Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also

www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment

www.justice.gov/opa/press-release/file/1328521/download. see also

www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Watch out for Emotet malware’s new ‘Windows Update’ attachment

www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/ The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.

Microsoft Exchange, Outlook Under Siege By APTs

threatpost.com/microsoft-exchange-outlook-apts/160273/ A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.. see also

www.accenture.com/us-en/insights/security/cyber-threatscape-report

Discord desktop app vulnerability chain triggered remote code execution attacks

www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.

Hackers hijack Telegram, email accounts in SS7 mobile attack

www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/ Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

GravityRAT: The spy returns

securelist.com/gravityrat-the-spy-returns/99097/ In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.

Tietomurron seurauksena yli 400000 asiakkaan henkilötiedot päätyivät verkkoon Lentoyhtiö sai roiman alennuksen sakkoonsa

www.kauppalehti.fi/uutiset/tietomurron-seurauksena-yli-400000-asiakkaan-henkilotiedot-paatyivat-verkkoon-lentoyhtio-sai-roiman-alennuksen-sakkoonsa/457dee3f-1eb7-4265-b5cb-cbee4047b7f8 Britannian tietovalvontakeskus alentaa lentoyhtiö British Airwaysin tietomurron sakon 20 miljoonaan puntaan eli reiluun 22 miljoonaan euroon, Tech Crunch kirjoittaa. Alunperin sakon suuruudeksi oli määrätty 184 miljoonaa puntaa eli yli 200 miljoonaa euroa.

Mies syytteessä 135 miljoonan euron kiristämisestä haittaohjelmien avulla Ranskassa

www.is.fi/digitoday/art-2000006674258.html Pariisissa oikeus ryhtyy puimaan juttua, jossa 41-vuotiasta miestä syytetään 135 miljoonan euron kiristämisestä tietokoneisiin ujutettujen haittaohjelmien avulla. Uhreja on lähes 200 eri puolilta maailmaa.

Overlay Malware Targets Windows Users with a DLL Hijack Twist

threatpost.com/overlay-malware-dll-hijack/160288/ Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.

Major Vulnerabilities Discovered in Qualcomm QCMAP

www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities In a recent supply chain security assessment, Vdoo analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomms QCMAP (Mobile Access Point) architecture that these devices were based on.. An attacker that exploits the discovered vulnerabilities can gain remote root access to any of the affected devices.

Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda

blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/ Cloud breaches are becoming increasingly prevalent in this modern digital era. One of the more dangerous strategies attackers deploy during a cloud breach is Privilege escalation. They use this to move laterally within a cloud environment and access sensitive assets.

You might be interested in …

Daily NCSC-FI news followup 2020-08-17

Hackers Stole 1 Terabyte Of Data From Billion-Dollar U.S. Liquor Maker www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/ The REvil ransomware gang has struck again. This time the victim is Brown-Forman, the 150-year-old Kentucky-based company behind such brands as Jack Daniels, Finlandia vodka and Korbel champagne.. see also www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/ Tea at the Ritz soured by credit card scammers www.bbc.co.uk/news/technology-53793922 Diners at […]

Read More

Daily NCSC-FI news followup 2020-10-28

Vastaamo-kiristäjä pysyi piilossa vaikka lunnaiden maksuaika umpeutui nyt uhkana uhrien identiteettivarkaudet yle.fi/uutiset/3-11618253 Kiristäjä ei tiettävästi julkaissut uusia henkilötietoja tai potilaskertomuksia tiistaina, kuten uhkasi. Vastaamo-kiristyksen uhrien tietoja levitetään nyt uudella tavalla asiantuntijat: Harkitse tarkkaan, mitä kirjoitat someen www.is.fi/digitoday/art-2000006702529.html Tiedetään, että idiootit pimeässä verkossa ovat jo levittäneet poliisien, kansanedustajien ja muiden julkisuuden henkilöiden potilastietoja, sanoo F-Securen tietoturvajohtaja […]

Read More

Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.