Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers

www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/ The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.

2, 000 coronavirus scammers taken offline in major phishing crackdown

www.zdnet.com/article/2000-coronavirus-scammers-taken-offline-in-major-phishing-crackdown/ And now cybersecurity authorities want your help with spotting fake and fraud emails.

France asks Apple to relax iPhone security for coronavirus tracking app development

www.zdnet.com/article/france-asks-apple-to-relax-iphone-security-for-coronavirus-tracking-app-development/ A technical issue is stymying the development of a government app for tracing COVID-19.

2 billion phones cannot use Google and Apple contact-tracing tech

arstechnica.com/tech-policy/2020/04/2-billion-phones-cannot-use-google-and-apple-contract-tracing-tech/ The particular kind of Bluetooth “low energy” chips that are used to detect proximity between devices without running down the phone’s battery are absent from a quarter of smartphones in active use globally today, according to analysts at Counterpoint Research. A further 1.5 billion people still use basic or “feature” phones that do not run iOS or Android at all.

Rantautuiko vaarallinen vainoharha nyt myös Suomeen? Poliisi epäilee liekkimerta tahalliseksi tuhotyöksi

www.tivi.fi/uutiset/rantautuiko-vaarallinen-vainoharha-nyt-myos-suomeen-poliisi-epailee-liekkimerta-tahalliseksi-tuhotyoksi/e1f752a3-2769-4074-a894-b854b6528ce6 Poliisi epäilee teletekniikkarakennuksen paloa Pohjanmaalla tahallaan sytytetyksi. Maailmalla on keväällä sytytetty tahallaan useita 5g-mastoja ilmeisesti koronavirukseen liittyvien harhaluulojen takia, mutta poliisilla ei ole tietoa Pohjanmaan tapauksen tekijästä tai motiivista.

Vulnerability Spotlight: Zoom Communications User Enumeration

blog.talosintelligence.com/2020/04/zoom-user-enumeration.html Today, Cisco Talos is disclosing a user enumeration vulnerability in Zoom Communications that could allow a malicious user to obtain a complete list of Zoom users inside a specific organization.

Researcher discloses four IBM zero-days after refusal to fix

www.bleepingcomputer.com/news/security/researcher-discloses-four-ibm-zero-days-after-refusal-to-fix/ Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. The four 0days published today by Pedro Ribeiro Director of Research at Agile Information Security on GitHub were discovered in IBM Data Risk Manager (IDRM), a tool designed to help “uncover, analyze and visualize data-related business risks.”

Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers

thehackernews.com/2020/04/fpga-chip-vulnerability.html A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.

Hey there! Are you using WhatsApp? Your account may be hackable

www.welivesecurity.com/2020/04/20/hey-there-using-whatsapp-your-account-hackable/ Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out. [Tip: Use 2FA]

Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining

blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/

Bad news: Cognizant hit by ransomware gang. Worse: It’s Maze, which leaks victims’ data online after

www.theregister.co.uk/2020/04/21/cognizant_maze_malware/

Hankkija raskaan kyberhyökkäyksen kohteena elintärkeät järjestelmät poissa pelistä

www.tivi.fi/uutiset/tv/f572bf2a-1549-4f17-92fc-ee47cb2ee9d3 Maatalousalan yhtiö Hankkija tiedottaa, että sen emoyhtiö Danish Agron tietojärjestelmiin iskettiin sunnuntaina. Vakavaksi luonnehditun iskun aiheuttamien järjestelmähäiriöiden takia Hankkijan ja Moveren tuotteiden toimituksessa ja laskutuksessa on häiriöitä ja viivästyksiä.

Here’s a list of all the ransomware gangs who will steal and leak your data if you don’t pay

www.zdnet.com/article/heres-a-list-of-all-the-ransomware-gangs-who-will-steal-and-leak-your-data-if-you-dont-pay/

Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get?

www.theregister.co.uk/2020/04/21/bitdefender_opec_attacks/ Who wants to know about their biz plans? Someone determined. Also:

arstechnica.com/information-technology/2020/04/hackers-target-oil-producers-as-they-struggle-with-a-record-glut-of-crude/

Oil and Gas Firms Targeted With Agent Tesla Spyware

threatpost.com/oil-and-gas-agent-tesla-spyware/154973/ Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.

Something a bit phishy in your inbox? You can now email suspected frauds straight to Blighty’s web takedown cops

www.theregister.co.uk/2020/04/21/ncsc_email_scam_takedown_address/ The National Cyber Security Centre [of UK] has launched the Suspicious Email Reporting Service: a new email address for reporting scam mails to a government department that might actually do something about it.

Nintendo accounts are getting hacked and used to buy Fortnite currency

www.zdnet.com/article/nintendo-accounts-are-getting-hacked-and-used-to-buy-fortnite-currency/#ftag=RSSbaffb68 Nintendo has recommended that users enable two-factor authentication on their accounts.

New Coronavirus screenlocker malware is extremely annoying

www.bleepingcomputer.com/news/security/new-coronavirus-screenlocker-malware-is-extremely-annoying/ A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

threatpost.com/mootbot-fiber-routers-zero-days/154962/ Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.

Grouping Linux IoT Malware Samples With Trend Micro ELF Hash

blog.trendmicro.com/trendlabs-security-intelligence/grouping-linux-iot-malware-samples-with-trend-micro-elf-hash/

Google productises its own not-a-VPN secure remote access tool

www.theregister.co.uk/2020/04/21/google_productises_its_own_not_vpn_beyondcorp/ Zero-trust access to web applications with very fine-grained access controls

Microsoft puts a stop to auto-updates of Azure Service Fabric ‘until further notice’

www.theregister.co.uk/2020/04/21/azure_service_fabric_7_1/

Valtionyhtiö hankkii yli sadan miljoonan verkon viranomaisille “Tämä on teknologiapäivitys”

www.tivi.fi/uutiset/tv/b3fef634-484c-402a-98e0-9411d1733b4f Julkisessa verkossa viranomaisten tiedonsiirron priorisointi on Suomen Erillisverkkojen toimitusjohtaja Timo Lehtimäen mukaan yksi Virve 2.0 – -hankkeen ydinaiheista.

The Incident Response Challenge 2020 Win $5, 000 Prize!

thehackernews.com/2020/04/incident-response-challenge.html Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts.

New sextortion threat making the rounds

www.zdnet.com/article/new-sextortion-threat-making-the-rounds/ Don’t be surprised or alarmed if a new sextortion scam lands in your inbox. It is a bogus as every other one — and it may be using data from the Ashley Madison hack.

New iOS exploit discovered being used to spy on China’s Uyghur minority

www.zdnet.com/article/new-ios-exploit-discovered-being-used-to-spy-on-chinas-uyghur-minority/ New “Insomnia” exploit works on iOS versions 12.3, 12.3.1, and 12.3.2; was patched in iOS 12.4 last year.

You might be interested in …

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a […]

Read More

Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn. threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys ENTSO-E: cyber intrusion on its office […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.