Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts

o365blog.com/post/phishing/

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym.

www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/

50000 home cameras reportedly hacked, footage posted online

www.welivesecurity.com/2020/10/14/50000-home-cameras-reportedly-hacked-footage-posted-online/

Ubisoft, Crytek data posted on ransomware gang’s site – Ransomware gang also threatened to leak the source code of an upcoming Ubisoft game.

www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/

Iranian state hacker group MuddyWater linked to Thanos ransomware deployments

www.zdnet.com/article/iranian-state-hacker-group-linked-to-ransomware-deployments/

New Emotet attacks use fake Windows Update lures

www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.

threatpost.com/travelex-ddos-extortion-campaign/160110/

Two New IoT Vulnerabilities Identified with Mirai Payloads

unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Health Data Breaches in 2020: Ransomware Incidents Dominate – In 2020, 444 breaches affecting more than 21 million individuals have been reported

www.healthcareinfosecurity.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170

Morgan Stanley Fined $60 Million for failure to properly oversee the decommissioning of several data centers

www.bankinfosecurity.com/morgan-stanley-fined-60-million-for-data-protection-mishaps-a-15158

Singapore tightens security requirements for new home routers

www.zdnet.com/article/singapore-tightens-security-requirements-for-new-home-routers/#ftag=RSSbaffb68

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

www.darkreading.com/attacks-breaches/treasury-dept-advisory-shines-spotlight-on-ransomware-negotiators/d/d-id/1339169

The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both)

www.forbes.com/sites/bernardmarr/2020/10/14/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/

Cybersecurity: The Human Challenge – Findings from a global survey of 5, 000 IT managers

news.sophos.com/en-us/2020/10/14/cybersecurity-the-human-challenge/

Cybersecurity exercise boosts preparedness of EU Agencies to respond to cyber incidents

www.enisa.europa.eu/news/enisa-news/cybersecurity-exercise-boosts-preparedness-of-eu-agencies-to-respond-to-cyber-incidents

Disobey 2021 Hacker Challenge is live!

disobey.fi/2021/

You might be interested in …

Daily NCSC-FI news followup 2020-01-21

Infiltrating Networks: Easier Than Ever Due to Evil Markets www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the […]

Read More

Daily NCSC-FI news followup 2021-01-24

Listasimme verkkohuijausten uusimmat trendit ja keinoja niiden tunnistamiseen Moni huijaus tepsii aina uudestaan sillä kollektiivinen muisti unohtaa yle.fi/uutiset/3-11721481 Lue myös: www.kuluttajaliitto.fi/hankkeet/huijarit-kuriin/ Your Password Isn’t Safe: The Danger Of An Inactive Zombie’ Account www.forbes.com/sites/brookecrothers/2021/01/23/your-password-isnt-safe-the-danger-of-inactive-zombie-accounts/ WhatsApp BacklashStop Using Signal Or Telegram Until You Change These 4 Critical Settings www.forbes.com/sites/zakdoffman/2021/01/23/stop-using-signal-and-telegram-until-you-change-settings-after-whatsapp-and-imessage-privacy-backlash/ SonicWall firewall maker hacked using zero-day in its […]

Read More

Daily NCSC-FI news followup 2019-12-08

Clever Microsoft Phishing Scam Creates a Local Login Form www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/ A clever phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. A typical credential-stealing phishing scam consists of an email where the attacker tries to convince […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.