Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also

www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment

www.justice.gov/opa/press-release/file/1328521/download. see also

www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Watch out for Emotet malware’s new ‘Windows Update’ attachment

www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/ The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.

Microsoft Exchange, Outlook Under Siege By APTs

threatpost.com/microsoft-exchange-outlook-apts/160273/ A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.. see also

www.accenture.com/us-en/insights/security/cyber-threatscape-report

Discord desktop app vulnerability chain triggered remote code execution attacks

www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.

Hackers hijack Telegram, email accounts in SS7 mobile attack

www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/ Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

GravityRAT: The spy returns

securelist.com/gravityrat-the-spy-returns/99097/ In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.

Tietomurron seurauksena yli 400000 asiakkaan henkilötiedot päätyivät verkkoon Lentoyhtiö sai roiman alennuksen sakkoonsa

www.kauppalehti.fi/uutiset/tietomurron-seurauksena-yli-400000-asiakkaan-henkilotiedot-paatyivat-verkkoon-lentoyhtio-sai-roiman-alennuksen-sakkoonsa/457dee3f-1eb7-4265-b5cb-cbee4047b7f8 Britannian tietovalvontakeskus alentaa lentoyhtiö British Airwaysin tietomurron sakon 20 miljoonaan puntaan eli reiluun 22 miljoonaan euroon, Tech Crunch kirjoittaa. Alunperin sakon suuruudeksi oli määrätty 184 miljoonaa puntaa eli yli 200 miljoonaa euroa.

Mies syytteessä 135 miljoonan euron kiristämisestä haittaohjelmien avulla Ranskassa

www.is.fi/digitoday/art-2000006674258.html Pariisissa oikeus ryhtyy puimaan juttua, jossa 41-vuotiasta miestä syytetään 135 miljoonan euron kiristämisestä tietokoneisiin ujutettujen haittaohjelmien avulla. Uhreja on lähes 200 eri puolilta maailmaa.

Overlay Malware Targets Windows Users with a DLL Hijack Twist

threatpost.com/overlay-malware-dll-hijack/160288/ Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.

Major Vulnerabilities Discovered in Qualcomm QCMAP

www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities In a recent supply chain security assessment, Vdoo analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomms QCMAP (Mobile Access Point) architecture that these devices were based on.. An attacker that exploits the discovered vulnerabilities can gain remote root access to any of the affected devices.

Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda

blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/ Cloud breaches are becoming increasingly prevalent in this modern digital era. One of the more dangerous strategies attackers deploy during a cloud breach is Privilege escalation. They use this to move laterally within a cloud environment and access sensitive assets.

You might be interested in …

Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known […]

Read More

Daily NCSC-FI news followup 2020-09-29

Koronavilkku päivittyi ja esittää tärkeän kysymyksen avattaessa vastaa siihen myöntävästi www.is.fi/digitoday/mobiili/art-2000006652361.html Jokaisen tulisi päivittää Koronavilkku ja avata sovellus kertaalleen. Sovellus ei enää päivityksen jälkeen voi vaipua sen toimintaa häiritsevään horrostilaan. These hackers have spent months hiding out in company networks undetected www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/ A state-sponsored hacking group been creeping around networks for almost a year as […]

Read More

Daily NCSC-FI news followup 2020-04-14

Koronan ja 5g:n yhdistävä salaliittoteoria leviää nyt tukiasemat palavat Hollannissa www.is.fi/digitoday/mobiili/art-2000006474027.html Tuhopoltoiksi epäillyt tukiasemapalot levisivät Britanniasta Hollantiin. Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminalswith no conscience and empathyare continuously targeting healthcare organizations, research facilities, and other governmental […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.