Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices

www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police

Zoom rolls out end-to-end encryption (E2EE) next week

www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/ “Zoom users free and paid around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

Poliisi: Näillä 6 tavalla suomalaisia huijataan nyt

www.is.fi/digitoday/art-2000006669546.html Keskusrikospoliisin Kyberrikoksentorjuntakeskus kertoo Poliisin blogissa, miten suomalaisia huijataan tällä hetkellä. Rikostarkastaja Mikko Rauhamaan mukaan Suomesta on virrannut petosten myötä miljoonia euroja ulkomaille, ja tahti on kesän jälkeen vain kiihtynyt.

Silent Librarian APT right on schedule for 20/21 academic year

blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/ A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We know that the threat actor has used the “.me” TLD in their past campaigns against some academic intuitions and this is still the case, along side “.tk” and “.cf”.

Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing

www.cauce.org/2020/10/phishinglandscape2020.html Over a three-month collection period, we learned about more than 100, 000 newly discovered phishing sites. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML, .CF, and.GQ) offer domain names for free, and at least 80% appear to be maliciously registered

Lemon Duck brings cryptocurrency miners back into the spotlight

blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html This threat, known as “Lemon Duck, ” has a cryptocurrency mining payload that steals computer resources to mine the Monero virtual currency. The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including the infamous Eternal Blue and SMBGhost threats that affect Windows 10 machines. Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020.

Canva design platform actively abused in credentials phishing

www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/ Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

You might be interested in …

Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials. SolarWinds hack analysis reveals 56% boost […]

Read More

Daily NCSC-FI news followup 2019-11-20

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems www.wired.com/story/iran-apt33-industrial-control-systems/ The recent shift away from IT networks raises the possibility that Irans APT33 is exploring physically disruptive cyberattacks on critical infrastructure. Ransomware Gangs Adopt APT Tactics in Targeted Attacks www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/ Ransomware operators are moving away from mass volume attacks and partnering with specialists who […]

Read More

Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi: chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi: www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/ DNS cache poisoning, the Internet […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.