Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi:

yle.fi/uutiset/3-11637719

Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja parantamaan tietosuojaa

yle.fi/uutiset/3-11638974 Liikenne- ja viestintäministeriö (LVM) on asettanut työryhmän, jonka tehtävänä on kartoittaa yhteiskunnan toiminnan kannalta keskeisten toimialojen tietoturvaa, ministeriö kertoo tiedotteessaan.

Compal, the second-largest laptop manufacturer in the world, hit by ransomware – Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu

www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/ Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal employees with Yahoo Taiwan reporters. Lisäksi:

www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/

Le malware-as-a-service Emotet

www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-010/ Observé pour la première fois en 2014 en tant que cheval de Troie bancaire, Emotet a évolué vers une structure modulaire à partir de 2015. Depuis 2017, Emotet distribue, au sein des systèmes d’information qu’il infecte, des codes malveillants opérés par des groupes d’attaquants cybercriminels clients de TA542.

Active Directory Attacks – Red It Out

packetstormsecurity.com/files/159968/red-it-out.pdf This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network.

RDP and the remote desktop

blogs.cisco.com/security/rdp-and-the-remote-desktop There are two sides to the shift to remote work. On one side, you need to ensure that your people have access to equipment that will allow them to perform their day-to-day tasks. On the other, there needs to be a way to connect back to company resources that will help workers complete those tasks.

Fake Microsoft Teams updates lead to Cobalt Strike deployment

www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.

Ghimob: a Tétrade threat actor moves to infect mobile devices

securelist.com/ghimob-tetrade-threat-mobile-devices/99228/ Ghimob is a full-fledged spy in your pocket: once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioral systems.

Ultimate Member Plugin for WordPress Allows Site Takeover

threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/ A WordPress plugin installed on more than 100, 000 sites has three critical security bugs that each allow privilege escalation and potentially full control over a target WordPress site.

Microsoft Exchange Attack Exposes New xHunt Backdoors

threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/ Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait

Insecure APIs a Growing Risk for Organizations

www.darkreading.com/application-security/insecure-apis-a-growing-risk-for-organizations/d/d-id/1339402 Security models for application programming interfaces haven’t kept pace with requirements of a non-perimeter world, Forrester says.

Ransomware hits e-commerce platform X-Cart

www.zdnet.com/article/ransomware-hits-e-commerce-platform-x-cart E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform.

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

unit42.paloaltonetworks.com/xhunt-campaign-backdoors/ The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait.

You might be interested in …

Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social […]

Read More

Daily NCSC-FI news followup 2019-07-26

Stock Trading Service Robinhood Admits To Storing Some Passwords in Cleartext www.zdnet.com/article/robinhood-admits-to-storing-some-passwords-in-cleartext/ “On Monday night, we discovered that some user credentials were stored in a readable format within our internal system,” the company said.. “We resolved the issue, and after thorough review, found no evidence that this information was accessed by anyone outside our response […]

Read More

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.