Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied to the Chinese government however, little is known about its tactics and techniques.. Huntley pointed to APT 35 (also known as Charming Kitten) as the group targeting Trumps campaign staff. The Iran-linked hacking group has been known to use phishing as an attack vector, and in February was discovered targeting public figures in phishing attacks that stole victims email-account information.

China, Iran, and Russia worked together to call out US hypocrisy on BLM protests

www.zdnet.com/article/china-iran-and-russia-worked-together-to-call-out-us-hypocrisy-on-blm-protests/ Report from social media research group shows foreign diplomats and state-controlled media pounced on the US’ abysmal handling of the BLM protests to attack the US as a beacon of freedom and further their own political goals.

Cycldek: Bridging the (air) gap

securelist.com/cycldek-bridging-the-air-gap/97157/ While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into its latest activities and modus operandi.

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/ During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized to deliver such kind of malicious tool, uncovering a hidden malicious campaign designed to target Italian speaking victims.. The particular chain of attack we discovered showed interesting technical patterns resembling other previous activities targeting the Italian manufacturing landscape, for this reason we decided to dig deeper.

Mozilla fixes five highrisk Firefox flaws, bug in DoH feature

www.welivesecurity.com/2020/06/04/mozilla-fixes-five-high-risk-firefox-flaws-dns-over-https/ The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers


citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ How a single simple form submission can be manipulated to gain control of any Virtual Machine (VM) within VMware Cloud Director. The story of a critical vulnerability that enables a full infrastructure takeover.

CPA Canada discloses data breach affecting 329,000 individuals

www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/ Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/ After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

Tycoon Ransomware Banks on Unusual Image File Tactic

threatpost.com/tycoon-ransomware-unusual-image-file-tactic/156326/ To fly under the radar, the newly discovered ransomware is compiled into a Java image file format thats rarely used by developers.

Kupidon is the latest ransomware targeting your data

www.bleepingcomputer.com/news/security/kupidon-is-the-latest-ransomware-targeting-your-data/ The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks, but also home user’s personal data.

Älä avaa sitä ansioluetteloa! Saattaa sisältää pankkitietoja varastavan haittaohjelman

www.tivi.fi/uutiset/tv/49fce975-e43e-408f-8f07-45b8c3330b78 Check Point Software Technologies varoittaa erikoisesta haittaohjelmasta, joka saalistaa varomattomien työnantajien pankkitietoja. Julkaisemassaan tiedotteessa Check Point kertoo, että haittaohjelma on naamioitunut työnhakuun liittyvän ansioluettelon liitetiedostoksi.

WhatsApp Phone Numbers Pop Up in Google Search Results But is it a Bug?

threatpost.com/whatsapp-phone-numbers-google-search-results/156141/ A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a privacy issue for users.

Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/ We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones

Not so FastCGI!

isc.sans.edu/forums/diary/Not+so+FastCGI/26208/ This past month, we’ve seen some new and different scans targeting tcp ports between 8000 and 10,000.

You might be interested in …

Daily NCSC-FI news followup 2020-02-26

Iranian APT Targets Govs With New Malware threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/ A new campaign is targeting governments with the ForeLord malware, which steals credentials.. A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat (APT) group. Internal Docs Show Why […]

Read More

Daily NCSC-FI news followup 2020-12-12

Adobe releases final Flash Player update, warns of 2021 kill switch www.bleepingcomputer.com/news/software/adobe-releases-final-flash-player-update-warns-of-2021-kill-switch/ After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. Starting in January 2021, all browser developers will remove Adobe […]

Read More

Daily NCSC-FI news followup 2020-08-11

Viittä nuorta miestä epäillään tietomurroista yritysten verkkopalveluihin poliisin mukaan yksittäisiä tietomurtoja paljastui useita miljoonia yle.fi/uutiset/3-11487798 Poliisin esitutkinta kesti lähes kolme vuotta. Tutkinnassa oli jopa 10 miljoonaa yksittäistä tekoa. Lue myös: www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/esitutkinta_tietomurtojen_tehtailusta_valmistui_epaillyt_nuoret_miehet_tekoaikaan_alaikaisia_92557. Sekä: www.is.fi/digitoday/tietoturva/art-2000006598167.html NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.