Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. . see also

www.cisa.gov/supply-chain-compromise

DHS warns of data theft risk when using Chinese products

www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/ The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the Peoples Republic of China (PRC).

Emotet Returns to Hit 100K Mailboxes Per Day

threatpost.com/emotet-returns-100k-mailboxes/162584/ Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.. After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.. see also

blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/

Lazarus covets COVID-19-related intelligence

securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research.. see also

threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/

QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities

www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/ QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.

Malware wrapped in Cyberpunk 2077

www.kaspersky.com/blog/cyberpunk-2077-ransomware/38196/ No sooner was Cyberpunk 2077 released for Windows and consoles than we came across a beta version for Android online. It was completely free to download from a site bearing the name cyberpunk2077mobile[.]com. The games actual developer has yet to announce any mobile version of the game, so we decided to investigate.

Microsoft 365 admins can now get security incident email alerts

www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/ Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution.

You might be interested in …

Daily NCSC-FI news followup 2020-02-08

Dangerous Domain Corp.com Goes Up for Sale krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in […]

Read More

Daily NCSC-FI news followup 2020-04-27

Ciscon USC-laitteet ovat vaarassa tuhoutua omin päin, mikäli ylläpitäjät eivät tilannetta ratkaise www.tivi.fi/uutiset/tv/be4dd0ae-92ab-4e18-8e9b-9d3a04adacb9 The Register kertoo, että 23:ssa Ciscon USC-malliston palvelimessa on ikävä vika. Ne nimittäin ottavat ja itsetuhoutuvat, kun niiden käyttöaika yltää 40 000 tuntiin. “Jos ssd-levy yltää 40 000 käyttötuntiin asti, levy muuttuu täysin käyttökelvottomaksi ja se on vaihdettava”, Cisco varoittaa asiakkaitaan. Lue […]

Read More

Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. When coffee makers are demanding a ransom, you know IoT is screwed arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water. Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.