Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards

threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.

Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world.

New Charges, Sentencing in Satori IoT Botnet Conspiracy

krebsonsecurity.com/2020/06/new-charges-sentencing-in-satori-iot-botnet-conspiracy/ The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks.

Hackers hide credit card stealing script in favicon metadata

www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/ Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection.

New Ransom X Ransomware used in Texas TxDOT cyberattack

www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/ A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises.

Evil Corp blocked from deploying ransomware on 30 major US firms

www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/ The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies.

Chinese bank requires foreign firm to install app with covert backdoor

arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/ A multinational tech company gets schooled in the risks of doing business in China.

Hämärä singaporelaisfirma kerää suomalaisten yhteystietoja harhauttamalla listaa kumppaneikseen nimekkäitä suomalaisyrityksiä

www.is.fi/digitoday/art-2000006553111.html Ihmisille näytetään tällä hetkellä McDonald’sin nimissä mainoksia, joissa heidät houkutellaan kyselysivulle. Tämän jälkeen aukeaa sivu, jossa kysytään vastaajan yhteystietoja “lahjakorttiarvontaan osallistumiseksi”.

Näin Suomen koronasovellus toimii tartuntatautilain väliaikainen muutos hyväksyttiin tänään

yle.fi/uutiset/3-11420551

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

threatpost.com/tiktok-to-stop-clipboard-snooping-after-apple-privacy-feature-exposes-behavior/156945/ App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.

More than 75% of all vulnerabilities reside in indirect dependencies

www.zdnet.com/article/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies/ JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.

Best Practices for IoT Security: What Does That Even Mean?

arxiv.org/abs/2004.12179 We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what (generically) “best practice” means, independent of meaningfully identifying specific individual practices. We also find that an overwhelming majority of recommendations (91%) are not actual practices but rather desired outcomes.

Nvidia squashes display driver code execution, information leak bugs

www.zdnet.com/article/nvidia-squashes-display-driver-code-execution-information-leak-bugs/ The vulnerabilities impact both Windows and Linux machines.

You might be interested in …

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More

Daily NCSC-FI news followup 2019-11-02

Yhdysvallat tutkii TikTok-videosovellusta “Se on vastavakoilu-uhka” yle.fi/uutiset/3-11048631 Yhdysvaltalaissenaattorien mukaan yrityst voitaisiin pakottaa jakamaan tietoja kiinalaisten tiedusteluelinten kanssa. Yhdysvaltain hallinto on alkanut tutkia kiinalaisomisteista TikTok-videosovellusta, kertoi New York Times (siirryt toiseen palveluun)perjantaina. Tutkinnan on mr selvitt, onko sovellus lhettnyt tietoja Kiinaan, kertoo lehti nimettmiin lhteisiin viitaten. Yhdysvaltalaissenaattorit ovat vaatineet selvityst sovelluksesta jo viime kuussa. TikTok on […]

Read More

Daily NCSC-FI news followup 2020-06-02

Varo tätä ilmiötä: huijarit tehtailevat oikeista konserttistriimeistä valetapahtumia, joiden avulla yritetään kalastaa luottokorttitietoja yle.fi/uutiset/3-11380829 Idea on yksinkertainen. Huijari luo aidon näköisen Facebook-eventin ja tarjoaa klikattavaksi linkkiä, jossa muka voisi ostaa lipun konserttistriimiin. Entä jos huomaa tulleensa huijatuksi? Miten toimia?. – Ihan ensimmäisenä ja aika nopeasti pitäisi ottaa yhteyttä pankkiin. Parhaassa tapauksessa sieltä pystytään vielä estämään […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.