julkaisualustasta. Haavoittuvuus koskettaa maailmanlaajuisesti yli 700 000:ta sivua. Haavoittuvuuden paikkaava päivitys on jo julkaistu, ja Seravo kehottaakin kaikkia alustan käyttäjiä asentamaan päivityksen heti. also: arstechnica.com/information-technology/2020/09/hackers-are-exploiting-a-critical-flaw-affecting-350000-wordpress-sites/ Pelkäätkö Koronavilkkua? Vielä keväällä ammattihakkeri Benjamin Särkkä sanoi, ettei asentaisi koronasovellusta – 5 syytä miksi mieli on […]

Read More

Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts? securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in […]

Read More

Daily NCSC-FI news followup 2021-07-09

Banking Trojans in a business wrapper www.kaspersky.com/blog/icedid-qbot-banking-trojans-in-spam/40552/ Spammers are using malicious macros to distribute IcedID and Qbot banking malware in seemingly important documents. For employees facing hundreds of e-mails, the temptation to speed-read and download attachments on autopilot can be great. Cybercriminals, of course, take advantage, sending out seemingly important documents that might contain just […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.