Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers

www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/ The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.

2, 000 coronavirus scammers taken offline in major phishing crackdown

www.zdnet.com/article/2000-coronavirus-scammers-taken-offline-in-major-phishing-crackdown/ And now cybersecurity authorities want your help with spotting fake and fraud emails.

France asks Apple to relax iPhone security for coronavirus tracking app development

www.zdnet.com/article/france-asks-apple-to-relax-iphone-security-for-coronavirus-tracking-app-development/ A technical issue is stymying the development of a government app for tracing COVID-19.

2 billion phones cannot use Google and Apple contact-tracing tech

arstechnica.com/tech-policy/2020/04/2-billion-phones-cannot-use-google-and-apple-contract-tracing-tech/ The particular kind of Bluetooth “low energy” chips that are used to detect proximity between devices without running down the phone’s battery are absent from a quarter of smartphones in active use globally today, according to analysts at Counterpoint Research. A further 1.5 billion people still use basic or “feature” phones that do not run iOS or Android at all.

Rantautuiko vaarallinen vainoharha nyt myös Suomeen? Poliisi epäilee liekkimerta tahalliseksi tuhotyöksi

www.tivi.fi/uutiset/rantautuiko-vaarallinen-vainoharha-nyt-myos-suomeen-poliisi-epailee-liekkimerta-tahalliseksi-tuhotyoksi/e1f752a3-2769-4074-a894-b854b6528ce6 Poliisi epäilee teletekniikkarakennuksen paloa Pohjanmaalla tahallaan sytytetyksi. Maailmalla on keväällä sytytetty tahallaan useita 5g-mastoja ilmeisesti koronavirukseen liittyvien harhaluulojen takia, mutta poliisilla ei ole tietoa Pohjanmaan tapauksen tekijästä tai motiivista.

Vulnerability Spotlight: Zoom Communications User Enumeration

blog.talosintelligence.com/2020/04/zoom-user-enumeration.html Today, Cisco Talos is disclosing a user enumeration vulnerability in Zoom Communications that could allow a malicious user to obtain a complete list of Zoom users inside a specific organization.

Researcher discloses four IBM zero-days after refusal to fix

www.bleepingcomputer.com/news/security/researcher-discloses-four-ibm-zero-days-after-refusal-to-fix/ Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. The four 0days published today by Pedro Ribeiro Director of Research at Agile Information Security on GitHub were discovered in IBM Data Risk Manager (IDRM), a tool designed to help “uncover, analyze and visualize data-related business risks.”

Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers

thehackernews.com/2020/04/fpga-chip-vulnerability.html A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.

Hey there! Are you using WhatsApp? Your account may be hackable

www.welivesecurity.com/2020/04/20/hey-there-using-whatsapp-your-account-hackable/ Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out. [Tip: Use 2FA]

Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining


Bad news: Cognizant hit by ransomware gang. Worse: It’s Maze, which leaks victims’ data online after


Hankkija raskaan kyberhyökkäyksen kohteena elintärkeät järjestelmät poissa pelistä

www.tivi.fi/uutiset/tv/f572bf2a-1549-4f17-92fc-ee47cb2ee9d3 Maatalousalan yhtiö Hankkija tiedottaa, että sen emoyhtiö Danish Agron tietojärjestelmiin iskettiin sunnuntaina. Vakavaksi luonnehditun iskun aiheuttamien järjestelmähäiriöiden takia Hankkijan ja Moveren tuotteiden toimituksessa ja laskutuksessa on häiriöitä ja viivästyksiä.

Here’s a list of all the ransomware gangs who will steal and leak your data if you don’t pay


Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get?

www.theregister.co.uk/2020/04/21/bitdefender_opec_attacks/ Who wants to know about their biz plans? Someone determined. Also:


Oil and Gas Firms Targeted With Agent Tesla Spyware

threatpost.com/oil-and-gas-agent-tesla-spyware/154973/ Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.

Something a bit phishy in your inbox? You can now email suspected frauds straight to Blighty’s web takedown cops

www.theregister.co.uk/2020/04/21/ncsc_email_scam_takedown_address/ The National Cyber Security Centre [of UK] has launched the Suspicious Email Reporting Service: a new email address for reporting scam mails to a government department that might actually do something about it.

Nintendo accounts are getting hacked and used to buy Fortnite currency

www.zdnet.com/article/nintendo-accounts-are-getting-hacked-and-used-to-buy-fortnite-currency/#ftag=RSSbaffb68 Nintendo has recommended that users enable two-factor authentication on their accounts.

New Coronavirus screenlocker malware is extremely annoying

www.bleepingcomputer.com/news/security/new-coronavirus-screenlocker-malware-is-extremely-annoying/ A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

threatpost.com/mootbot-fiber-routers-zero-days/154962/ Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.

Grouping Linux IoT Malware Samples With Trend Micro ELF Hash


Google productises its own not-a-VPN secure remote access tool

www.theregister.co.uk/2020/04/21/google_productises_its_own_not_vpn_beyondcorp/ Zero-trust access to web applications with very fine-grained access controls

Microsoft puts a stop to auto-updates of Azure Service Fabric ‘until further notice’


Valtionyhtiö hankkii yli sadan miljoonan verkon viranomaisille “Tämä on teknologiapäivitys”

www.tivi.fi/uutiset/tv/b3fef634-484c-402a-98e0-9411d1733b4f Julkisessa verkossa viranomaisten tiedonsiirron priorisointi on Suomen Erillisverkkojen toimitusjohtaja Timo Lehtimäen mukaan yksi Virve 2.0 – -hankkeen ydinaiheista.

The Incident Response Challenge 2020 Win $5, 000 Prize!

thehackernews.com/2020/04/incident-response-challenge.html Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts.

New sextortion threat making the rounds

www.zdnet.com/article/new-sextortion-threat-making-the-rounds/ Don’t be surprised or alarmed if a new sextortion scam lands in your inbox. It is a bogus as every other one — and it may be using data from the Ashley Madison hack.

New iOS exploit discovered being used to spy on China’s Uyghur minority

www.zdnet.com/article/new-ios-exploit-discovered-being-used-to-spy-on-chinas-uyghur-minority/ New “Insomnia” exploit works on iOS versions 12.3, 12.3.1, and 12.3.2; was patched in iOS 12.4 last year.

You might be interested in …

Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. Microsoft warns of new BlueKeeplike flaws www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in […]

Read More

Daily NCSC-FI news followup 2019-07-22

Fuzz rising www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security […]

Read More

Daily NCSC-FI news followup 2020-04-29

Rogue affiliates are running fake antivirus expiration scams www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/ Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale. Microsoft warns of malware surprise pushed via pirated movies www.bleepingcomputer.com/news/security/microsoft-warns-of-malware-surprise-pushed-via-pirated-movies/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.