Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns

www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday.

Hacking against corporations surges as workers take computers home

www.reuters.com/article/us-health-coronavirus-cyber-corporations/hacking-against-corporations-surges-as-workers-take-computers-home-idUSKBN21Z0Y6 Also

arcticsecurity.com/news/2020/04/17/number-of-potentially-compromised-organizations-more-than-doubles-since-january/

Does Covid-19 Contact Tracing Pose a Privacy Risk? Your Questions, Answered

www.wired.com/story/apple-google-contact-tracing-strengths-weaknesses/ Apple and Google’s Bluetooth-based system isn’t perfect. But many of the biggest concerns have solutions.

NHS in standoff with Apple and Google over coronavirus tracing

www.theguardian.com/technology/2020/apr/16/nhs-in-standoff-with-apple-and-google-over-coronavirus-tracing Tech firms place limitations on how tracing apps may work in effort to protect users’ privacy

Europe publishes draft rules for coronavirus contact-tracing app development, on a relaxed schedule

www.theregister.co.uk/2020/04/17/european_contact_tracing_app_spec/ No phone numbers needed but you’ll need Notifications and Bluetooth on all the time

Coronavirus scams: This is how much people have lost to online fraudsters so far

www.zdnet.com/article/coronavirus-scams-this-is-how-much-people-have-lost-to-online-fraudsters-so-far/ Over £2 million has been lost to coronavirus themed scams, phishing emails and other fraud in the UK alone as cyber criminals look to exploit the COVID-19 pandemic for their own gain.

Google to Gmail users: Coronavirus phishing is targeting you. This is how we hit back

www.zdnet.com/article/google-to-gmail-users-coronavirus-phishing-is-targeting-you-this-is-how-we-hit-back/ The company says it blocked 18 million COVID-19 themed phishing emails last week. The blocked COVID-19 phishing emails targeting Gmail users would represent about 2.5% of the 100 million phishing emails Google said in 2019 it blocks daily. Google is also blocking 240 million COVID-related daily spam messages each day.

India says ‘Zoom is a not a safe platform’ and bans government users

www.theregister.co.uk/2020/04/17/india_government_zoom_ban/

Half a million Zoom accounts for sale on the dark web

www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/ Even accounts belonging to banks and educational institutions were found on lists plastered across various hacker forums

Leading accounting firm MNP hit with cyberattack

www.bleepingcomputer.com/news/security/leading-accounting-firm-mnp-hit-with-cyberattack/ A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.

Threat Roundup for April 10 to April 17

blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 10 and April 17. As with previous roundups, this post isn’t meant to be an in-depth analysis.

Clipboard hijacking malware found in 725 Ruby libraries

www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/ The malware would replace Bitcoin addresses copied to the clipboard with one controlled by the attacker.

PoetRAT Trojan targets energy sector using coronavirus lures

www.zdnet.com/article/poetrat-trojan-targets-energy-sector-using-coronavirus-lures/ Wind turbine operators are the focus of a new data-stealing campaign.

Hackers Update Age-Old Excel 4.0 Macro Attack

threatpost.com/hackers-update-age-old-excel-4-0-macro-attack/154898/ XLS files sent via emails appear password protected but aren’t, opening automatically to install malware from compromised macros, according to researchers.

Weaponized RTF Document Generator & Mailer in PowerShell

isc.sans.edu/diary/rss/26030 Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook is used by the victim and, if it’s the case, it generates a malicious RTF document that is spread to all contacts extracted from Outlook. Let’s have a look at it.

A Brand New Ursnif/ISFB Campaign Targets Italian Organizations

yoroi.company/research/a-brand-new-ursnif-isfb-campaign-targets-italian-organizations/ Ursnif is one of the most and widespread threats, it is delivered through malspam campaigns aimed at multiple industries across Italy and Europe.

You’re a botnet, you’ve got a zero-day, so where do you go? After fiber, because that’s where the bandwidth is

www.theregister.co.uk/2020/04/16/fiber_routers_under_fire/ Two-step attack seen on core systems. Researchers are warning owners of fiber routers to keep a close eye on their gear and check for firmware updates following the discovery an in-the-wild zero-day attack.

That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed

www.theregister.co.uk/2020/04/17/vmware_vcenter_critical_vuln_anyone_create_admin_users/

Critical ‘starbleed’ vulnerability in FPGA chips identified

www.eurekalert.org/pub_releases/2020-04/rb-cv041620.php FPGA chips are part of many safety-critical applications; they have one particular valuable feature: they are individually reprogrammable – — but with this feature also comes a risk

ICANN delays.org sell off after California’s attorney general intervenes at last minute, tears non-profit a new one over sale

www.theregister.co.uk/2020/04/17/icann_california_org_sale_delay/

Using AppLocker to Prevent Living off the Land Attacks

isc.sans.edu/diary/rss/26032

You Can Now Check If Your ISP Uses Basic Security Measures

www.wired.com/story/cloudflare-bgp-routing-safe-yet/ “Is BGP Safe Yet” is a new site that names and shames internet service providers that don’t tend to their routing.

You might be interested in …

Daily NCSC-FI news followup 2020-06-19

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy krebsonsecurity.com/2020/06/fema-it-specialist-charged-in-id-theft-tax-refund-fraud-conspiracy/ An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and […]

Read More

Daily NCSC-FI news followup 2019-10-13

Ruotsi aikoo sulkea kiinalaisen Huawein 5g-verkkojensa ulkopuolelle, kertoo SVT “Paniikkireaktio”, sanoo suomalaisprofessori yle.fi/uutiset/3-11018309 Huippunopeisiin 5g-verkkoihin nojaavat tulevaisuudessa monet yhteiskunnan elintärkeät palvelut, ja siksi niiden turvallisuus on noussut keskusteluun. Uusi merkki kertoo, että tuotteen tietoturva on kunnossa www.tivi.fi/uutiset/tv/d387512b-1d9d-4822-a8a9-d6981f62eb47 Kodin älylaitteet ovat saamassa Kyberturvallisuuskeskukselta oman merkinnän, joka kertoisi laitteen perustietoturvan olevan kunnossa. Planting tiny spy chips in […]

Read More

Daily NCSC-FI news followup 2019-10-24

Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI). Cyber chief: The IoT could provide a model for improved […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.