Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts

o365blog.com/post/phishing/

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym.

www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/

50000 home cameras reportedly hacked, footage posted online

www.welivesecurity.com/2020/10/14/50000-home-cameras-reportedly-hacked-footage-posted-online/

Ubisoft, Crytek data posted on ransomware gang’s site – Ransomware gang also threatened to leak the source code of an upcoming Ubisoft game.

www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/

Iranian state hacker group MuddyWater linked to Thanos ransomware deployments

www.zdnet.com/article/iranian-state-hacker-group-linked-to-ransomware-deployments/

New Emotet attacks use fake Windows Update lures

www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.

threatpost.com/travelex-ddos-extortion-campaign/160110/

Two New IoT Vulnerabilities Identified with Mirai Payloads

unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Health Data Breaches in 2020: Ransomware Incidents Dominate – In 2020, 444 breaches affecting more than 21 million individuals have been reported

www.healthcareinfosecurity.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170

Morgan Stanley Fined $60 Million for failure to properly oversee the decommissioning of several data centers

www.bankinfosecurity.com/morgan-stanley-fined-60-million-for-data-protection-mishaps-a-15158

Singapore tightens security requirements for new home routers

www.zdnet.com/article/singapore-tightens-security-requirements-for-new-home-routers/#ftag=RSSbaffb68

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

www.darkreading.com/attacks-breaches/treasury-dept-advisory-shines-spotlight-on-ransomware-negotiators/d/d-id/1339169

The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both)

www.forbes.com/sites/bernardmarr/2020/10/14/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/

Cybersecurity: The Human Challenge – Findings from a global survey of 5, 000 IT managers

news.sophos.com/en-us/2020/10/14/cybersecurity-the-human-challenge/

Cybersecurity exercise boosts preparedness of EU Agencies to respond to cyber incidents

www.enisa.europa.eu/news/enisa-news/cybersecurity-exercise-boosts-preparedness-of-eu-agencies-to-respond-to-cyber-incidents

Disobey 2021 Hacker Challenge is live!

disobey.fi/2021/

You might be interested in …

Daily NCSC-FI news followup 2021-04-12

Israel appears to confirm it carried out cyberattack on Iran nuclear facility www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility Israel appeared to confirm claims that it was behind a cyber-attack on Irans main nuclear facility on Sunday, which Tehrans nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators. Sisä-Suomen poliisilaitoksella on tutkittavana useita WhatsApp-sovelluksen […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Daily NCSC-FI news followup 2020-07-09

More evil: A deep look at Evilnum and its toolset www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/ In this article we connect the dots and disclose a detailed picture of Evilnums activities. The groups targets remain fintech companies, but its toolset and infrastructure have evolved and now consist of a mix of custom, homemade malware combined with tools purchased from Golden […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.