Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor

www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free.

When coffee makers are demanding a ransom, you know IoT is screwed

arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water.

Threat Roundup for September 18 to September 25

blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.

Industrial Cyberattacks Get Rarer but More Complex

threatpost.com/industrial-cyberattacks-rarer-complex/159573/ The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.

KuCoin cryptocurrency exchange hacked for $150 million

www.zdnet.com/article/kucoin-cryptocurrency-exchange-hacked-for-150-million/#ftag=RSSbaffb68 KuCoin said an intruder drained all its hot wallets today.

Putin Wants a Truce in Cyberspace While Denying Russian Interference

www.nytimes.com/2020/09/25/world/europe/russia-cyber-security-meddling.html With an eye to a possible Biden presidency, the Russian leader called for a “reboot” on information security but offered no concessions.

How cybercriminals launder money stolen from banks

www.kaspersky.com/blog/money-laundering-schemes/37175/ Before the thieves can enjoy them, the proceeds of cybercrime have to jump through a few hoops. We discuss the complexities involved.

Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the dismay of the infosec community

www.zdnet.com/article/pastebin-adds-burn-after-read-and-password-protected-pastes-to-the-dismay-of-the-infosec-community/ The two new features will make it easier to disguise malware operations.

Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät? www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, […]

Daily NCSC-FI news followup 2021-02-27

Amazon Dismisses Claims Alexa Skills Can Bypass Security Vetting Process threatpost.com/amazon-dismisses-claims-alexa-skills-can-bypass-security-vetting/164316/ Our analysis shows that while Amazon restricts access to user data for skills and has put forth a number of rules, there is still room for malicious actors to exploit or circumvent some of these rules, said researchers this week. This can enable an […]

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]