Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks

www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. =

Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months

www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even with a low rate of payout, the scheme netted a cool half million for the various groups involved. Read also:

news.sophos.com/en-us/2020/04/22/following-the-sextortion-money/

Sneaky Zero-Click Attacks Are a Hidden Menace

www.wired.com/story/sneaky-zero-click-attacks-hidden-menace/ Hacks that can play out without any user interaction may be more common than we realize, in part because they’re so difficult to detect. Institutions and regular web users are always on alert about avoiding errant clicks and downloads online that could lead their devices to be infected with malware. But not all attacks require a user slip-up to open the door. Research published this week by the threat monitoring firm ZecOps shows the types of vulnerabilities hackers can exploit to launch attacks that don’t require any interaction from the victim at alland the ways such hacking tools may be proliferating undetected. Read also:

blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

The Week in Ransomware – April 24th 2020 – High Profile Attacks

www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-24th-2020-high-profile-attacks/ There was not a lot of new variants released this week, but we did have some attacks on high profile victims. This past weekend it came to light that IT service giant Cognizant suffered a Maze Ransomware attack. Strangely, while Cognizant is stating it was Maze, the ransomware operators are denying it. DoppelPaymer also started to leak data for the City of Torrance in California who was attacked on March 1st. Other than that, we have seen a few new variants released this week and the unfortunate continued targeting of hospitals by ransomware operators.

Phishing uses lay-off Zoom meeting alerts to steal credentials

www.bleepingcomputer.com/news/security/phishing-uses-lay-off-zoom-meeting-alerts-to-steal-credentials/ Zoom users are targeted by a new phishing campaign that uses fake Zoom meeting notifications to threaten those who work in corporate environments that their contracts will either be suspended or terminated.

Phishing attacks target US Payroll Protection Program Loans

www.bleepingcomputer.com/news/security/phishing-attacks-target-us-payroll-protection-program-loans/ With hundreds of thousands of small businesses in the USA anxiously awaiting news about their submitted Payroll Protection Program SBA loans, threat actors are sending phishing emails that prey on their anxiety to steal email accounts.

400.000 US, South Korean card records put up for sale online

www.bleepingcomputer.com/news/security/400000-us-south-korean-card-records-put-up-for-sale-online/ Details on roughly 400, 000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker’s Stash, the largest carding shop on the Internet.

It’s a great time to tackle core IT upgrades

www.zdnet.com/article/its-a-great-time-to-tackle-core-it-upgrades/ And to catch up with all those security patches, too. During normal times, the enterprise IT department treads cautiously in making any changes to their main production environments. There are serious risks of upsetting core IT business processes by making a change that sets off unexpected problems. There’s always a big backlog of IT tasks that need to be done. However, it looks like there’s a way to get that list done a lot more quickly during the COVID-19 lockdown of 2020.

Symlink race bugs discovered in 28 antivirus products

www.zdnet.com/article/symlink-race-bugs-discovered-in-28-antivirus-products/ Most products have patched, researchers said, without naming the ones who skipped.

Health Prognosis on the Security of IoMT Devices? Not Good

www.darkreading.com/endpoint/health-prognosis-on-the-security-of-iomt-devices-not-good/d/d-id/1337649 Keywords: ics As more so-called Internet of Medical Things devices go online, hospitals and medical facilities face significant challenges in securing them from attacks that could endanger patients’ lives. As COVID-19 continues to turn the world upside down, hospitals are facing unprecedented challenges: Do we have enough staff to treat the influx of patients? Are there enough beds and equipment for those patients? Will patients’ lives be threatened by hackers holding the medical devices keeping them alive for ransom?

Researchers: 30, 000% increase in pandemic-related threats

www.bleepingcomputer.com/news/security/researchers-30-000-percent-increase-in-pandemic-related-threats/ An increase of 30, 000% in pandemic-related malicious attacks and malware was seen in March by security researchers at cloud security firm Zscaler when compared to the beginning of 2020 when the first threats started using COVID-19-related lures and themes. Read also:

www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks

WHO Confirms Email Credentials Leak

www.darkreading.com/attacks-breaches/who-confirms-email-credentials-leak/d/d-id/1337650 Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused. Read also:

www.washingtonpost.com/technology/2020/04/21/nearly-25000-email-addresses-passwords-allegedly-nih-who-gates-foundation-are-dumped-online/

Telia: Kiinteän verkon laajakaistapalvelut ovat palautumassa vian aiheutti laiterikko

yle.fi/uutiset/3-11323265 Yhteysongelmat vaikuttivat myös Postin pakettiautomaatteihin ja maksamiseen. Valtakunnallinen häiriö Telian verkossa alkoi keskipäivällä. Vikoja esiintyi koko Suomen laajuudella. Datayhteydet eivät toimineet tuntien ajan kiinteässä eivätkä mobiiliverkossa. Lue myös:

www.telia.fi/asiakastuki/hairiotiedote?id=sabre_187244176,

www.is.fi/digitoday/art-2000006486860.html

Phishing spoofs US Federal Reserve to steal online bank accounts

www.bleepingcomputer.com/news/security/phishing-spoofs-us-federal-reserve-to-steal-online-bank-accounts/ Keywords: finanssi Scammers have been sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.