NCSC-FI News followup

Daily NCSC-FI news followup 2020-08-21

Outlook mail issues phishing dont fall for this scam! Heres a phish that our own security team received themselves. Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought it was surprisingly believable and worth writing up on that account, to remind you how modern phishers are presenting themselves.

Hackers Target Defense Contractors’ Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed ‘BLINDINGCAN,’ the advanced remote access trojan acts as a backdoor when installed on compromised computers.

University of Utah Pays $457K After Ransomware Attack The University of Utah coughed up a $457,000 ransom payment after a ransomware attack hit the universitys servers, impacting undisclosed student and faculty related data. The Salt Lake City school, which has 24,485 undergraduate students and 8,333 graduate students enrolled, as well as 1,592 faculty members, was hit by the cyberattack on July 19. The universitys computing servers for its College of Social and Behavioral Science Unit were targeted and rendered temporarily inaccessible.. Also: Two of today’s biggest ATM manufacturers, Diebold Nixdorf and NCR, have released software updates to address bugs that could have been exploited for “deposit forgery” attacks. Deposit forgery attacks happen when fraudsters can tamper with an ATM’s software to modify the amount and value of currency being deposited on a payment card.

Varusteleka varoittaa huijauksesta Linkki todennäköisesti johtaa kääpiöerotiikkaan Armeijatavaran erikoisliike Varusteleka varoittaa yrityksen nimissä lähetettävistä huijaussähköposteista. Suomenkielisessä sähköpostiviestissä väitetään vastaanottajan paketin pysähtyneen varastolle, ja sen toimittamiseksi edellytetään viestissä olevan linkin klikkaamista. Viestin uskottavuutta lisätään sillä, että sähköpostiosoitteeksi on väärennetty Varustelekan asiakaspalvelu. Varustelekan mukaan Gmail tuntuu tunnistavan väärennöksen, mutta Outlook mitä ilmeisimmin ei.

CREST exam cheat-sheet scandal: New temp chairman at UK infosec body as lawyers and ex-copper get involved British infosec accreditation body CREST has appointed an ex-police officer to investigate the NCC Group exam cheat-sheet scandal as its chairman temporarily steps aside. The accreditation body has been rocked by revelations from The Register that major industry player NCC Group’s training material was leaked in a Github repo alongside cheat sheets to help candidates pass accreditation exams first time.

Cryptominer Found Embedded in AWS Community AMI Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code. Security researchers urge AWS customers running Elastic Cloud Compute (EC2) instances based on community Amazon Machine Images (AMIs) to check for potentially malicious embedded code, following their discovery of a cryptominer lurking inside a Community AMI. An AMI is a template with a software configuration an operating system, application server, and applications needed to launch a virtual machine. Also:

Kuuntele, kuinka Microsoft-huijari turhautuu it-ammattilaisen käsittelyssä huijauspuheluita tulee Suomeen jopa satatuhatta viikossa Kyberturvallisuuskeskus: “Kun volyymi on näin älytön, löytyy myös tapauksia, joissa menetykset ovat isoja”. Ohjelmistojätti Microsoftin työntekijöiksi esittäytyvät huijarit piinaavat puhelinsoitoillaan suomalaisia nyt toden teolla. Poliisin mukaan niin sanotut Microsoft-huijaukset työllistävät pelkästään Helsingin poliisilaitosta lähes päivittäin.. Torstaina poliisi tiedotti helsinkiläismiehestä, jolta oli nettipankkitunnuksia pyytämällä ja tietokoneen etäyhteyden avulla viety 100 000 euroa.

FBI and CISA warn of major wave of vishing attacks targeting teleworkers The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as other persons.

Physical locks are less hackable than digital locks, right? Maybe not: Boffins break in with a microphone A computer scientist at the National University of Singapore claims to have demonstrated how recording the sound of a lock turning can be sufficient to make working replica keys. In March 2020, Soundarya Ramesh, a third-year PhD candidate at the National University of Singapore, published a paper [PDF] co-authored by security researcher Harini Ramprasad and Professor Jun Han on the topic of “acoustics-based physical key inference”.

‘Next-Gen’ Supply Chain Attacks Surge 430% As commercial and enterprise software developers become more disciplined about keeping their open source software components updated to reduce the risk of software supply chain attacks, the bad guys are getting craftier: Researchers warn that they’re over-running open source projects to turn them into malware distribution channels.

Postin nimissä liikkunut tänä kesänä uskottavia huijausviestejä poliisi on jäljittänyt osan Viroon, osaa ei lähdetä tutkimaan Kesällä on liikkunut Postin nimissä tehtyjä huijauksia. Monesti kyseessä on tekstiviesti, jolla huijarit kalastelevat luottokortti- tai pankkitietoja. Tänä kesänä huijausviestit ovat näyttäneet poikkeuksellisen uskottavilta. Viesteissä on saatettu käytettää Postin tunnuksia ja viestissä oleva linkki on vienyt sivuille, jonka osoite muistuttaa Postin palveluita.

DarkSide: New targeted ransomware demands million dollar ransoms A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.