Daily NCSC-FI news followup 2020-11-11

Play Store identified as main distribution vector for most Android malware

www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study considered the largest one of its kind carried out to date. Lisäksi: arxiv.org/pdf/2010.10088.pdf

Facebook link preview feature used as a proxy in website-scraping scheme

www.zdnet.com/article/facebook-link-preview-feature-used-as-a-proxy-in-website-scraping-scheme Multiple data-scraping groups have abused the Facebook link preview feature to scrape data from internet sites disguised as Facebook’s content crawler.

The Third-Party Ransomware Attack You Never Saw Coming

www.recordedfuture.com/understanding-third-party-ransomware-risk/ Ransomware attacks on third parties are not new, but their increasing frequency means that you need to treat it as an inevitability.

Recent ransomware wave targeting Israel linked to Iranian threat actors

www.zdnet.com/article/recent-ransomware-wave-targeting-israel-linked-to-iranian-threat-actors Israeli companies have seen an uptick in attacks and successful infections with the Pay2Key and WannaScream ransomware.

Targeted ransomware: it’s not just about encrypting your data!

securelist.com/targeted-ransomware-encrypting-data/99255/ When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data it’s primarily about data exfiltration.

Poliisi on selvittänyt myös Kuopion Minna Canthin kouluun kohdistuneen uhkailijan henkilöllisyyden ja selvittää nyt kolmatta koulu-uhkauksen tekijää

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_on_selvittanyt_myos_kuopion_minna_canthin_kouluun_kohdistuneen_uhkailijan_henkilollisyyden_ja_selvittaa_nyt_kolmatta_koulu-uhkauksen_tekijaa_… Itä-Suomen poliisi on jatkanut kahteen kuopiolaiseen kouluun (Hatsalan koulu ja Minna Canthin koulu) kohdistuneiden Jodel -viestisovelluksen kautta tehtyjen uhkausten selvittelyä. Lisäksi:

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/kahdelle_kuopiolaiselle_koululle_kohdistettu_uhkailua_viestipalvelusovelluksessa_94586?language=fi

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/ Philippines COVID-KAYA app allowed for unauthorized access typically protected by superuser’ credentials and also may have exposed patient data.

DDoS attacks are cheaper and easier to carry out than ever before

www.zdnet.com/article/ddos-attacks-are-cheaper-and-easier-to-carry-out-than-ever-before/ The sheer amount on insecure devices out there particularly IoT products means it’s simple for cyber criminals to create botnets and lease them out.

Minecraft Apps on Google Play Fleece Players Out of Big Money

threatpost.com/minecraft-apps-google-play-fleece-players/161125/ Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. Lisäksi:

www.zdnet.com/article/avast-warns-of-minecraft-apps-fleecing-millions-of-google-play-users/

Decrypting OpenSSH sessions for fun and profit

blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers.

You might be interested in …

Daily NCSC-FI news followup 2021-06-26

Microsoft says SolarWinds hacking group has breached three new victims therecord.media/microsoft-says-solarwinds-hacking-group-has-breached-three-new-victims/ Microsoft said on Friday that it discovered new cyberattacks carried out by Nobelium, the codename the company has assigned to the Russian state-sponsored hacking group responsible for the SolarWinds hack last year. Direct link to Microsoft report: msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/ Microsoft admits to signing rootkit malware […]

Read More

Daily NCSC-FI news followup 2021-07-08

Microsoft: PrintNightmare now patched on all Windows versions www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/ Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016. Lisäksi: docs.microsoft.com/en-us/windows/release-health/windows-message-center. Lisäksi: www.bleepingcomputer.com/news/microsoft/how-to-mitigate-print-spooler-vulnerability-on-windows-10/ Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/ Despite Tuesday’s out-of-band patch being […]

Read More

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.