NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.

2, 000 coronavirus scammers taken offline in major phishing crackdown And now cybersecurity authorities want your help with spotting fake and fraud emails.

France asks Apple to relax iPhone security for coronavirus tracking app development A technical issue is stymying the development of a government app for tracing COVID-19.

2 billion phones cannot use Google and Apple contact-tracing tech The particular kind of Bluetooth “low energy” chips that are used to detect proximity between devices without running down the phone’s battery are absent from a quarter of smartphones in active use globally today, according to analysts at Counterpoint Research. A further 1.5 billion people still use basic or “feature” phones that do not run iOS or Android at all.

Rantautuiko vaarallinen vainoharha nyt myös Suomeen? Poliisi epäilee liekkimerta tahalliseksi tuhotyöksi Poliisi epäilee teletekniikkarakennuksen paloa Pohjanmaalla tahallaan sytytetyksi. Maailmalla on keväällä sytytetty tahallaan useita 5g-mastoja ilmeisesti koronavirukseen liittyvien harhaluulojen takia, mutta poliisilla ei ole tietoa Pohjanmaan tapauksen tekijästä tai motiivista.

Vulnerability Spotlight: Zoom Communications User Enumeration Today, Cisco Talos is disclosing a user enumeration vulnerability in Zoom Communications that could allow a malicious user to obtain a complete list of Zoom users inside a specific organization.

Researcher discloses four IBM zero-days after refusal to fix Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. The four 0days published today by Pedro Ribeiro Director of Research at Agile Information Security on GitHub were discovered in IBM Data Risk Manager (IDRM), a tool designed to help “uncover, analyze and visualize data-related business risks.”

Unpatchable ‘Starbleed’ Bug in FPGA Chips Exposes Critical Devices to Hackers A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.

Hey there! Are you using WhatsApp? Your account may be hackable Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out. [Tip: Use 2FA]

Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining

Bad news: Cognizant hit by ransomware gang. Worse: It’s Maze, which leaks victims’ data online after

Hankkija raskaan kyberhyökkäyksen kohteena elintärkeät järjestelmät poissa pelistä Maatalousalan yhtiö Hankkija tiedottaa, että sen emoyhtiö Danish Agron tietojärjestelmiin iskettiin sunnuntaina. Vakavaksi luonnehditun iskun aiheuttamien järjestelmähäiriöiden takia Hankkijan ja Moveren tuotteiden toimituksessa ja laskutuksessa on häiriöitä ja viivästyksiä.

Here’s a list of all the ransomware gangs who will steal and leak your data if you don’t pay

Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get? Who wants to know about their biz plans? Someone determined. Also:

Oil and Gas Firms Targeted With Agent Tesla Spyware Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.

Something a bit phishy in your inbox? You can now email suspected frauds straight to Blighty’s web takedown cops The National Cyber Security Centre [of UK] has launched the Suspicious Email Reporting Service: a new email address for reporting scam mails to a government department that might actually do something about it.

Nintendo accounts are getting hacked and used to buy Fortnite currency Nintendo has recommended that users enable two-factor authentication on their accounts.

New Coronavirus screenlocker malware is extremely annoying A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.

Grouping Linux IoT Malware Samples With Trend Micro ELF Hash

Google productises its own not-a-VPN secure remote access tool Zero-trust access to web applications with very fine-grained access controls

Microsoft puts a stop to auto-updates of Azure Service Fabric ‘until further notice’

Valtionyhtiö hankkii yli sadan miljoonan verkon viranomaisille “Tämä on teknologiapäivitys” Julkisessa verkossa viranomaisten tiedonsiirron priorisointi on Suomen Erillisverkkojen toimitusjohtaja Timo Lehtimäen mukaan yksi Virve 2.0 – -hankkeen ydinaiheista.

The Incident Response Challenge 2020 Win $5, 000 Prize! Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts.

New sextortion threat making the rounds Don’t be surprised or alarmed if a new sextortion scam lands in your inbox. It is a bogus as every other one — and it may be using data from the Ashley Madison hack.

New iOS exploit discovered being used to spy on China’s Uyghur minority New “Insomnia” exploit works on iOS versions 12.3, 12.3.1, and 12.3.2; was patched in iOS 12.4 last year.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.