Daily NCSC-FI news followup 2020-09-11

New cyberattacks targeting U.S. elections

blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below.. Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants. Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community. Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

STRONTIUM: Detecting new patterns in credential harvesting

www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/ Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.. STRONTIUM launched credential harvesting attacks against tens of thousands of accounts at more than 200 organizations.

Development Bank of Seychelles hit by ransomware attack

www.bleepingcomputer.com/news/security/development-bank-of-seychelles-hit-by-ransomware-attack/ The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS).

WordPress Plugin Flaw Allows Attackers to Forge Emails

threatpost.com/wordpress-plugin-flaw/159172/ The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.

New Linux Malware Steals Call Details from VoIP Softswitch Systems

thehackernews.com/2020/09/linux-voip-softswitch-malware.html Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Razer Gaming Fans Caught Up in Data Leak

threatpost.com/razer-gaming-fans-data-leak/159147/ A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.

An overview of targeted attacks and APTs on Linux

securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/ In this report, we focus on the targeting of Linux resources by APT threat actors.

IPhone-käyttäjä, asensitko uuden iOS:n? Tiedä tämä Koronavilkusta

www.is.fi/digitoday/mobiili/art-2000006632046.html Ihmisiä hämmentäneet viikkoraportit katoavat iPhoneista käyttöjärjestelmän päivityksen myötä.

Serious Security: Hacking Windows passwords via your wallpaper

nakedsecurity.sophos.com/2020/09/11/serious-security-hacking-windows-passwords-via-your-wallpaper/

Porn site users targeted with malicious ads redirecting to exploit kits, malware

www.zdnet.com/article/porn-site-users-targeted-with-malicious-ads-redirecting-to-exploit-kits-malware/ Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.

Three middle-aged Dutch hackers slipped into Donald Trump’s Twitter account days before 2016 US election

www.theregister.com/2020/09/11/trump_twitter_account_recycled_password/ Three grumpy old hackers in the Netherlands managed to access Donald Trumps Twitter account in 2016 by extracting his password from the 2012 Linkedin hack.

Zoom adds two-factor authentication (2FA) support to all accounts

www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authentication-2fa-support-to-all-accounts/ Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

Office 365 will let users view their quarantined phishing messages

www.bleepingcomputer.com/news/microsoft/office-365-will-let-users-view-their-quarantined-phishing-messages/ Microsoft is planning to allow Office 365 users to view and request the release of phishing messages automatically quarantined by the Exchange Online Protection (EOP) filtering stack.

Report: Pandemic caused significant shift in buyer appetite in the dark web

blog.malwarebytes.com/cybercrime/2020/09/report-pandemic-caused-significant-shift-in-buyer-appetite-in-the-dark-web/ Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internets underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a full 180-degree turnincluding the criminal world.

Malware & ransomware guidance: the reboot!

www.ncsc.gov.uk/blog-post/rebooting-malware-and-ransomware-guidance Using knowledge from the ‘cyber frontline’ to improve our ‘Mitigating malware and ransomware’ guidance.. see also

www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

You might be interested in …

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police […]

Read More

Daily NCSC-FI news followup 2020-09-24

#InstaHack: how researchers were able to take over the Instagram App using a malicious image blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/ Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.