Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices

www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police

Zoom rolls out end-to-end encryption (E2EE) next week

www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/ “Zoom users free and paid around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

Poliisi: Näillä 6 tavalla suomalaisia huijataan nyt

www.is.fi/digitoday/art-2000006669546.html Keskusrikospoliisin Kyberrikoksentorjuntakeskus kertoo Poliisin blogissa, miten suomalaisia huijataan tällä hetkellä. Rikostarkastaja Mikko Rauhamaan mukaan Suomesta on virrannut petosten myötä miljoonia euroja ulkomaille, ja tahti on kesän jälkeen vain kiihtynyt.

Silent Librarian APT right on schedule for 20/21 academic year

blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/ A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We know that the threat actor has used the “.me” TLD in their past campaigns against some academic intuitions and this is still the case, along side “.tk” and “.cf”.

Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing

www.cauce.org/2020/10/phishinglandscape2020.html Over a three-month collection period, we learned about more than 100, 000 newly discovered phishing sites. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML, .CF, and.GQ) offer domain names for free, and at least 80% appear to be maliciously registered

Lemon Duck brings cryptocurrency miners back into the spotlight

blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html This threat, known as “Lemon Duck, ” has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020.

Canva design platform actively abused in credentials phishing

www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/ Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

You might be interested in …

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Daily NCSC-FI news followup 2020-02-20

U.S. agency responsible for Trump’s secure communication suffered data breach: letter www.reuters.com/article/us-usa-defense-breach/u-s-agency-responsible-for-trumps-secure-communication-suffered-data-breach-letter-idUSKBN20E27A The letter, dated Feb. 11, 2020, says that between May and July 2019, personal data may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.. The agency says it provides direct telecommunications and IT support […]

Read More

Daily NCSC-FI news followup 2020-11-10

With Great Power comes Great Leakage platypusattack.com/ With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor’s power consumption to infer data and extract cryptographic keys. Lisäksi: www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus. Lisäksi: arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/. Lisäksi: www.theregister.com/2020/11/10/intel_sgx_side_channel/ Microsoft Releases November 2020 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.