Daily NCSC-FI news followup 2020-10-06

Myöhästyykö odotettu koronarokote? Ongelmat liittyvät keskeiseen sovellukseen

www.tivi.fi/uutiset/tv/a758c9c3-96cc-4861-86bd-00adc7544339 New York Times kirjoittaa eResearch Technologyyn (ERT) kohdistuneesta kiristyshaittaohjelmasta. ERT:n ohjelmistoa käyttävät monet lääkevalmistajat muun muassa koronarokotteiden kliinisissä testeissä Euroopassa, Aasiassa ja Pohjois-Amerikassa. Lisäksi:

www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html. Lisäksi:

threatpost.com/covid-19-clinical-trials-ransomware/159877/

Emotet Malware

us-cert.cisa.gov/ncas/alerts/aa20-280a To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which include applying protocols that block suspicious attachments, using antivirus software, and blocking suspicious IPs.

Telia Company reaches agreement to sell its carrier operation to Polhem Infra

www.teliacarrier.com/news-and-events/press-releases/telia-company-to-sell-telia-carrier.html Stockholm, 6 October 2020 Telia Company today announces that it has reached an agreement with Polhem Infra for the sale of its international carrier business, Telia Carrier, for a value of SEK 9, 450 million on a cash and debt free basis. Lisäksi:

www.tivi.fi/uutiset/tv/5eaedfc4-c115-4e00-8b66-4ef49d9c5f8f

Mobile network operator falls into the hands of Fullz House criminal group

blog.malwarebytes.com/malwarebytes-news/2020/10/mobile-network-operator-falls-into-the-hands-of-fullz-house-criminal-group/ Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Lisäksi:

www.zdnet.com/article/boom-mobile-falls-prey-to-magecart-card-skimming-attack. Lisäksi:

arstechnica.com/information-technology/2020/10/boom-hacked-page-on-mobile-phone-website-is-stealing-customers-card-data/. Lisäksi:

www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/. Lisäksi:

threatpost.com/boom-mobile-customer-data-fullz-house-magecart/159887/

Microsoft says Iranian hackers are exploiting the Zerologon vulnerability

www.zdnet.com/article/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/. Lisäksi:

threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/. Lisäksi:

rootdaemon.com/2020/10/05/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability/

Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374, 300 to Global Security Research Community

msrc-blog.microsoft.com/2020/10/06/azure-sphere-security-research-challenge-concluded/ The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-pays-over-370-000-for-azure-sphere-bug-reports/. Lisäksi: blogs.cisco.com/security/talos/azure-sphere-challenge

EU’s top court limits government spying on citizens’ mobile and internet data

www.cnbc.com/2020/10/06/ecj-limits-government-spying-on-citizens-mobile-and-internet-data-.html The European Court of Justice (ECJ), the EU’s highest legal authority, ruled Tuesday that member states cannot collect mass mobile and internet data on citizens.

REvil Ransomware Gang Offers $1 Million As Part Of Recruitment Drive

www.forbes.com/sites/simonchandler/2020/10/06/revil-ransomware-gang-offers-1-million-as-part-of-recruitment-drive/ The criminal group behind the REvil ransomware operation has deposited bitcoin worth $1 million on a Russian-speaking hacker website, as part of a drive to recruit more members.

Ransomware threat surge, Ryuk attacks about 20 orgs per week

www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/ Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. Lisäksi:

www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/. Lisäksi:

threatpost.com/apt-attack-malware-windows-error-reporting/159861/

Five bar and cafe owners arrested in France for running no-log WiFi networks

www.zdnet.com/article/five-bar-and-cafe-owners-arrested-in-france-for-running-no-log-wifi-networks/ In one of the weirdest arrests of the year, at least five bar and cafe managers from the French city of Grenoble were taken into custody last week for running open WiFi networks at their establishments and not keeping logs of past connected users. Five bar and cafe owners arrested in France for running no-log WiFi networks

You might be interested in …

Daily NCSC-FI news followup 2020-06-16

T-Mobile confirms nationwide outage impacting millions of customers abc13.com/tmobile-outage-is-out-t-mobile-down/6248980/ T-Mobile customers are dealing with a nationwide outage of its voice and data network. The phone carrier’s president of technology, Neville Ray, confirmed the outage Monday afternoon. “Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. […]

Read More

Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly […]

Read More

Daily NCSC-FI news followup 2020-12-11

AIVD exposes espionage network in the Netherlands; two Russian intelligence officers forced to leave the country english.aivd.nl/latest/news/2020/12/10/aivd-exposes-espionage-network-in-the-netherlands-two-russian-intelligence-officers-forced-to-leave-the-country Recently the General Intelligence and Security Service (“Algemene Inlichtingen- en Veiligheidsdienst” AIVD) disrupted the covert activities of an intelligence officer of the Russian civil intelligence agency SVR. The intelligence officer – who worked at the Russian Embassy in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.