Daily NCSC-FI news followup 2020-10-01

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency

www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.

MAR-10303705-1.v1 Remote Access Trojan: SLOTHFULMEDIA

us-cert.cisa.gov/ncas/analysis-reports/ar20-275a The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named mediaplayer.exe”, which is designed for command and control (C2) of victim computer systems.

OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

threatpost.com/oauth-phishing-microsoft-o365-attacks/159713/ An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail.

North Korea has tried to hack 11 officials of the UN Security Council

www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/ New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

krebsonsecurity.com/2020/10/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam/ Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.

New service checks if your email was used in Emotet attacks

www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/ A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign.

How a Chinese malware gang defrauded Facebook users of $4 million

www.zdnet.com/article/how-a-chinese-malware-gang-defrauded-facebook-users-of-4-million/ SilentFade group utilized a Windows rootkit, browser injections, clever scripting, and a Facebook platform bug to buy and post ads on behalf of hacked users.

IPStorm botnet expands from Windows to Android, Mac, and Linux

www.zdnet.com/article/ipstorm-botnet-expands-from-windows-to-android-mac-and-linux/ IPStorm, a malware botnet that was first spotted last year targeting Windows systems, has evolved to infect other types of platforms, such as Android, Linux, and Mac devices. Furthermore, the botnet has also quadrupled in size, growing from around 3, 000 infected systems in May 2019 to more than 13, 500 devices this month

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

thehackernews.com/2020/10/android-mobile-hacking.html A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware.

Spammers add random text to shortened links to evade detection

www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/ Spammers are using a new technique of generating URLs to evade detection by humans and spam filters alike.

NVIDIA fixes high severity flaws in Windows display driver

www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaws-in-windows-display-driver/ NVIDIA has released security updates to address high severity vulnerabilities in the Windows GPU display driver that could lead to code execution, escalation of privileges, information disclosure, and denial of service.

With API attacks rising, Cloudflare launches a free API security tool

www.zdnet.com/article/with-api-attacks-rising-cloudflare-launches-a-free-api-security-tool/ Cloudflare launches API Shield, a new service to protect web APIs against attacks.

Huawei’s UK code reviewers say the company is still crap at basic software security

www.theregister.com/2020/10/01/huawei_hcsec_code_review_panel/ Code reviewers found “evidence that Huawei continues to fail to follow its own internal secure coding guidelines. This is despite some minor improvements over previous years.” In addition, “The Cell” said it had found more vulnerabilities during 2019 than it had in previous years. – – though Huawei was keen to paint this finding as “proof the review system is working”, something NCSC guardedly agreed with.

Critical Flaws Discovered in Popular Industrial Remote Access Systems

thehackernews.com/2020/10/industrial-remote-access.html Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets.

Microsoft Suffered Worldwide Outlook Outage TodayHere’s What We Know

www.forbes.com/sites/daveywinder/2020/10/01/new-worldwide-microsoft-outage-confirmed-heres-what-we-know/ On Monday, September 28, Microsoft users suffered a massive outage impacting Teams, Office 365 and Outlook. Now, just 48 hours after you thought everything was back to normal, Microsoft Outlook has gone down again.

H&M-vaatekauppaketju sai 35 miljoonan euron sakon työntekijöidensä henkilökohtaisten tietojen keräämisestä Saksassa

yle.fi/uutiset/3-11574720 Johtajien käyttöön kerätyssä tietopankissa listattiin muun muassa sairauksiin ja uskontoon liittyviä asioita.

You might be interested in …

Daily NCSC-FI news followup 2021-06-02

Ransomware: What board members should know and what they should be asking their technical experts www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and […]

Read More

Daily NCSC-FI news followup 2021-08-26

Microsoft Breaks Silence on Barrage of ProxyShell Attacks threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers […]

Read More

Daily NCSC-FI news followup 2020-06-18

Car autopilot security www.kaspersky.com/blog/protecting-adas/35961/ Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). . The main issue that autopilot manufacturers must address is guaranteeing reliability and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.