Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also

www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment

www.justice.gov/opa/press-release/file/1328521/download. see also

www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Watch out for Emotet malware’s new ‘Windows Update’ attachment

www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/ The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.

Microsoft Exchange, Outlook Under Siege By APTs

threatpost.com/microsoft-exchange-outlook-apts/160273/ A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.. see also

www.accenture.com/us-en/insights/security/cyber-threatscape-report

Discord desktop app vulnerability chain triggered remote code execution attacks

www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.

Hackers hijack Telegram, email accounts in SS7 mobile attack

www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/ Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

GravityRAT: The spy returns

securelist.com/gravityrat-the-spy-returns/99097/ In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.

Tietomurron seurauksena yli 400000 asiakkaan henkilötiedot päätyivät verkkoon Lentoyhtiö sai roiman alennuksen sakkoonsa

www.kauppalehti.fi/uutiset/tietomurron-seurauksena-yli-400000-asiakkaan-henkilotiedot-paatyivat-verkkoon-lentoyhtio-sai-roiman-alennuksen-sakkoonsa/457dee3f-1eb7-4265-b5cb-cbee4047b7f8 Britannian tietovalvontakeskus alentaa lentoyhtiö British Airwaysin tietomurron sakon 20 miljoonaan puntaan eli reiluun 22 miljoonaan euroon, Tech Crunch kirjoittaa. Alunperin sakon suuruudeksi oli määrätty 184 miljoonaa puntaa eli yli 200 miljoonaa euroa.

Mies syytteessä 135 miljoonan euron kiristämisestä haittaohjelmien avulla Ranskassa

www.is.fi/digitoday/art-2000006674258.html Pariisissa oikeus ryhtyy puimaan juttua, jossa 41-vuotiasta miestä syytetään 135 miljoonan euron kiristämisestä tietokoneisiin ujutettujen haittaohjelmien avulla. Uhreja on lähes 200 eri puolilta maailmaa.

Overlay Malware Targets Windows Users with a DLL Hijack Twist

threatpost.com/overlay-malware-dll-hijack/160288/ Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.

Major Vulnerabilities Discovered in Qualcomm QCMAP

www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities In a recent supply chain security assessment, Vdoo analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomms QCMAP (Mobile Access Point) architecture that these devices were based on.. An attacker that exploits the discovered vulnerabilities can gain remote root access to any of the affected devices.

Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda

blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/ Cloud breaches are becoming increasingly prevalent in this modern digital era. One of the more dangerous strategies attackers deploy during a cloud breach is Privilege escalation. They use this to move laterally within a cloud environment and access sensitive assets.

You might be interested in …

Daily NCSC-FI news followup 2019-12-24

Google Chrome impacted by new Magellan 2.0 vulnerabilities www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/ A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.. All apps that use an SQLite database to store data are vulnerable, although, the vector for “remote attacks over the internet” is How […]

Read More

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2019-06-17

Bloomberg: Argentina Isnt Ruling Out a Cyberattack in Major Power Outage www.bloomberg.com/news/articles/2019-06-16/massive-power-failure-sweeps-across-argentina-and-uruguay Though a cyberattack isnt the primary hypothesis, it cant be ruled out, Argentine Energy Secretary Gustavo Lopetegui told reporters in Buenos Aires. A technical issue or simple humidity could have triggered the breakdown, said Carlos Garcia Pereira, head of Transener, Argentinas largest power-transmission […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.