Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency

www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as the Agencia Tributaria the official tax agency of Spain. Here, we take a look at how the operators of Grandoreiro, an infamous Latin American banking trojan, have been using emails posing as the Agencia Tributaria in order to ensnare new victims.

A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware

thehackernews.com/2020/08/google-drive-file-versions.html An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issueof which Google is aware but, unfortunately, left unpatchedresides in the “manage versions” functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users.

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/ Freepik, a website dedicated to providing access to high-quality free photos and design graphics, has disclosed today a major security breach. The company made it official after users started grumbling on social media this week about receiving shady-looking breach notification emails in their inboxes.. Also:


The Week in Ransomware – August 21st 2020 – Ransomware Ahoy!

www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-21st-2020-ransomware-ahoy/ While it wasn’t a big week for new ransomware variants, we did learn about some ransomware attacks against very large organizations. This week BleepingComputer broke the story that Konica Minolta was hit with ransomware at the end of July that impacted some of their USA services. This was followed by Carnival Corporation, who disclosed in a 6-K SEC filing that one of their cruise brands got hit with ransomware.. We ended with the University of Utah disclosing that they decided to pay a $450,000 ransom to prevent stolen data from being leaked by the ransomware operators.

74 Days From the Presidential Election, Security Worries Mount

www.darkreading.com/risk/74-days-from-the-presidential-election-security-worries-mount/d/d-id/1338728 With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election. Spamming post offices with letters that feature a specific bar code to reset sorting machines. Creating fake reports that immigration and enforcement officers would hit certain polling places. Hacking into a COVID-19 test database and increasing the number of positive cases.

How 25 Dice In A Box Solve The Secure Password ConundrumIntroducing DiceKeys

www.forbes.com/sites/daveywinder/2020/08/22/how-25-dice-in-a-box-solve-the-secure-password-conundrum-introducing-dicekeys/ Want to create a master password that’s not only almost impossible to crack but easy to recall? Just roll the dice… There are a confusingly large number of problems with passwords, of that there can be little doubt. Password reuse across services that shoots holes in your security posture when, almost inevitably, just one of those services gets breached being among them. Recent research revealed there are more than 15 billion stolen logins available on the Dark Web, from 100,000 such breaches, which is why I, and many other security-oriented folks, recommend the use of a password manager.

Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms

www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. After leaking some of the documents, the group was banned by Twitter under its hacked files policy, however, Motherboard has been unable to confirm the authenticity of the documents.

– From SSRF to Compromise: Case Study

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/ I think every penetration tester has a story about the one that got away. The bug that LOOKED exploitable, but wasnt. The ones where youre eating into reporting time, madly trying put something together, and got absolutely nothing for your efforts. SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment youre making that internal request in.

You might be interested in …

Daily NCSC-FI news followup 2020-07-22

Verkkohyökkäys lukitsi autotarvikeliikkeen kassat, salasi tiedot ja sulki ovet Tiedätkö miten varautua, sillä voit olla rikollisen seuraava kohde? yle.fi/uutiset/3-11456333 Kyberturvallisuuskeskus kehottaa varautumaan verkkoiskuun, jotta toimintaa pystyisi jatkamaan mahdollisimman pian. Yrittäjä Raimo Tunkkaria odotti heinäkuisena aamuna ikävä yllätys. Keminmaassa toimivan autotarvike- ja korjaamoyrityksen tietokoneruudulla oli viesti, jossa hakkerit kertoivat lukinneensa yrityksen tiedot. Varaosa Paakkarin asiakas- ja […]

Read More

Daily NCSC-FI news followup 2020-07-21

Demokraatit pyysivät FBI:ltä apua: Yhdysvaltain kongressi on informaatiovaikuttamisen ja vaalihäirinnän kohteena yle.fi/uutiset/3-11457623 Demokraattien mukaan häirinnällä vaikutetaan lainsäätäjien toimiin ja Yhdysvaltojen syksyn presidentinvaaleihin. Yhdysvaltain kongressi on ulkomailta suuntautuvan informaatiovaikuttamisen kohteena, demokraattisen puolueen johto kertoi maanantaina julkaisemassaan kirjeessä. Raportti: Venäjä sekaantui Skotlannin itsenäisyysäänestykseen, Britannian hallitus ei selvittänyt kunnolla mahdollista brexit-häirintää yle.fi/uutiset/3-11458323 Raportin mukaan brexit-äänestyksen häirinnästä löytyi viitteitä […]

Read More

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.