Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. . see also

www.cisa.gov/supply-chain-compromise

DHS warns of data theft risk when using Chinese products

www.bleepingcomputer.com/news/security/dhs-warns-of-data-theft-risk-when-using-chinese-products/ The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the Peoples Republic of China (PRC).

Emotet Returns to Hit 100K Mailboxes Per Day

threatpost.com/emotet-returns-100k-mailboxes/162584/ Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.. After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.. see also

blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/

Lazarus covets COVID-19-related intelligence

securelist.com/lazarus-covets-covid-19-related-intelligence/99906/ As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research.. see also

threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/

QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities

www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/ QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.

Malware wrapped in Cyberpunk 2077

www.kaspersky.com/blog/cyberpunk-2077-ransomware/38196/ No sooner was Cyberpunk 2077 released for Windows and consoles than we came across a beta version for Android online. It was completely free to download from a site bearing the name cyberpunk2077mobile[.]com. The games actual developer has yet to announce any mobile version of the game, so we decided to investigate.

Microsoft 365 admins can now get security incident email alerts

www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/ Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution.

You might be interested in …

Daily NCSC-FI news followup 2020-07-28

Älykelloissa käytettävät Garmin-sovellukset toimivat jälleen usean päivän jälkeen yhtiö myöntää olleensa kyberhyökkäyksen kohde yle.fi/uutiset/3-11467797 Muun muassa älykelloja valmistava Garmin myöntää olleensa kyberhyökkäyksen kohteena. Yhtiön mukaan sen sovellukset olivat maanantaina palaamassa jälleen toimintaan usean päiävän käyttökatkon jälkeen. Niiden pitäisi palautua normaaleiksi muutaman päivän kuluessa. Lisäksi www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/ ja www.tivi.fi/uutiset/tv/5beb6fe2-dc58-4e3b-9494-0ab3284c8ffd. ja www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/. Lisäksi arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ ja www.is.fi/digitoday/tietoturva/art-2000006584082.html ja www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services. […]

Read More

Daily NCSC-FI news followup 2021-08-12

Microsoft confirms another Windows print spooler zero-day bug www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/ Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as ‘PrintNightmare, ‘ which abuses configuration settings for the Windows […]

Read More

Daily NCSC-FI news followup 2019-11-28

Threat Spotlight: Machete Info-Stealer threatvector.cylance.com/en_us/home/threat-spotlight-machete-info-stealer.html Machete is an info-stealing malware that can harvest user credentials, chat logs, screenshots, webcam pictures, geolocation, and perform keylogging. It can also copy files to a USB device and take control of the clipboard to exfiltrate information. DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy www.schneier.com/blog/archives/2019/11/dhs_mandates_fe.html The DHS is […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.