Daily NCSC-FI news followup 2020-04-22

Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks

www.wired.com/story/google-state-sponsored-hackers-coronavirus-phishing-malware/ More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report. Report:

blog.google/technology/safety-security/threat-analysis-group/findings-covid-19-and-online-security-threats/

Chinese Agents Helped Spread Messages That Sowed Virus Panic in U.S., Officials Say

www.nytimes.com/2020/04/22/us/politics/coronavirus-china-disinformation.html American officials were alarmed by fake text messages and social media posts that said President Trump was locking down the country. Experts see a convergence with Russian tactics.

Zoom releases 5.0 update with security and privacy improvements

www.theverge.com/2020/4/22/21230962/zoom-update-security-privacy-features-improvements-download Zoom is moving quickly to address complaints

Zoom adds data center routing, security updates

www.zdnet.com/article/zoom-adds-data-center-routing-security-updates/ The data center routing feature is meant to allay fears that Zoom chats and encryption keys were being sent to Chinese servers.

New iOS zero-days actively used against high-profile targets

www.bleepingcomputer.com/news/security/new-ios-zero-days-actively-used-against-high-profile-targets/ Two zero-day vulnerabilities affecting iPhone and iPad devices were found by cybersecurity startup ZecOps after the discovery of a series of ongoing remote attacks that have targeted iOS users since at least January 2018.

Nazar: A Lost Amulet

www.epicturla.com/blog/the-lost-nazar Today, I’ll focus on a specific misidentified TeDi signature, SIG37. The Nazar APT

Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage

www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html – From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis.

Questioning China’s Politicization of Cyber Intelligence During Pandemic

www.cfr.org/blog/questioning-chinas-politicization-cyber-intelligence-during-pandemic Recently, Chinese cybersecurity companies have reported an intrusion campaign targeting government networks and health-care systems during the COVID-19 pandemic. A campaign of this magnitude threatens to degrade international norms for the protection of health systems that are already under unprecedented pressures. However, there is reason to question the narrative from Beijing and these companies.

Goodbye smishing? SMS crackdown should stop you getting fake messages

www.zdnet.com/article/goodbye-smishing-sms-crackdown-should-stop-you-getting-fake-messages/ Mobile industry, banks and NCSC collaborate on SMS SenderID Protection Registry – which has already stopped at least 70 Covid-19 SMS scams from being sent.

New phishing hotline sent 5, 000 suspicious emails in just one day

www.zdnet.com/article/new-phishing-hotline-is-sent-5000-suspicious-emails-in-just-one-day/ 83 cyber criminal websites taken down just a day after National Cyber Security Centre launches Suspicious Email Reporting Service.

Following the money in a massive “sextortion” spam scheme

news.sophos.com/en-us/2020/04/22/following-the-sextortion-money/ Cryptocurrency profits from sextortion spam funneled into wallets tied to other cybercrime and dark web market activity.

Ransomware is now the biggest online menace you need to worry about

www.zdnet.com/article/ransomware-is-now-the-biggest-online-menace-you-need-to-worry-about/ Ransomware attacks have overtaken credit card theft as the top form of cybercrime according to new data.

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/ The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.

Revive ad servers being hacked to distribute malicious ads

www.bleepingcomputer.com/news/security/revive-ad-servers-being-hacked-to-distribute-malicious-ads/ The Tag Barnakle malvertising group is hacking into Revive ad servers to inject and deliver malicious advertisements on unwary visitors. This malicious code will detect when Firebug or a browser’s developer console is open, and if not, perform a redirect to malicious sites that are promoting fake Adobe Flash updates.

Bot creates millions of fake eyeballs to rip off smart-TV advertisers

nakedsecurity.sophos.com/2020/04/20/bot-creates-millions-of-fake-eyeballs-to-rip-off-smart-tv-advertisers/ Researchers have uncovered the biggest connected-TV (CTV) ad fraud operation they’ve ever seen, fueled with fake ad views seen by bogus eyeballs that actually belonged to a bot network they named ICEBUCKET.

Banking.BR Android Trojan Emerges in Credential-Stealing Attacks

threatpost.com/android-banking-br-trojan-credential-stealing/154990/ A new Android trojan targets banking customers with overlay attacks to steal their bank credentials and ultimately take over their accounts.

NSA, ASD Release Guidance for Mitigating Web Shell Malware

www.us-cert.gov/ncas/current-activity/2020/04/22/nsa-asd-release-guidance-mitigating-web-shell-malware

Flaw in iPhone, iPads may have allowed hackers to steal data for years

www.reuters.com/article/us-usa-apple-cyber-idUSKCN2242IK Apple Inc (AAPL.O) is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers. See also:

blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/

Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D

threatpost.com/microsoft-issues-out-of-band-security-update-for-office-paint-3d/155016/ Microsoft has released an out-of-band security update for Microsoft Office, Office 365 ProPlus and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution.

Serious flaws found in multiple smart home hubs: Is your device among them?

www.welivesecurity.com/2020/04/22/serious-flaws-smart-home-hubs-is-your-device-among-them/ In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them

Attack of the clones: If you were relying on older Xilinx FPGAs to keep your product’s hardware code encrypted and secret, here’s some bad news

www.theregister.co.uk/2020/04/22/fpga_xilinx_side_channel/ Decrypted configuration bitstream can be siphoned from chips via side-channel flaw

NordVPN unveils first mainstream WireGuard virtual private network

www.zdnet.com/article/nordvpn-unveils-first-mainstream-wireguard-virtual-private-network/

“Sinne ei asennella pelejä tai katsella pornoa” Mikko Hyppösellä on painavaa sanottavaa työkoneiden käytöstä kotona

www.is.fi/digitoday/tietoturva/art-2000006482034.html Tietoturvaekspertti muistuttaa asioista, jotka kotityöläisen tulisi laittaa kuntoon, kun firma ei sitä pysty tekemään.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.