Daily NCSC-FI news followup 2020-09-25

Microsoft boots apps out of Azure used by China-sponsored hackers

arstechnica.com/information-technology/2020/09/microsoft-boots-apps-used-by-china-sponsored-hackers-out-of-azure/ Active Directory apps used for command-and-control infrastructure are no more. Report:


Feds Hit with Successful Cyberattack, Data Stolen

threatpost.com/feds-cyberattack-data-stolen/159541/ The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.

FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

thehackernews.com/2020/09/finspy-malware-macos-linux.html Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.

Mount Locker ransomware joins the multi-million dollar ransom game

www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ A new ransomware operation named Mount Locker is underway stealing victims’ files before encrypting and then demanding multi-million dollar ransoms.

The Week in Ransomware – September 25th 2020 – A Modern-Day Gold Rush

www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-25th-2020-a-modern-day-gold-rush/ This week showed continued attacks against large organizations as new ransomware operations rush to join a modern-day ransomware gold rush.

RayBan parent company reportedly suffers major ransomware attack

www.welivesecurity.com/2020/09/24/ray-ban-parent-company-reportedly-suffers-major-ransomware-attack/ There is no evidence that cybercriminals were also able to steal customer data

Taurus Project stealer now spreading via malvertising campaign

blog.malwarebytes.com/malwarebytes-news/2020/09/taurus-project-stealer-now-spreading-via-malvertising-campaign/ For the past several months, Taurus Projecta relatively new stealer that appeared in the spring of 2020has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately responsible for downloading the Taurus binary.

Windows-huijarit puhuvat nyt jopa suomea puhelimessa “Erittäin huolestuttava ilmiö”

www.tivi.fi/uutiset/tv/74fa8ce4-321c-4ff9-885d-3622156ff064 Moni on saanut viime viikkoina puhelun, jossa hänen tietokoneen väitetään olevan saastunut haittaohjelmilla ja soittajan auttavan tätä tietokoneen kanssa. Puheluita tehdään Kyberturvallisuuskeskukseen mukaan nyt Suomeen miljoona kuukaudessa.

Twitter is warning devs that API keys and tokens may have leaked

www.bleepingcomputer.com/news/security/twitter-is-warning-devs-that-api-keys-and-tokens-may-have-leaked/ Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache.

Fortinet VPN with Default Settings Leave 200, 000 Businesses Open to Hackers

thehackernews.com/2020/09/fortigate-vpn-security.html “We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily, ” SAM IoT Security Lab’s Niv Hertz and Lior Tashimov said. “The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a different Fortigate router without raising any flags, and implement a man-in-the-middle attack.”

Update now: Cisco warns over 25 high-impact flaws in its IOS and IOS XE software

www.zdnet.com/article/update-now-cisco-warns-over-25-high-impact-flaws-in-its-ios-and-ios-xe-software/ Cisco has alerted customers using its IOS and ISO XE networking gear software to apply updates for 34 flaws across 25 high-severity security advisories.

Blast from the past! Windows XP source code allegedly leaked online

nakedsecurity.sophos.com/2020/09/25/blast-from-the-past-windows-xp-source-code-allegedly-leaked-online/ If the reports are to be believed, someone has just leaked a mega-torrent (pun intended allegedly some of the files have also been uploaded to Kiwi file-sharing service Mega) of Microsoft source code going all the way back to MS-DOS 6.

“Organisaation näkökulmasta Whatsapp on katastrofi”, sanoo digikonsultti mahdoton hallinnoitava, silti käytössä työpaikoilla

yle.fi/uutiset/3-11545657 Ryhmien hallinta on käsityötä ja se mahdollistaa myös virheitä.

You might be interested in …

Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible […]

Read More

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from […]

Read More

Daily NCSC-FI news followup 2021-05-27

Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html In April, Mandiant published information about Pulse Secure devices, in this blog post they update the findings and provide recommendations to defenders APT hackers breached US local govt by exploiting Fortinet bugs www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/ FBI: As of at least May 2021, an APT actor group […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.