Daily NCSC-FI news followup 2020-11-11

Play Store identified as main distribution vector for most Android malware

www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study considered the largest one of its kind carried out to date. Lisäksi: arxiv.org/pdf/2010.10088.pdf

Facebook link preview feature used as a proxy in website-scraping scheme

www.zdnet.com/article/facebook-link-preview-feature-used-as-a-proxy-in-website-scraping-scheme Multiple data-scraping groups have abused the Facebook link preview feature to scrape data from internet sites disguised as Facebook’s content crawler.

The Third-Party Ransomware Attack You Never Saw Coming

www.recordedfuture.com/understanding-third-party-ransomware-risk/ Ransomware attacks on third parties are not new, but their increasing frequency means that you need to treat it as an inevitability.

Recent ransomware wave targeting Israel linked to Iranian threat actors

www.zdnet.com/article/recent-ransomware-wave-targeting-israel-linked-to-iranian-threat-actors Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware.

Targeted ransomware: it’s not just about encrypting your data!

securelist.com/targeted-ransomware-encrypting-data/99255/ When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data it’s primarily about data exfiltration.

Poliisi on selvittänyt myös Kuopion Minna Canthin kouluun kohdistuneen uhkailijan henkilöllisyyden ja selvittää nyt kolmatta koulu-uhkauksen tekijää

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_on_selvittanyt_myos_kuopion_minna_canthin_kouluun_kohdistuneen_uhkailijan_henkilollisyyden_ja_selvittaa_nyt_kolmatta_koulu-uhkauksen_tekijaa_… Itä-Suomen poliisi on jatkanut kahteen kuopiolaiseen kouluun (Hatsalan koulu ja Minna Canthin koulu) kohdistuneiden Jodel -viestisovelluksen kautta tehtyjen uhkausten selvittelyä. Lisäksi:

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/kahdelle_kuopiolaiselle_koululle_kohdistettu_uhkailua_viestipalvelusovelluksessa_94586?language=fi

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/ Philippines COVID-KAYA app allowed for unauthorized access typically protected by superuser’ credentials and also may have exposed patient data.

DDoS attacks are cheaper and easier to carry out than ever before

www.zdnet.com/article/ddos-attacks-are-cheaper-and-easier-to-carry-out-than-ever-before/ The sheer amount on insecure devices out there particularly IoT products means it’s simple for cyber criminals to create botnets and lease them out.

Minecraft Apps on Google Play Fleece Players Out of Big Money

threatpost.com/minecraft-apps-google-play-fleece-players/161125/ Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. Lisäksi:

www.zdnet.com/article/avast-warns-of-minecraft-apps-fleecing-millions-of-google-play-users/

Decrypting OpenSSH sessions for fun and profit

blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers.

You might be interested in …

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2019-09-05

FunkyBot: A New Android Malware Family Targeting Japan www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html Last year, FortiGuard Labs identified a malware campaign targeting Japanese users. The campaign impersonated a logistics company and deployed an Android malware called FakeSpy. We have been monitoring these actors and the phishing websites they created, and recently we noticed that they have started deploying a […]

Read More

Daily NCSC-FI news followup 2020-09-30

Android Spyware Variant Snoops on WhatsApp, Telegram Messages threatpost.com/new-android-spyware-whatsapp-telegram/159694/ The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. The Emerald Connection: EquationGroup collaboration with Stuxnet fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/ This article is part of a continued ongoing effort in my research of the use of a series of libraries called Exploit […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.