Daily NCSC-FI news followup 2020-09-11

New cyberattacks targeting U.S. elections

blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below.. Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants. Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community. Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

STRONTIUM: Detecting new patterns in credential harvesting

www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/ Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.. STRONTIUM launched credential harvesting attacks against tens of thousands of accounts at more than 200 organizations.

Development Bank of Seychelles hit by ransomware attack

www.bleepingcomputer.com/news/security/development-bank-of-seychelles-hit-by-ransomware-attack/ The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS).

WordPress Plugin Flaw Allows Attackers to Forge Emails

threatpost.com/wordpress-plugin-flaw/159172/ The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.

New Linux Malware Steals Call Details from VoIP Softswitch Systems

thehackernews.com/2020/09/linux-voip-softswitch-malware.html Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.

Razer Gaming Fans Caught Up in Data Leak

threatpost.com/razer-gaming-fans-data-leak/159147/ A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.

An overview of targeted attacks and APTs on Linux

securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/ In this report, we focus on the targeting of Linux resources by APT threat actors.

IPhone-käyttäjä, asensitko uuden iOS:n? Tiedä tämä Koronavilkusta

www.is.fi/digitoday/mobiili/art-2000006632046.html Ihmisiä hämmentäneet viikkoraportit katoavat iPhoneista käyttöjärjestelmän päivityksen myötä.

Serious Security: Hacking Windows passwords via your wallpaper

nakedsecurity.sophos.com/2020/09/11/serious-security-hacking-windows-passwords-via-your-wallpaper/

Porn site users targeted with malicious ads redirecting to exploit kits, malware

www.zdnet.com/article/porn-site-users-targeted-with-malicious-ads-redirecting-to-exploit-kits-malware/ Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.

Three middle-aged Dutch hackers slipped into Donald Trump’s Twitter account days before 2016 US election

www.theregister.com/2020/09/11/trump_twitter_account_recycled_password/ Three grumpy old hackers in the Netherlands managed to access Donald Trumps Twitter account in 2016 by extracting his password from the 2012 Linkedin hack.

Zoom adds two-factor authentication (2FA) support to all accounts

www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authentication-2fa-support-to-all-accounts/ Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

Office 365 will let users view their quarantined phishing messages

www.bleepingcomputer.com/news/microsoft/office-365-will-let-users-view-their-quarantined-phishing-messages/ Microsoft is planning to allow Office 365 users to view and request the release of phishing messages automatically quarantined by the Exchange Online Protection (EOP) filtering stack.

Report: Pandemic caused significant shift in buyer appetite in the dark web

blog.malwarebytes.com/cybercrime/2020/09/report-pandemic-caused-significant-shift-in-buyer-appetite-in-the-dark-web/ Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internets underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a full 180-degree turnincluding the criminal world.

Malware & ransomware guidance: the reboot!

www.ncsc.gov.uk/blog-post/rebooting-malware-and-ransomware-guidance Using knowledge from the ‘cyber frontline’ to improve our ‘Mitigating malware and ransomware’ guidance.. see also

www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

You might be interested in …

Daily NCSC-FI news followup 2019-10-15

Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/ A vulnerability in the Linux sudo command has been discovered that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. Building China’s Comac C919 airplane involved a lot […]

Read More

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Daily NCSC-FI news followup 2019-07-28

Who’s Behind the Syrian Electronic Army? – An OSINT Analysis ddanchev.blogspot.com/2019/07/whos-behind-syrian-electronic-army.html Continuing the “FBI Most Wanted Cybercriminals” series I’ve decided to continue providing actionable threat intelligence on some of the most prolific and wanted cybercriminals in the World through the distribution and dissemination of actionable intelligence regarding some of the most prolific and wanted cybercriminals.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.