Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled

blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and attribute all of them to the same attackers.. Full research:


Chinese Antivirus Firm Was Part of APT41 Supply Chain Attack

krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/ The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and supply chain attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Is domain name abuse something companies should worry about?

blog.malwarebytes.com/business-2/2020/09/is-domain-name-abuse-something-companies-should-worry-about/ Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, domain name abuse is something that can ruin your reputation.

A real-life Maze ransomware attack If at first you dont succeed

nakedsecurity.sophos.com/2020/09/18/a-real-life-maze-ransomware-attack-if-at-first-you-dont-succeed/ Youve probably heard terms like spray-and-pray and fire-and-forget applied to cybercriminality, especially if your involvement in cybersecurity goes back to the early days of spamming and scamming. Those phrases recognise that sending unsolicited email is annoyingly cheap and easy for cybercrooks, who generally dont bother running servers of their own they often just rent email bandwidth from other crooks.

Plugging in a strange USB drive What could possibly go wrong?

www.welivesecurity.com/2020/09/17/plugging-in-strange-usb-drive/ External data storage devices have been around almost as long as computers have existed. Magnetic tape and floppy disks, which were once the dominant media, are now mostly fond memories, while optical discs are mostly used in gaming consoles. For the past 20 years, the dominant player on the external storage scene has been the USB flash drive. No wonder: over the years, their storage capacity has increased, and their prices have dropped.

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

thehackernews.com/2020/09/iranian-hackers-sanctioned.html The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target Rana Intelligence Computing Company (or Rana), which the agencies said operated as a front for the threat group APT39 (aka Chafer or Remix Kitten).. Also:


A Mix of Python & VBA in a Malicious Word Document

isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/ A few days ago, Didier wrote an interesting diary about embedded objects into an Office document[1]. I had a discussion about an interesting OLE file that I found. Because it used the same technique, I let Didier publish his diary first. Now, let’s have a look at the document.

Apple Bug Allows Code Execution on iPhone, iPad, iPod

threatpost.com/apple-bug-code-execution-iphone/159332/ Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity. Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary code-execution.

US charges Iranian hackers for breaching US satellite companies

www.zdnet.com/article/us-charges-iranian-hackers-for-breaching-us-satellite-companies/ Three Iranian nationals have been indicted on charges of hacking US aerospace and satellite companies, the US Department of Justice announced today. Federal prosecutors accused Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati of orchestrating a years-long hacking campaign on behalf of the Iranian government.. The hacking spree started in July 2015 and targeted a broad spectrum of victim organizations from both the US and abroad, from where they stole commercial information and intellectual property, officials said today.

Opiskelijat huijaripuheluiden kohteena Helsingin yliopisto varoittaa teknisestä tuesta

www.tivi.fi/uutiset/tv/fc16002d-c675-412b-bd90-9c03950a3152 Helsingin yliopisto varoittaa sen nimissä liikkuvista huijaussoitoista. Yliopisto kirjoittaa Twitterissä, että huijarit esiintyvät teknisenä tukena. Puhelut voivat tulla aidolta vaikuttavasta numerosta, sillä rikolliset käyttävät väärennettyjä numeroita. Huijaussoittoja tehtailevat rikolliset yrittävät saada asennettua käyttäjän koneelle etähallintaohjelman. Tämän ohjelman avulla huijarit voivat ottaa koneen haltuunsa.

Leading U.S. laser developer IPG Photonics hit with ransomware

www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/ IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations. Based out of Oxford, Massachusets, IPG Photonics has locations worldwide where they employ over 4,000 people and have a $1.3 billion revenue in 2019. The company’s lasers were used as part of the U.S. Navy’s Laser Weapon System (LaWS) that was installed on the USS Ponce. This system is an experimental defensive weapon against small threats and vehicles.

Indictments Unlikely to Deter China’s APT41 Activity

www.darkreading.com/threat-intelligence/indictments-unlikely-to-deter-chinas-apt41-activity-/d/d-id/1338952 So far, at least, the threat group has not let public scrutiny slow it down, security researchers say. Security researchers hold little hope that indictments unsealed this week against five members of the China-based APT41 threat group will deter it from acting with the same impunity it has for the past several years. The US Department of Justice on Wednesday unsealed two indictments one from August 2019 and the other from August 2020 charging five members of APT41 with computer intrusions, including ransomware attacks and cryptojacking schemes at over 100 companies in the US and abroad.

Spammers use hexadecimal IP addresses to evade detection

www.zdnet.com/article/spammers-use-hexadecimal-ip-addresses-to-evade-detection/ A spam group has picked up a pretty clever trick that has allowed it to bypass email filters and security systems and land in more inboxes than usual. The trick relies on a quirk in RFC791 a standard that describes the Internet Protocol (IP).

Testaa verkkopalvelusi tietoturva vertailussa 6 avoimen koodin tietoturvaskanneria

www.tivi.fi/uutiset/testaa-verkkopalvelusi-tietoturva-vertailussa-6-avoimen-koodin-tietoturvaskanneria/55533dd6-bfff-40c8-b993-8d1ba275e47f Krakkereiden käyttämät avoimen lähdekoodin tietoturvaskannerit on hyvä tuntea. Parhaista on apua myös tietoturvan varmistamisessa. Viime vuosina ei ole voinut olla lukematta uutisia miljoonien käyttäjätunnusten ja salasanojen tietovuodoista. Joukossa on ollut monien suomalaisten käyttämiä palveluja kuten Adobe, MyFitnessPal ja MyHeritage. Tapaukset ovat herättäneet tarpeita etsiä ja korjata verkkosovellusten tietoturva-aukot ennen verkkorikollisia. Vikojen etsintään tarvitaan hyviä menetelmiä.

Taas yksi tapa huijata rantautui ulkomailta: Viitteellä Facebk viety luottokortilta rahaa

yle.fi/uutiset/3-11551613 Veloitukset luottokortilta on tehty usein ulkomailta. Tästä syystä petoksien selvittäminen voi olla hankalaa. Huijarit ovat yhä kekseliäämpiä. Sisä-Suomen poliisilaitos varoittaa uusista posti- ja Facebk-petoksista. Niistä on ilmoitettu tällä viikolla poliisille. Postihuijausyrityksissä henkilö on poliisin mukaan saanut tekstiviestin, jossa kerrotaan, että hänelle olisi lähetys tulossa, mutta postimaksua uupuu. Viestin linkki ohjeistaa tietojenkalastelusivulle, jossa pyydetään henkilön pankkitunnuksia.

You might be interested in …

Daily NCSC-FI news followup 2020-10-02

Emotet malware takes part in the 2020 U.S. elections www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/ Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. XDSpy cyber-espionage group operated discretely for nine years www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/ Researchers at ESET today published details about a […]

Read More

Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026) blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January […]

Read More

Daily NCSC-FI news followup 2021-04-29

Prime targets: Governments shouldn’t go it alone on cybersecurity www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/ A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital “BadAlloc” Memory allocation vulnerabilities could affect wide range of IoT and OT devices […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.