Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts

o365blog.com/post/phishing/

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym.

www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/

50000 home cameras reportedly hacked, footage posted online

www.welivesecurity.com/2020/10/14/50000-home-cameras-reportedly-hacked-footage-posted-online/

Ubisoft, Crytek data posted on ransomware gang’s site – Ransomware gang also threatened to leak the source code of an upcoming Ubisoft game.

www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/

Iranian state hacker group MuddyWater linked to Thanos ransomware deployments

www.zdnet.com/article/iranian-state-hacker-group-linked-to-ransomware-deployments/

New Emotet attacks use fake Windows Update lures

www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.

threatpost.com/travelex-ddos-extortion-campaign/160110/

Two New IoT Vulnerabilities Identified with Mirai Payloads

unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Health Data Breaches in 2020: Ransomware Incidents Dominate – In 2020, 444 breaches affecting more than 21 million individuals have been reported

www.healthcareinfosecurity.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170

Morgan Stanley Fined $60 Million for failure to properly oversee the decommissioning of several data centers

www.bankinfosecurity.com/morgan-stanley-fined-60-million-for-data-protection-mishaps-a-15158

Singapore tightens security requirements for new home routers

www.zdnet.com/article/singapore-tightens-security-requirements-for-new-home-routers/#ftag=RSSbaffb68

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

www.darkreading.com/attacks-breaches/treasury-dept-advisory-shines-spotlight-on-ransomware-negotiators/d/d-id/1339169

The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both)

www.forbes.com/sites/bernardmarr/2020/10/14/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/

Cybersecurity: The Human Challenge – Findings from a global survey of 5, 000 IT managers

news.sophos.com/en-us/2020/10/14/cybersecurity-the-human-challenge/

Cybersecurity exercise boosts preparedness of EU Agencies to respond to cyber incidents

www.enisa.europa.eu/news/enisa-news/cybersecurity-exercise-boosts-preparedness-of-eu-agencies-to-respond-to-cyber-incidents

Disobey 2021 Hacker Challenge is live!

disobey.fi/2021/

You might be interested in …

Daily NCSC-FI news followup 2021-08-30

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16 blog.malwarebytes.com/podcast/2021/08/hackers-tractors-and-a-few-delayed-actors-how-hacker-sick-codes-learned-too-much-about-john-deere-lock-and-code-s02e16/ No one ever wants a group of hackers to say about their company: We had the keys to the kingdom.. But thats exactly what the hacker Sick Codes said on this weeks episode […]

Read More

Daily NCSC-FI news followup 2021-03-10

Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html One of the fundamental security issues with open source is that its difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and […]

Read More

Daily NCSC-FI news followup 2019-10-25

Cachet Financial Reeling from MyPayrollHR Fraud krebsonsecurity.com/2019/10/cachet-financial-reeling-from-mypayrollhr-fraud/ When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.