Daily NCSC-FI news followup 2020-11-11

Play Store identified as main distribution vector for most Android malware

www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study considered the largest one of its kind carried out to date. Lisäksi: arxiv.org/pdf/2010.10088.pdf

Facebook link preview feature used as a proxy in website-scraping scheme

www.zdnet.com/article/facebook-link-preview-feature-used-as-a-proxy-in-website-scraping-scheme Multiple data-scraping groups have abused the Facebook link preview feature to scrape data from internet sites disguised as Facebook’s content crawler.

The Third-Party Ransomware Attack You Never Saw Coming

www.recordedfuture.com/understanding-third-party-ransomware-risk/ Ransomware attacks on third parties are not new, but their increasing frequency means that you need to treat it as an inevitability.

Recent ransomware wave targeting Israel linked to Iranian threat actors

www.zdnet.com/article/recent-ransomware-wave-targeting-israel-linked-to-iranian-threat-actors Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware.

Targeted ransomware: it’s not just about encrypting your data!

securelist.com/targeted-ransomware-encrypting-data/99255/ When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data it’s primarily about data exfiltration.

Poliisi on selvittänyt myös Kuopion Minna Canthin kouluun kohdistuneen uhkailijan henkilöllisyyden ja selvittää nyt kolmatta koulu-uhkauksen tekijää

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_on_selvittanyt_myos_kuopion_minna_canthin_kouluun_kohdistuneen_uhkailijan_henkilollisyyden_ja_selvittaa_nyt_kolmatta_koulu-uhkauksen_tekijaa_… Itä-Suomen poliisi on jatkanut kahteen kuopiolaiseen kouluun (Hatsalan koulu ja Minna Canthin koulu) kohdistuneiden Jodel -viestisovelluksen kautta tehtyjen uhkausten selvittelyä. Lisäksi:

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/kahdelle_kuopiolaiselle_koululle_kohdistettu_uhkailua_viestipalvelusovelluksessa_94586?language=fi

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/ Philippines COVID-KAYA app allowed for unauthorized access typically protected by superuser’ credentials and also may have exposed patient data.

DDoS attacks are cheaper and easier to carry out than ever before

www.zdnet.com/article/ddos-attacks-are-cheaper-and-easier-to-carry-out-than-ever-before/ The sheer amount on insecure devices out there particularly IoT products means it’s simple for cyber criminals to create botnets and lease them out.

Minecraft Apps on Google Play Fleece Players Out of Big Money

threatpost.com/minecraft-apps-google-play-fleece-players/161125/ Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. Lisäksi:

www.zdnet.com/article/avast-warns-of-minecraft-apps-fleecing-millions-of-google-play-users/

Decrypting OpenSSH sessions for fun and profit

blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers.

You might be interested in …

Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa US aerospace services provider breached by Maze Ransomware www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached […]

Read More

Daily NCSC-FI news followup 2019-08-17

Apples Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market www.vice.com/en_us/article/d3a8jq/apple-corellium-lawsuit Apple sued Corellium, a company that makes virtual copies of iOS for researchers to practice hacking the iPhone on. NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down www.theregister.co.uk/2019/08/16/spying_reauthorization_coats/ In […]

Read More

Daily NCSC-FI news followup 2020-10-27

Uusi työkalu johdolle kyberuhkien hallintaan www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/uusi-tyokalu-johdolle-kyberuhkien-hallintaan Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen kehittämä Kybermittari auttaa yritysjohtoa saamaan kyberriskit kattavammin hallintaan ja turvaamaan liiketoiminnan jatkuvuuden. DN: Suuri tietomurto ruotsalaiseen turvallisuusalan yritykseen, verkkoon on vuodettu muun muassa pankki­holvien piirustuksia www.hs.fi/ulkomaat/art-2000006700788.html Ruotsalaiseen, kansainvälisesti toimivaan turvallisuusalan yhtiöön on tehty mittava tietomurto, jossa verkkoon on vuodettu esimerkiksi pankkiholvien piirustuksia ja hälytysjärjestelmien […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.