Daily NCSC-FI news followup 2020-12-30

DHS orders federal agencies to update SolarWinds Orion platform

www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020.

Microsoft: SolarWinds hackers’ goal was the victims’ cloud data

www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/ Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.

Emotet malware hits Lithuania’s National Public Health Center

www.bleepingcomputer.com/news/security/emotet-malware-hits-lithuanias-national-public-health-center/ The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions.

SearchDimension search hijackers: An overview of developments

blog.malwarebytes.com/adware/2020/12/searchdimension-search-hijackers/ SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in the names of their browser extensions.

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/ In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed in Golang.

Wasabi cloud storage service knocked offline for hosting malware

www.bleepingcomputer.com/news/security/wasabi-cloud-storage-service-knocked-offline-for-hosting-malware/ Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware.

FBI: Pranksters are hijacking smart devices to live-stream swatting incidents

www.zdnet.com/article/fbi-pranksters-are-hijacking-smart-devices-to-live-stream-swatting-incidents/ The FBI said it’s working with smart device makers to address the issue.

Apple loses copyright battle against security start-up Corellium

www.washingtonpost.com/technology/2020/12/29/apple-corellium-lawsuit/ Corellium helps customers find bugs in Apples mobile operating system. Apple aimed to shut it down.

Kahdenlaisia huijausviestejä OP Ryhmän nimissä

www.op.fi/-/kahdenlaisia-huijausviesteja-op-ryhman-nimissa Huijausviesteissä voidaan väittää, että asiakkaan tili pitäisi todentaa, ja viestit saattavat näyttää OP:n omilta, luottamuksellisilta sähköposteilta.. Toisenlaisissa huijausviesteissä väitetään, että uusi laite on linkitetty matkapuhelimeen, ja pyydetään reagoimaan, jos se ei ollut asiakas itse.

You might be interested in …

Daily NCSC-FI news followup 2019-09-22

Act Platform : Open Platform For Collection & Exchange Of Threat Intelligence Information kalilinuxtutorials.com/act-platform-semi-automated-cyber-threat-intelligence/ Semi-Automated Cyber Threat Intelligence or ACT is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT.. Read also: www.first.org/resources/papers/london2019/Training-The-ACT-Threat-Intelligenve-Platform-Eian.pdf. Read also: github.com/mnemonic-no/act-platform We All Could Pay […]

Read More

Daily NCSC-FI news followup 2019-07-12

Buhtrap group uses zeroday in latest espionage campaigns www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/ ESET research reveals notorious crime group also conducting espionage campaigns for the past five years Over 17,000 Domains Infected with Code that Steals Card Data www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/ Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured […]

Read More

Daily NCSC-FI news followup 2021-06-26

Microsoft says SolarWinds hacking group has breached three new victims therecord.media/microsoft-says-solarwinds-hacking-group-has-breached-three-new-victims/ Microsoft said on Friday that it discovered new cyberattacks carried out by Nobelium, the codename the company has assigned to the Russian state-sponsored hacking group responsible for the SolarWinds hack last year. Direct link to Microsoft report: msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/ Microsoft admits to signing rootkit malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.