Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also

www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment

www.justice.gov/opa/press-release/file/1328521/download. see also

www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Watch out for Emotet malware’s new ‘Windows Update’ attachment

www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/ The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.

Microsoft Exchange, Outlook Under Siege By APTs

threatpost.com/microsoft-exchange-outlook-apts/160273/ A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.. see also

www.accenture.com/us-en/insights/security/cyber-threatscape-report

Discord desktop app vulnerability chain triggered remote code execution attacks

www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.

Hackers hijack Telegram, email accounts in SS7 mobile attack

www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/ Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

GravityRAT: The spy returns

securelist.com/gravityrat-the-spy-returns/99097/ In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.

Tietomurron seurauksena yli 400000 asiakkaan henkilötiedot päätyivät verkkoon Lentoyhtiö sai roiman alennuksen sakkoonsa

www.kauppalehti.fi/uutiset/tietomurron-seurauksena-yli-400000-asiakkaan-henkilotiedot-paatyivat-verkkoon-lentoyhtio-sai-roiman-alennuksen-sakkoonsa/457dee3f-1eb7-4265-b5cb-cbee4047b7f8 Britannian tietovalvontakeskus alentaa lentoyhtiö British Airwaysin tietomurron sakon 20 miljoonaan puntaan eli reiluun 22 miljoonaan euroon, Tech Crunch kirjoittaa. Alunperin sakon suuruudeksi oli määrätty 184 miljoonaa puntaa eli yli 200 miljoonaa euroa.

Mies syytteessä 135 miljoonan euron kiristämisestä haittaohjelmien avulla Ranskassa

www.is.fi/digitoday/art-2000006674258.html Pariisissa oikeus ryhtyy puimaan juttua, jossa 41-vuotiasta miestä syytetään 135 miljoonan euron kiristämisestä tietokoneisiin ujutettujen haittaohjelmien avulla. Uhreja on lähes 200 eri puolilta maailmaa.

Overlay Malware Targets Windows Users with a DLL Hijack Twist

threatpost.com/overlay-malware-dll-hijack/160288/ Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.

Major Vulnerabilities Discovered in Qualcomm QCMAP

www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities In a recent supply chain security assessment, Vdoo analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomms QCMAP (Mobile Access Point) architecture that these devices were based on.. An attacker that exploits the discovered vulnerabilities can gain remote root access to any of the affected devices.

Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda

blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/ Cloud breaches are becoming increasingly prevalent in this modern digital era. One of the more dangerous strategies attackers deploy during a cloud breach is Privilege escalation. They use this to move laterally within a cloud environment and access sensitive assets.

You might be interested in …

Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February […]

Read More

Daily NCSC-FI news followup 2019-12-17

Visa Security Alert – CYBERCRIME GROUPS TARGETING FUEL DISPENSER MERCHANTS click.broadcasts.visa.com/xfm/?30761/0/0624013ddc6f39785bf56d504f3b812e/lonew In summer 2019, Visa Payment Fraud Disruption (PFD) identified three unique attacks targeting merchant point-of-sale (POS) systems that were likely carried out by sophisticated cybercrime groups. Two of the attacks targeted the POS systems of North American fuel dispenser merchants. PFD recently reported on […]

Read More

Daily NCSC-FI news followup 2019-06-25

Operation Soft Cell a worldwide campaign against telecommunications providers www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.