Connection discovered between Chinese hacker group APT15 and defense contractor
www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/ Lookout said it linked APT15 malware to Xi’an Tianhe Defense Technology, a Chinese defense contractor. In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense contractor from the city of Xi’an.
Hundreds arrested after encrypted messaging network takeover
www.bleepingcomputer.com/news/security/hundreds-arrested-after-encrypted-messaging-network-takeover/ European law enforcement agencies arrested hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. EncroChat phones used by international criminal networks around the world to exchange encrypted data and millions of messages came with dual operating systems (Android OS and the EncroChat OS).
Inside a ransomware attack: From the first breach to the ransom demand
www.zdnet.com/article/inside-a-ransomware-attack-from-the-first-breach-to-encrypting-a-network-in-just-two-weeks/ Security researchers map out how a ransomware attack plays out over a two week period.
Ransomware Gangs Don’t Need PR Help
krebsonsecurity.com/2020/07/ransomware-gangs-dont-need-pr-help/ We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
www.zdnet.com/article/hacker-ransoms-23k-mongodb-databases-and-threatens-to-contact-gdpr-authorities/ The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online.
This is how EKANS ransomware is targeting industrial control systems
www.zdnet.com/article/this-is-how-ekans-ransomware-is-targeting-industrial-control-systems/ New samples of the ransomware reveal the techniques used to attack critical ICS systems. report:
FakeSpy Android Malware Spread Via Postal-Service’ Apps
threatpost.com/fakespy-android-malware-spread-via-postal-service-apps/157102/ New smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
Sixteen Facebook apps caught secretly sharing data with third-parties
www.zdnet.com/article/sixteen-facebook-apps-caught-secretly-sharing-data-with-third-parties/ Academic study used unique “honeytoken” emails to install Facebook apps and see which inboxes received emails from unrecognized senders.
Alina Point Of Sale Malware Still Lurking In DNS
G DATA threat report: Number of cyber attacks increases significantly in the first quarter
www.gdatasoftware.com/blog/2020/07/36199-number-of-cyber-attacks-increases-significantly-in-the-first-quarter The current threat analysis by G DATA CyberDefense shows that the number of attacks prevented in March 2020 has increased significantly. The cyber defence company averted almost a third more attacks than in February. Especially active – GuLoader and Trickbot. Old tricks, new losses – tech supports scams
GoldenSpy backdoor installed by tax software gets remotely removed
www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed-by-tax-software-gets-remotely-removed/ As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. GoldenSpy stayed hidden in software called Intelligent Tax, from Aisino Corporation, that a Chinese bank required its company customers to install for paying local taxes.
Apache Guacamole Opens Door for Total Control of Remote Footprint
threatpost.com/apache-guacamole-control-remote-footprint/157124/ Several vulnerabilities can be chained together for a full exploit. Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol (RDP), researchers have warned. Admins should update their systems to avoid attacks bent on stealing information or remote code-execution. report:
MITEN VALITA TURVALLINEN ETÄTYÖVÄLINE? OHJEITA JA VINKKEJÄ AVUKSI
www.huoltovarmuuskeskus.fi/miten-valita-turvallinen-etatyovaline-ohjeita-ja-vinkkeja-avuksi/ Moni on tänä vuonna miettinyt, mikä etätyöhön käytettävä sovellus on turvallinen käyttää. Tästä syntyi ajatus oppaasta, joka auttaa organisaatioita, heidän työntekijöitään ja tietoturvasta vastaavia vertailemaan eri etätyövälineitä keskenään ja valitsemaan sopiva monista vaihtoehdoista. Oppaan on teettänyt Huoltovarmuusorganisaation Digipooli.
NSA releases guidance on securing IPsec Virtual Private Networks
www.bleepingcomputer.com/news/security/nsa-releases-guidance-on-securing-ipsec-virtual-private-networks/ The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
Windows 10 background image tool can be abused to download malware
www.bleepingcomputer.com/news/security/windows-10-background-image-tool-can-be-abused-to-download-malware/ A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system without raising the alarm. Researchers from SentinelOne discovered that “desktopimgdownldr.exe, ” located in Windows 10’s system32 folder, can also serve as a LoLBin.
ENISA Launches Public Consultation for First Candidate Cybersecurity Certification Scheme
www.enisa.europa.eu/news/enisa-news/enisa-launches-public-consultation-for-first-candidate-cybersecurity-certification-scheme The EUCC Candidate Scheme for ICT Products, set to replace the SOG-IS, is released today for public feedback.