Daily NCSC-FI news followup 2020-11-11

Play Store identified as main distribution vector for most Android malware

www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study considered the largest one of its kind carried out to date. Lisäksi: arxiv.org/pdf/2010.10088.pdf

Facebook link preview feature used as a proxy in website-scraping scheme

www.zdnet.com/article/facebook-link-preview-feature-used-as-a-proxy-in-website-scraping-scheme Multiple data-scraping groups have abused the Facebook link preview feature to scrape data from internet sites disguised as Facebook’s content crawler.

The Third-Party Ransomware Attack You Never Saw Coming

www.recordedfuture.com/understanding-third-party-ransomware-risk/ Ransomware attacks on third parties are not new, but their increasing frequency means that you need to treat it as an inevitability.

Recent ransomware wave targeting Israel linked to Iranian threat actors

www.zdnet.com/article/recent-ransomware-wave-targeting-israel-linked-to-iranian-threat-actors Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware.

Targeted ransomware: it’s not just about encrypting your data!

securelist.com/targeted-ransomware-encrypting-data/99255/ When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data it’s primarily about data exfiltration.

Poliisi on selvittänyt myös Kuopion Minna Canthin kouluun kohdistuneen uhkailijan henkilöllisyyden ja selvittää nyt kolmatta koulu-uhkauksen tekijää

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_on_selvittanyt_myos_kuopion_minna_canthin_kouluun_kohdistuneen_uhkailijan_henkilollisyyden_ja_selvittaa_nyt_kolmatta_koulu-uhkauksen_tekijaa_… Itä-Suomen poliisi on jatkanut kahteen kuopiolaiseen kouluun (Hatsalan koulu ja Minna Canthin koulu) kohdistuneiden Jodel -viestisovelluksen kautta tehtyjen uhkausten selvittelyä. Lisäksi:


COVID-19 Data-Sharing App Leaked Healthcare Worker Info

threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/ Philippines COVID-KAYA app allowed for unauthorized access typically protected by superuser’ credentials and also may have exposed patient data.

DDoS attacks are cheaper and easier to carry out than ever before

www.zdnet.com/article/ddos-attacks-are-cheaper-and-easier-to-carry-out-than-ever-before/ The sheer amount on insecure devices out there particularly IoT products means it’s simple for cyber criminals to create botnets and lease them out.

Minecraft Apps on Google Play Fleece Players Out of Big Money

threatpost.com/minecraft-apps-google-play-fleece-players/161125/ Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. Lisäksi:


Decrypting OpenSSH sessions for fun and profit

blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers.

You might be interested in …

Daily NCSC-FI news followup 2021-03-10

Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html One of the fundamental security issues with open source is that its difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and […]

Read More

Daily NCSC-FI news followup 2021-03-22

Näin haittaohjelma tulee älypuhelimeen ja miten se estetään pjarvinen.blogspot.com/2021/03/nain-haittaohjelma-tulee-alypuhelimeen.html?m=1&s=09 Pari päivää sitten puhelimeeni kilahti tekstiviesti: “[OmaPosti] Sinulla on paketti, joka on allekirjoitettava, tarkista…” (ja is.gd-linkkilyhennyspalvelun taakse piilotettu osoite). Haittaohjelmien yhä lisääntyessä virustorjuntaohjelma saattaa olla paikallaan, varsinkin jos puhelimeen ladataan pelejä ja sitä käytetään huolimattomasti. Ilman torjuntaohjelmaakin pärjää, kunhan ei lataa epämääräisiä ohjelmia eikä ikinä asenna […]

Read More

Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.