Daily NCSC-FI news followup 2020-08-17

Hackers Stole 1 Terabyte Of Data From Billion-Dollar U.S. Liquor Maker

www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/ The REvil ransomware gang has struck again. This time the victim is Brown-Forman, the 150-year-old Kentucky-based company behind such brands as Jack Daniels, Finlandia vodka and Korbel champagne.. see also

www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/

Tea at the Ritz soured by credit card scammers

www.bbc.co.uk/news/technology-53793922 Diners at the luxury Ritz hotel in London have been targeted by “extremely convincing” scammers who posed as hotel staff to steal payment card details.

Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts

threatpost.com/cyberattacks-canadian-tax-benefit-accounts/158400/ The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend giving bad actors access to various government services.

Feds seize ‘largest ever’ haul of crypto-dosh from terrorists including coins from ‘fake’ pandemic mask web store

www.theregister.com/2020/08/17/in_brief_security/ In brief The US Department of Justice said a combined operation has led to its largest seizure of terrorist-owned cryptocurrency, taking around $2m (£1.5m) from Hamass military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS).

THL varoittaa huijaussoitoista: Varoitetaan koronasta, pyydetään maksukortin tietoja

www.is.fi/digitoday/tietoturva/art-2000006604333.html Koronahuijarit soittavat ja utelevat maksukortin tietoja, THL hälyttää.

Operation Dream Job Widespread North Korean Espionage Campaign

www.clearskysec.com/operation-dream-job/ During June-August of 2020, ClearSkys analysis team had investigated an offensive campaign attributed with high probability to North Korea, which we call Dream Job. This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. full report

www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

blog.trendmicro.com/trendlabs-security-intelligence/xcsset-mac-malware-infects-xcode-projects-performs-uxss-attack-on-safari-other-browsers-leverages-zero-day-exploits/ We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developers Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads.

Huawei ban expanded to include foreign-made chips using US tech

www.zdnet.com/article/huawei-ban-expanded-to-include-foreign-made-chips-using-us-tech/ US government says its move to restrict the Chinese tech giant from accessing chips made by foreign manufacturers using US technology aims to “impede” Huawei’s attempts to circumvent earlier controls by going through third parties.

This surprise Linux malware warning shows that hackers are changing their targets

www.zdnet.com/article/this-surprise-linux-malware-warning-shows-that-hackers-are-changing-their-targets/ The revelation from the FBI and National Security Agency that Russian military intelligence has built malware to target Linux systems is the latest dramatic twist in the unrelenting cybersecurity battle.

Microsoft Put Off Fixing Zero Day for 2 Years

krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/ A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem.

Crypto-mining worm steal AWS credentials

www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/ TeamTNT has become the first crypto-minining botnet to include a feature that scans and steal AWS credentials.

Robocall Results from a Telephony Honeypot

www.schneier.com/blog/archives/2020/08/robocall_result.html

Milloin kvanttitietokone pystyy murtamaan nykysalaukset?

www.tivi.fi/uutiset/tv/9cca64ef-f419-4a18-8590-82480a165a66 Tulevaisuuden kvanttitietokoneet mullistavat suurteholaskennan, mutta murtavat samalla internetin tärkeimmät salausmenetelmät. Uhkaan varaudutaan myös Suomessa.

Cloud Threat Hunting: Attack & Investigation Series Privilege Escalation via EC2

blog.checkpoint.com/2020/08/17/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-ec2/

Ruotsin televisio ja radio kielsivät työntekijöiltään Tiktokin

www.is.fi/digitoday/tietoturva/art-2000006605128.html SVT:n mukaan Tiktok kerää enemmän tietoa kuin on tarpeellista kiinalaiselle omistajayhtiölleen Bytedancelle.

You might be interested in …

Daily NCSC-FI news followup 2020-09-21

JAMK kartoitti kyberharjoitusympäristöjä: Euroopassa tietoverkkohyökkäyksiä vastaan harjoitellaan aktiivisesti www.epressi.com/tiedotteet/tietoturva/jamk-kartoitti-kyberharjoitusymparistoja-euroopassa-tietoverkkohyokkayksia-vastaan-harjoitellaan-aktiivisesti.html Jyväskylän ammattikorkeakoulussa (JAMK) on selvitetty eurooppalaisia kyberturvallisuusympäristöjä ja niiden ominaisuuksia. Laaja selvitys on Euroopassa ensimmäinen laatuaan. Raportoituja eurooppalaisia kyberturvallisuusharjoitusympäristöjä (cyber range) löytyi selvityksessä kolmekymmentäyhdeksän. Suomalaisia harjoitusympäristöjä raportointiin maakohtaisesti eniten, yhteensä seitsemän. Slightly broken overlay phishing isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ At the Internet Storm Center, we often receive examples of […]

Read More

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Read More

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.