Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found

samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple does payments in batches and will likely pay for more of the issues in the following months.

Ryuk’s Return

thedfirreport.com/2020/10/08/ryuks-return/ The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective.

German tech giant Software AG down after ransomware attack

www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/ Exclusive: The Clop ransomware gang is demanding more than $20 million from German tech firm Software AG. Software AG is Germany’s second-largest company with more than 10, 000 enterprise customers across 70 countries. Some of the company’s most recognizable customers include Fujitsu, Telefonica, Vodafone, DHL, and Airbus.

Sophisticated Android Ransomware Executes with the Home Button

threatpost.com/android-ransomware-home-button/160001/ A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices — surfacing its ransom note when a user hits the Home button. Lisäksi:

www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/

Facebook Debuts Bug-Bounty ‘Loyalty Program’

threatpost.com/facebook-bug-bounty-loyalty-program/159993/ Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports which will dictate new bonus percentages. For instance, Bronze tier members will receive a 5 percent bonus on top of each bounty they receive — while Diamond tier members will earn a 20 percent bonus. Diamond-level researchers also gain access to various events, including live hacking events, Facebook’s F8 conference and DEFCON.

You might be interested in …

Daily NCSC-FI news followup 2019-11-16

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/ As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers.. To that point, Venafi researchers uncovered the copycat phishing sites, which use trusted, valid TLS certificates (60 percent of them are free certificates from […]

Read More

Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat […]

Read More

Daily NCSC-FI news followup 2020-11-17

Nordean tietomurrosta kahdelle vankeutta yhden syytteet hylättiin Pohjanmaan käräjäoikeudessa yle.fi/uutiset/3-11652084?origin=rss Rikokset ajoittuivat kesään 2019. Käräjäoikeus määräsi tiistaina tuomitut maksamaan pankille yhteensä yli 276 000 euroa vahingonkorvauksia. Delhin poliisi pidätti 17 ihmistä “Microsoftin palvelukeskuksesta” www.tivi.fi/uutiset/tv/79cbdf6d-9551-46b5-b6ff-06a378686a75 Poliisin antamien tietojen mukaan huijariporukka oli ehtinyt petkuttaa ihmisiä jo runsaan vuoden ajan. Uhrien määräksi kerrotaan 2268 ja saaliiksi runsaat 0, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.