German authorities raid FinFisher offices
www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police
Zoom rolls out end-to-end encryption (E2EE) next week
www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/ “Zoom users free and paid around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”
Poliisi: Näillä 6 tavalla suomalaisia huijataan nyt
www.is.fi/digitoday/art-2000006669546.html Keskusrikospoliisin Kyberrikoksentorjuntakeskus kertoo Poliisin blogissa, miten suomalaisia huijataan tällä hetkellä. Rikostarkastaja Mikko Rauhamaan mukaan Suomesta on virrannut petosten myötä miljoonia euroja ulkomaille, ja tahti on kesän jälkeen vain kiihtynyt.
Silent Librarian APT right on schedule for 20/21 academic year
blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/ A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We know that the threat actor has used the “.me” TLD in their past campaigns against some academic intuitions and this is still the case, along side “.tk” and “.cf”.
Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing
www.cauce.org/2020/10/phishinglandscape2020.html Over a three-month collection period, we learned about more than 100, 000 newly discovered phishing sites. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML, .CF, and.GQ) offer domain names for free, and at least 80% appear to be maliciously registered
Lemon Duck brings cryptocurrency miners back into the spotlight
blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html This threat, known as “Lemon Duck, ” has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020.
Canva design platform actively abused in credentials phishing
www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/ Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.