Daily NCSC-FI news followup 2020-04-18

German government loses tens of millions of euros in COVID-19 phishing attack

www.zdnet.com/article/german-government-loses-tens-of-millions-of-euros-in-covid-19-phishing-attack/ The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding. The funds were lost following a classic phishing operation.

Microsoft: Trickbot in hundreds of unique COVID-19 lures per week

www.bleepingcomputer.com/news/security/microsoft-trickbot-in-hundreds-of-unique-covid-19-lures-per-week/ TrickBot is, at the moment, the malware showing up in the highest number of unique COVID-19 related malicious emails and attachments delivered to potential victims’ inboxes based on Microsoft’s Office 365 Advanced Threat Protection (ATP) data.

FBI says cybercrime reports quadrupled during COVID-19 pandemic

www.zdnet.com/article/fbi-says-cybercrime-reports-quadrupled-during-covid-19-pandemic/ FBI official also says foreign hackers targeted COVID-19 research

Growth in surveillance may be hard to scale back after pandemic, experts say


GitHub accounts stolen in ongoing phishing attacks

www.bleepingcomputer.com/news/security/github-accounts-stolen-in-ongoing-phishing-attacks/ GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub’s login page.

Microsoft helped stop a botnet controlled via an LED light console

www.bleepingcomputer.com/news/security/microsoft-helped-stop-a-botnet-controlled-via-an-led-light-console/ Microsoft says that its Digital Crimes Unit (DCU) discovered and helped take down a botnet of 400, 000 compromised devices controlled with the help of an LED light control console.

Office printers: The ticking IT time bomb hiding in plain sight

www.helpnetsecurity.com/2020/04/17/unprotected-printers/ Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.

US govt: Hacker used stolen AD credentials to ransom hospitals

www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/ Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known pre-auth remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.

IT services giant Cognizant suffers Maze Ransomware cyber attack

www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/ Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned. Cognizant is one of the largest IT managed services company in the world with close to 300, 000 employees and over $15 billion in revenue.

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn

securityaffairs.co/wordpress/101754/malware/sea-targets-android.html The campaign aimed at users in Syria and surrounding regions was spotted by experts from mobile security firm Lookout, threat actors employed tens of Android apps, none of which is available in the official Google Play Store.

Gamaredon APT Group Use Covid-19 Lure in Campaigns


Security News This Week: Russian Hackers Went After San Francisco International Airport

www.wired.com/story/russian-hackers-san-francisco-airport-windows-zero-days-security-roundup/ Plus: Windows zero days, Covid-19 spam, and more of the week’s top security news.

You might be interested in …

Daily NCSC-FI news followup 2020-11-01

Nyt tuli peli, jota puolustusministeriökin hehkuttaa: “Nyt saa pelata työajalla” www.is.fi/digitoday/tietoturva/art-2000006705549.html Digiturvallinen elämä -peli ei vie paljoa aikaa, mutta sen hyödyt voivat kantaa pitkälle. US Cyber Command exposes new Russian malware www.zdnet.com/article/us-cyber-command-exposes-new-russian-malware/#ftag=RSSbaffb68 Together with CISA and the FBI, US Cyber Command wish Russian state hackers a “Happy Halloween!”. Six of the eight samples are for […]

Read More

Daily NCSC-FI news followup 2021-08-20

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in […]

Read More

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.