Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices

www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police

Zoom rolls out end-to-end encryption (E2EE) next week

www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/ “Zoom users free and paid around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

Poliisi: Näillä 6 tavalla suomalaisia huijataan nyt

www.is.fi/digitoday/art-2000006669546.html Keskusrikospoliisin Kyberrikoksentorjuntakeskus kertoo Poliisin blogissa, miten suomalaisia huijataan tällä hetkellä. Rikostarkastaja Mikko Rauhamaan mukaan Suomesta on virrannut petosten myötä miljoonia euroja ulkomaille, ja tahti on kesän jälkeen vain kiihtynyt.

Silent Librarian APT right on schedule for 20/21 academic year

blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/ A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We know that the threat actor has used the “.me” TLD in their past campaigns against some academic intuitions and this is still the case, along side “.tk” and “.cf”.

Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing

www.cauce.org/2020/10/phishinglandscape2020.html Over a three-month collection period, we learned about more than 100, 000 newly discovered phishing sites. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML, .CF, and.GQ) offer domain names for free, and at least 80% appear to be maliciously registered

Lemon Duck brings cryptocurrency miners back into the spotlight

blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html This threat, known as “Lemon Duck, ” has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020.

Canva design platform actively abused in credentials phishing

www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/ Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

You might be interested in …

Daily NCSC-FI news followup 2020-05-06

COVID-19: Cloud Threat Landscape unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/ Unit 42 researchers analyzed 1.2 million newly registered domain (NRD) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86, 600+ domains are classified as “risky” or “malicious”, spread across various regions, as shown in Figure 1. The United States has […]

Read More

Daily NCSC-FI news followup 2019-09-19

Telecommunications Breakdown: How Russian Telco Infrastructure was Exposed www.upguard.com/breaches/mts-nokia-telecom-inventory-data-exposure UpGuard can now disclose that a storage device containing 1.7 terabytes of information detailing telecommunications installations throughout the Russian Federation has been secured, preventing any future malicious use. This data includes schematics, administrative credentials, email archives, and other materials relating to telecom infrastructure projects.. Until recently […]

Read More

Daily NCSC-FI news followup 2019-06-17

Bloomberg: Argentina Isnt Ruling Out a Cyberattack in Major Power Outage www.bloomberg.com/news/articles/2019-06-16/massive-power-failure-sweeps-across-argentina-and-uruguay Though a cyberattack isnt the primary hypothesis, it cant be ruled out, Argentine Energy Secretary Gustavo Lopetegui told reporters in Buenos Aires. A technical issue or simple humidity could have triggered the breakdown, said Carlos Garcia Pereira, head of Transener, Argentinas largest power-transmission […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.