Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices

www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police

Zoom rolls out end-to-end encryption (E2EE) next week

www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/ “Zoom users free and paid around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

Poliisi: Näillä 6 tavalla suomalaisia huijataan nyt

www.is.fi/digitoday/art-2000006669546.html Keskusrikospoliisin Kyberrikoksentorjuntakeskus kertoo Poliisin blogissa, miten suomalaisia huijataan tällä hetkellä. Rikostarkastaja Mikko Rauhamaan mukaan Suomesta on virrannut petosten myötä miljoonia euroja ulkomaille, ja tahti on kesän jälkeen vain kiihtynyt.

Silent Librarian APT right on schedule for 20/21 academic year

blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/ A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We know that the threat actor has used the “.me” TLD in their past campaigns against some academic intuitions and this is still the case, along side “.tk” and “.cf”.

Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing

www.cauce.org/2020/10/phishinglandscape2020.html Over a three-month collection period, we learned about more than 100, 000 newly discovered phishing sites. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML, .CF, and.GQ) offer domain names for free, and at least 80% appear to be maliciously registered

Lemon Duck brings cryptocurrency miners back into the spotlight

blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html This threat, known as “Lemon Duck, ” has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020.

Canva design platform actively abused in credentials phishing

www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/ Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

You might be interested in …

Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also: arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/ Microsoft Uses Trademark Law to […]

Read More

Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do? New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have […]

Read More

Daily NCSC-FI news followup 2020-03-30

Revealed: Saudis suspected of phone spying campaign in US www.theguardian.com/world/2020/mar/29/revealed-saudis-suspected-of-phone-spying-campaign-in-us Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US, according to a whistleblower who has shown the Guardian millions of alleged secret tracking requests. Emotet: Dangerous Malware Keeps on Evolving medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.