Daily NCSC-FI news followup 2020-11-23

Critical Controls 2021

www.cert.govt.nz/it-specialists/critical-controls/10-critical-controls/ CERT NZs ten critical controls are designed to help you decide where best to spend your time and money. These have been developed based on the data and insights we received from reports and international threat feeds. . The 2021 top ten list includes two new controls:. Provide and use a password manager. Secure internet-exposed services

Malware in Minecraft mods

www.kaspersky.com/blog/minecraft-mod-adware-google-play/37717/ Unfortunately, as with any successful project, cybercriminals are eager for a piece of the action. Since July of this year, we have detected more than 20 apps on Google Play claiming to be modpacks for Minecraft, when in fact their primary purpose is to display ads on smartphones and tablets in an extremely intrusive manner. We explain what these apps are and how to protect Android devices against . such threats.

Researchers Hacked And Stole A Tesla Model X In Just Minutes

www.forbes.com/sites/leemathews/2020/11/23/researchers-hacked-and-stole-a-tesla-model-x-in-just-minutes/ The attack exploits a weakness in the way Bluetooth communication between the vehicle and fob is handled. Remarkably, the equipment required to pull off the attack costs a measly $200. The core components are a Raspberry Pi, a replacement Tesla ECU (engine control unit) and a key fob.. The KU Leuven team disclosed its findings to Tesla and a fix was pushed to vulnerable vehicles via an over-the-air update this summer. Still, its a startling reminder of the capabilities todays skilled hacking teams possess.

Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of affordable wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any . devices connected to that network.

Shop securely online this Black Friday

www.ncsc.gov.uk/blog-post/shop-securely-online-this-black-friday With Black Friday and Cyber Monday fast approaching, it’s likely that shoppers will move online more than ever with most high street stores still closed. We have updated our online shopping guidance this week to give you the most up to date advice on how to stay secure whilst getting the best deals online.

Spotify Users Hit with Rash of Account Takeovers

threatpost.com/spotify-account-takeovers/161495/ vpnMentors research team spotted an open Elasticsearch database containing more than 380 million individual records, including login credentials and other user data, actively being validated against Spotify accounts. The database in question contained over 72 GB of data, including account usernames and passwords verified on Spotify; email addresses; and countries of residence.

Brazilian government recovers from “worst-ever” cyberattack

www.zdnet.com/article/brazilian-government-recovers-from-worst-ever-cyberattack/ After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution, the Superior Electoral Court (STJ, in the Portuguese acronym) has managed to get its systems back up and running, after more than two weeks facing disruption.

Joe Biden Campaign Subdomain Down After Hacktivist Defacement

threatpost.com/joe-biden-campaign-website-hacktivist-defacement/161471/ The subdomain, vote.joebiden.com, was part of the official campaign website JoeBiden.com used by the Biden campaign leading up to the 2020 U.S. presidential election. On Nov. 18, the subdomain reportedly began to display a message in Turkish. In the message, the hacker claims to be RootAyy1ld1z, a Turkish And Muslim Defacer who is not a group or organization, but who fights alone.

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs

www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/ Although the 2018 bug was publicly disclosed over a year ago, researchers have spotted around 50,000 targets that can still be targeted by attackers.

How Industrial IoT Security Can Catch Up With OT/IT Convergence

www.darkreading.com/edge/theedge/how-industrial-iot-security-can-catch-up-with-ot-it-convergence/b/d-id/1339502 In 2019 alone, research indicates attacks on OT targets had skyrocketed by 300%. However, [Darktrace director] Tsonchev points out that most of the attacks are not coming from the sort of nation-state actors that so many companies fear. Rather, they’re coming from garden-variety criminals who now have the tools to take effective aim at OT systems.

Analysis of TTPs employed by Egregor operators

www.group-ib.com/blog/egregor Egregor has been actively distributed since September 2020. In less than 3 months Egregor operators have managed to successfully hit 69 companies around the world with 32 targets in the US, 7 victims in France and Italy each, 6 in Germany, and 4 in the UK. Other victims happened to be from the APAC, Middle East, and Latin America. Egregor’s favorite sectors are Manufacturing (28.9% of victims) and . Retail (14.5%).

October 12 blackout [in Mumbai] was a sabotage

mumbaimirror.indiatimes.com/mumbai/cover-story/oct-12-blackout-was-a-sabotage/articleshow/79312959.cms Last months power outage in the Mumbai Metropolitan Region (MMR) was possibly the result of a sophisticated sabotage attempt involving foreign entities, a probe carried out by the state polices cyber cell has revealed.

Apple-Notarized Malware: What It Is and How It Affects Mac Users

www.tripwire.com/state-of-security/featured/apple-notarized-malware-how-it-affects-mac-users/ Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users.

You might be interested in …

Daily NCSC-FI news followup 2019-07-15

Lahdessa toivotaan kyberhyökkääjän jäävän kiinni”Tällainen toiminta ei ole mitään askartelua ja puuhastelua, vaan raakaa ammattimaista rikollisuutta” www.ess.fi/uutiset/paijathame/art2554035 Tietoturva-asiantuntijat antavat Lahdelle kiitosta ripeästä toiminnasta kesäkuisen kyberhyökkäyksen alettua. “Toiminta oli erittäin asiantuntevaa”, sanoo Kyberturvallisuuskeskuksen Kauto Huopio. Turla renews its arsenal with Topinambour securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ 2019 has seen the Turla actor actively renew its arsenal. Its developers are still […]

Read More

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Daily NCSC-FI news followup 2019-10-12

These are the 29 countries vulnerable to Simjacker attacks www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/ Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.. Simjacker attacks spotted in Mexico, Colombia and Peru. Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ The RIG exploit kit is now pushing a cocktail […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.