Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts

o365blog.com/post/phishing/

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym.

www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/

50000 home cameras reportedly hacked, footage posted online

www.welivesecurity.com/2020/10/14/50000-home-cameras-reportedly-hacked-footage-posted-online/

Ubisoft, Crytek data posted on ransomware gang’s site – Ransomware gang also threatened to leak the source code of an upcoming Ubisoft game.

www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/

Iranian state hacker group MuddyWater linked to Thanos ransomware deployments

www.zdnet.com/article/iranian-state-hacker-group-linked-to-ransomware-deployments/

New Emotet attacks use fake Windows Update lures

www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.

threatpost.com/travelex-ddos-extortion-campaign/160110/

Two New IoT Vulnerabilities Identified with Mirai Payloads

unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/

Health Data Breaches in 2020: Ransomware Incidents Dominate – In 2020, 444 breaches affecting more than 21 million individuals have been reported

www.healthcareinfosecurity.com/health-data-breaches-in-2020-ransomware-incidents-dominate-a-15170

Morgan Stanley Fined $60 Million for failure to properly oversee the decommissioning of several data centers

www.bankinfosecurity.com/morgan-stanley-fined-60-million-for-data-protection-mishaps-a-15158

Singapore tightens security requirements for new home routers

www.zdnet.com/article/singapore-tightens-security-requirements-for-new-home-routers/#ftag=RSSbaffb68

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

www.darkreading.com/attacks-breaches/treasury-dept-advisory-shines-spotlight-on-ransomware-negotiators/d/d-id/1339169

The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both)

www.forbes.com/sites/bernardmarr/2020/10/14/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/

Cybersecurity: The Human Challenge – Findings from a global survey of 5, 000 IT managers

news.sophos.com/en-us/2020/10/14/cybersecurity-the-human-challenge/

Cybersecurity exercise boosts preparedness of EU Agencies to respond to cyber incidents

www.enisa.europa.eu/news/enisa-news/cybersecurity-exercise-boosts-preparedness-of-eu-agencies-to-respond-to-cyber-incidents

Disobey 2021 Hacker Challenge is live!

disobey.fi/2021/

Related