Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found

samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple does payments in batches and will likely pay for more of the issues in the following months.

Ryuk’s Return

thedfirreport.com/2020/10/08/ryuks-return/ The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective.

German tech giant Software AG down after ransomware attack

www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/ Exclusive: The Clop ransomware gang is demanding more than $20 million from German tech firm Software AG. Software AG is Germany’s second-largest company with more than 10, 000 enterprise customers across 70 countries. Some of the company’s most recognizable customers include Fujitsu, Telefonica, Vodafone, DHL, and Airbus.

Sophisticated Android Ransomware Executes with the Home Button

threatpost.com/android-ransomware-home-button/160001/ A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices — surfacing its ransom note when a user hits the Home button. Lisäksi:

www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/

Facebook Debuts Bug-Bounty ‘Loyalty Program’

threatpost.com/facebook-bug-bounty-loyalty-program/159993/ Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports which will dictate new bonus percentages. For instance, Bronze tier members will receive a 5 percent bonus on top of each bounty they receive — while Diamond tier members will earn a 20 percent bonus. Diamond-level researchers also gain access to various events, including live hacking events, Facebook’s F8 conference and DEFCON.

You might be interested in …

Daily NCSC-FI news followup 2021-10-01

Flubot Android malware now spreads via fake security updates www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/ The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. Update Google Chrome ASAP to Patch 2 […]

Read More

Daily NCSC-FI news followup 2020-09-23

Phishers spoof reliable cybersecurity training company to garner clicks blog.malwarebytes.com/scams/2020/09/phishers-spoof-reliable-cybersecurity-training-company-to-garner-clicks/ It happens to the best of us. And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4a trusted cybersecurity company that offers security awareness training for organizationsto gain recipients trust, their Microsoft Outlook credentials, and […]

Read More

Daily NCSC-FI news followup 2021-03-18

Tiedote 18.3.2021: Timanttiteko-palkinto 2020 Kyberturvallisuuskeskukselle www.erillisverkot.fi/timanttiteko-palkinto-2020/ Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien arviointi on välttämätöntä. Suojelupoliisi tunnisti […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.