Daily NCSC-FI news followup 2020-05-02

Scammers Using COVID-19/Coronavirus Lure to Target Medical Suppliers

www.fortinet.com/blog/threat-research/scammers-using-covid-19-coronavirus-lure-to-target-medical-suppliers.html FortiGuard Labs has discovered a new malicious spearphishing campaign, once again using the COVID-19/Coronavirus pandemic as a lure. This latest email campaign targets a medical device supplier, wherein the attacker is inquiring about various materials needed to address the COVID-19 pandemic due to high demand for supplies, and includes a compelling statement that they have already tried to reach the recipient via telephone in order to create a stronger sense of urgency. The attachment is a maliciously crafted Word document, utilizing the infamous CVE-2017-11882 (Office Equation Editor) vulnerability.

It’s no time to let your guard down as coronavirus fraud remains a threat

www.welivesecurity.com/2020/05/01/no-time-let-your-guard-down-coronavirus-fraud-rampant/ In part four of our series on COVID-19-related scams, we share a few examples of recent campaigns targeting your money and personal data.

Cybersecurity and the economy: when recession strikes

blog.malwarebytes.com/cybercrime/2020/04/cybersecurity-and-the-economy-when-recession-strikes/ Cybercrime and the economy have always been intertwined, but with COVID-19 on the road to causing a seemingly inevitable global recession, many are asking what, exactly, will the impact be on cybercrime. Will criminals step up and increase malware production, ramp up phishing attacks, do whatever it takes to pull in some cash? Or will it cause a little downturn in malware making and other dubious dealings?

Europol analyses on criminal operations in Europe during COVID-19 Crisis

securityaffairs.co/wordpress/102574/cyber-crime/europol-criminal-operations-covid-19.html Threat actors and criminal organizations continue to take advantage of the COVID-19 pandemic to make money, Europol warns. also:

www.europol.europa.eu/publications-documents/beyond-pandemic-how-covid-19-will-shape-serious-and-organised-crime-landscape-in-eu

Abnormal Attack Stories: Microsoft Teams Impersonation

abnormalsecurity.com/blog/abnormal-attack-stories-microsoft-teams-impersonation/ In this attack, attackers are impersonating a notification from Microsoft Teams in order to steal the credentials of employees. Microsoft Teams has seen one of the largest increase in users as a result of the shift to remote work in response to the current COVID-19 pandemic.

Trump bans acquisition of foreign power grid equipment, citing hacking threats

www.zdnet.com/article/trump-bans-acquisition-of-foreign-power-grid-equipment-citing-hacking-threats/#ftag=RSSbaffb68 President Donald Trump signed today an executive order barring US power grid entities from buying and installing electrical equipment that has been manufactured outside the US. Trump said that “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system.”

Upgraded Cerberus Spyware Spreads Rapidly via MDM

threatpost.com/cerberus-trojan-major-spyware-targeted-attack/155415/ No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers. also:

research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/

Advanced Persistent Threat Golden_hands – Digital Bank Robbery of the Year 2020

www.vulnerability-db.com/?q=articles%2F2020%2F04%2F30%2Fadvanced-persistent-threat-goldenhands-digital-bank-robbery-year-2020 This is a story about advanced persistent threats in Germany and the European Union during the crisis affecting the finance system and economy sector.

Zero Trust Deployment Guide for Microsoft Azure Active Directory

www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/ Microsoft is providing a series of deployment guides for customers who have engaged in a Zero Trust security strategy. In this guide, we cover how to deploy and configure Azure Active Directory (Azure AD) capabilities to support your Zero Trust security strategy.

Threat Spotlight: Malicious use of reCaptcha

blog.barracuda.com/2020/04/30/threat-spotlight-malicious-recaptcha/ In the never-ending battle between cybersecurity and cybercrime, cybercriminals continue to find new techniques to evade detection. One such trick Barracuda researchers have started seeing more often in phishing campaigns uses reCaptcha walls to block URL scanning services from accessing the content of phishing pages.

North Dakota government fiber provider hit by ransomware

statescoop.com/north-dakota-government-fiber-provider-hit-maze-ransomware/ The company that operates a fiber optic network that supports statewide and local government entities across North Dakota was a victim of a recent ransomware attack that included some of the firm’s files being published on a website that attempts to shame victims into paying.

The Russian Doll of Putin’s Internet Clampdown

www.wired.com/story/opinion-the-russian-doll-of-putins-internet-clampdown/ The Kremlin’s path toward censorship, surveillance, and repression has many more layers than meets the eye.

Hacker leaks 15 million records from Tokopedia, Indonesia’s largest online store

www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/#ftag=RSSbaffb68 The Tokopedia data has been published on a well-known hacking forum.

Näin sinua yritetään huijata koronan nimissä Tietoturva-asiantuntija kertoo, miten nettihuijarit hyödyntävät nyt koronaepidemiaa

www.hs.fi/teknologia/art-2000006493173.html “Korona vaikuttaa siihen, kenen nimissä verkkorikolliset yrittävät nyt tehdä huijauksia”, sanoo tietoturva-asiantuntija Ville Kontinen.

You might be interested in …

Daily NCSC-FI news followup 2020-08-16

Elisalla poikkeuksellinen häiriötilanne: Viihde-palvelun ongelmat kestäneet jo päiviä www.is.fi/digitoday/art-2000006603504.html Elisan Viihde-palvelun häiriöt alkoivat torstaina. Vielä lauantai-iltana vian korjaustoimenpiteet olivat kesken. TikTok ei riitä Trumpille Onko tässä kieltolistan seuraava kohde? www.tivi.fi/uutiset/tv/cda7545a-24e5-4504-85c8-3d39b00977b5 Trumpin kieltoaikeet eivät tökänneet TikTokiin. Harkinnassa on useita kieltoja, joiden joukossa on myös Alibaba. Use A Smart Lock? Get In The Sea, 73% Of Security […]

Read More

Daily NCSC-FI news followup 2019-10-22

Googlen ja Amazonin älykaiuttimia voi käyttää vakoiluun ja tietojen urkintaan haittasovelluksien kautta. www.is.fi/digitoday/art-2000006281649.html Tutkijat esittelevät julkaisemallaan videolla yhtä mahdollista urkintakeinoa. Horoskooppisovellukseksi naamioitu haittasovellus ilmoittaa ensin, ettei horoskoopin luku onnistu ja hiljenee. Sammumisen sijaan sovellus pysyy kuitenkin käynnissä. 3 Key Questions to Help Address Enterprise IoT Security Risks securityintelligence.com/posts/3-key-questions-to-help-address-enterprise-iot-security-risks/ Armis estimated that by 2021, up to […]

Read More

Daily NCSC-FI news followup 2020-07-29

www.zdnet.com/article/hacker-gang-behind-garmin-attack-doesnt-have-a-history-of-stealing-user-data ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot The vulnerability, codenamed BootHole, allows attackers to tamper with the boot-loading process that precedes starting up the actual operating system (OS). Lisäksi: kb.cert.org/vuls/id/174059 ja www.openwall.com/lists/oss-security/2020/07/29/3. Lisäksi: www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/ ja www.theregister.com/2020/07/29/grub2_code_exec_flaw/ ja eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ APT reports – APT trends report Q2 2020 securelist.com/apt-trends-report-q2-2020/97937/ For […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.