Daily NCSC-FI news followup 2020-09-25

Microsoft boots apps out of Azure used by China-sponsored hackers

arstechnica.com/information-technology/2020/09/microsoft-boots-apps-used-by-china-sponsored-hackers-out-of-azure/ Active Directory apps used for command-and-control infrastructure are no more. Report:


Feds Hit with Successful Cyberattack, Data Stolen

threatpost.com/feds-cyberattack-data-stolen/159541/ The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.

FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

thehackernews.com/2020/09/finspy-malware-macos-linux.html Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.

Mount Locker ransomware joins the multi-million dollar ransom game

www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ A new ransomware operation named Mount Locker is underway stealing victims’ files before encrypting and then demanding multi-million dollar ransoms.

The Week in Ransomware – September 25th 2020 – A Modern-Day Gold Rush

www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-25th-2020-a-modern-day-gold-rush/ This week showed continued attacks against large organizations as new ransomware operations rush to join a modern-day ransomware gold rush.

RayBan parent company reportedly suffers major ransomware attack

www.welivesecurity.com/2020/09/24/ray-ban-parent-company-reportedly-suffers-major-ransomware-attack/ There is no evidence that cybercriminals were also able to steal customer data

Taurus Project stealer now spreading via malvertising campaign

blog.malwarebytes.com/malwarebytes-news/2020/09/taurus-project-stealer-now-spreading-via-malvertising-campaign/ For the past several months, Taurus Projecta relatively new stealer that appeared in the spring of 2020has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately responsible for downloading the Taurus binary.

Windows-huijarit puhuvat nyt jopa suomea puhelimessa “Erittäin huolestuttava ilmiö”

www.tivi.fi/uutiset/tv/74fa8ce4-321c-4ff9-885d-3622156ff064 Moni on saanut viime viikkoina puhelun, jossa hänen tietokoneen väitetään olevan saastunut haittaohjelmilla ja soittajan auttavan tätä tietokoneen kanssa. Puheluita tehdään Kyberturvallisuuskeskukseen mukaan nyt Suomeen miljoona kuukaudessa.

Twitter is warning devs that API keys and tokens may have leaked

www.bleepingcomputer.com/news/security/twitter-is-warning-devs-that-api-keys-and-tokens-may-have-leaked/ Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache.

Fortinet VPN with Default Settings Leave 200, 000 Businesses Open to Hackers

thehackernews.com/2020/09/fortigate-vpn-security.html “We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily, ” SAM IoT Security Lab’s Niv Hertz and Lior Tashimov said. “The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a different Fortigate router without raising any flags, and implement a man-in-the-middle attack.”

Update now: Cisco warns over 25 high-impact flaws in its IOS and IOS XE software

www.zdnet.com/article/update-now-cisco-warns-over-25-high-impact-flaws-in-its-ios-and-ios-xe-software/ Cisco has alerted customers using its IOS and ISO XE networking gear software to apply updates for 34 flaws across 25 high-severity security advisories.

Blast from the past! Windows XP source code allegedly leaked online

nakedsecurity.sophos.com/2020/09/25/blast-from-the-past-windows-xp-source-code-allegedly-leaked-online/ If the reports are to be believed, someone has just leaked a mega-torrent (pun intended allegedly some of the files have also been uploaded to Kiwi file-sharing service Mega) of Microsoft source code going all the way back to MS-DOS 6.

“Organisaation näkökulmasta Whatsapp on katastrofi”, sanoo digikonsultti mahdoton hallinnoitava, silti käytössä työpaikoilla

yle.fi/uutiset/3-11545657 Ryhmien hallinta on käsityötä ja se mahdollistaa myös virheitä.

You might be interested in …

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied […]

Read More

Daily NCSC-FI news followup 2021-03-19

Identifying suspicious credential usage www.ncsc.gov.uk/blog-post/identifying-suspicious-credential-usage How NCSC guidance can help organisations detect and protect themselves from credential abuse. Weekly Threat Report 19th March 2021 www.ncsc.gov.uk/report/weekly-threat-report-19th-march-2021 The NCSC’s weekly threat report is drawn from recent open source reporting. “Expert” hackers used 11 0-days to infect Windows, iOS, and Android users arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/ A team of advanced hackers […]

Read More

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.