Daily NCSC-FI news followup 2020-10-06

Myöhästyykö odotettu koronarokote? Ongelmat liittyvät keskeiseen sovellukseen

www.tivi.fi/uutiset/tv/a758c9c3-96cc-4861-86bd-00adc7544339 New York Times kirjoittaa eResearch Technologyyn (ERT) kohdistuneesta kiristyshaittaohjelmasta. ERT:n ohjelmistoa käyttävät monet lääkevalmistajat muun muassa koronarokotteiden kliinisissä testeissä Euroopassa, Aasiassa ja Pohjois-Amerikassa. Lisäksi:

www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html. Lisäksi:


Emotet Malware

us-cert.cisa.gov/ncas/alerts/aa20-280a To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which include applying protocols that block suspicious attachments, using antivirus software, and blocking suspicious IPs.

Telia Company reaches agreement to sell its carrier operation to Polhem Infra

www.teliacarrier.com/news-and-events/press-releases/telia-company-to-sell-telia-carrier.html Stockholm, 6 October 2020 Telia Company today announces that it has reached an agreement with Polhem Infra for the sale of its international carrier business, Telia Carrier, for a value of SEK 9, 450 million on a cash and debt free basis. Lisäksi:


Mobile network operator falls into the hands of Fullz House criminal group

blog.malwarebytes.com/malwarebytes-news/2020/10/mobile-network-operator-falls-into-the-hands-of-fullz-house-criminal-group/ Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Lisäksi:

www.zdnet.com/article/boom-mobile-falls-prey-to-magecart-card-skimming-attack. Lisäksi:

arstechnica.com/information-technology/2020/10/boom-hacked-page-on-mobile-phone-website-is-stealing-customers-card-data/. Lisäksi:

www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/. Lisäksi:


Microsoft says Iranian hackers are exploiting the Zerologon vulnerability

www.zdnet.com/article/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/. Lisäksi:

threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/. Lisäksi:


Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374, 300 to Global Security Research Community

msrc-blog.microsoft.com/2020/10/06/azure-sphere-security-research-challenge-concluded/ The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-pays-over-370-000-for-azure-sphere-bug-reports/. Lisäksi: blogs.cisco.com/security/talos/azure-sphere-challenge

EU’s top court limits government spying on citizens’ mobile and internet data

www.cnbc.com/2020/10/06/ecj-limits-government-spying-on-citizens-mobile-and-internet-data-.html The European Court of Justice (ECJ), the EU’s highest legal authority, ruled Tuesday that member states cannot collect mass mobile and internet data on citizens.

REvil Ransomware Gang Offers $1 Million As Part Of Recruitment Drive

www.forbes.com/sites/simonchandler/2020/10/06/revil-ransomware-gang-offers-1-million-as-part-of-recruitment-drive/ The criminal group behind the REvil ransomware operation has deposited bitcoin worth $1 million on a Russian-speaking hacker website, as part of a drive to recruit more members.

Ransomware threat surge, Ryuk attacks about 20 orgs per week

www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/ Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism. Lisäksi:

www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/. Lisäksi:


Five bar and cafe owners arrested in France for running no-log WiFi networks

www.zdnet.com/article/five-bar-and-cafe-owners-arrested-in-france-for-running-no-log-wifi-networks/ In one of the weirdest arrests of the year, at least five bar and cafe managers from the French city of Grenoble were taken into custody last week for running open WiFi networks at their establishments and not keeping logs of past connected users. Five bar and cafe owners arrested in France for running no-log WiFi networks

You might be interested in …

Daily NCSC-FI news followup 2019-12-07

The Week in Ransomware – December 6th 2019 – ‘We have seen better days’ www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-6th-2019-we-have-seen-better-days/ With this article we are bringing you the latest ransomware news that occurred over the past two weeks. The news is a still a little light due to some of us taking vacations, but we should be back up to […]

Read More

Daily NCSC-FI news followup 2019-07-02

Cloudflare Worldwide Outage Caused by Bad Software Deployment www.bleepingcomputer.com/news/technology/cloudflare-worldwide-outage-caused-by-bad-software-deployment/ Cloudfare experienced a worldwide outage today for about 30 minutes, with network performance issues that brought down a multitude of websites and web services all around the world, and triggered “502 Bad Gateway” errors.. see also www.cloudflarestatus.com/incidents/tx4pgxs6zxdr Kiristyshuijauksia liikkeellä runsaasti älä usko huijarien väitteitä www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshuijauksia-liikkeella-runsaasti-ala-usko-huijarien-vaitteita Huijarit […]

Read More

Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Discord […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.