Daily NCSC-FI news followup 2021-01-14

Brand Phishing Report Q4 2020

blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/ According to Check Point Research´s (CPR) analysis, Microsoft still lead the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials. Shipping and retail, mainly led by email phishing on DHL and Amazon, are up to the top 3 brand industries for the first time this year and have more than doubled their relative share following the shopping and holidays months.

Unemployment Fraud in the Criminal Underground

www.recordedfuture.com/unemployment-fraud-in-criminal-underground/ The COVID-19 pandemic has led to the commoditization of a variety of criminal services themed around unemployment relief originally meant to be distributed to those whose lives have been disrupted by the virus. Unemployment fraud has become increasingly accessible to threat actors lately and presents a low barrier of entry for fledgling cybercriminals.

NSA advises companies to avoid third party DNS resolvers

www.bleepingcomputer.com/news/security/nsa-advises-companies-to-avoid-third-party-dns-resolvers/ The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts and to block access to internal network information. NSA’s recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environments, an encrypted domain name system (DNS) protocol that blocks unauthorized access to the DNS traffic between clients and DNS resolvers.

Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file

isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/ Recently I had to analyze an Excel malicious file that was caught in the wild, in a real attack. The file was used in a spear phishing attack where a victim was enticed into opening the file with Excel and, of course, enabling macros.

Telegram Bots at Heart of Classiscam Scam-as-a-Service

threatpost.com/telegram-bots-classiscam-scam/163061/ A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate cybergangs which altogether made at least $6.5 million using the service in 2020.

Cisco says it won’t patch 74 security bugs in older RV routers that reached EOL

www.zdnet.com/article/cisco-says-it-wont-patch-74-security-bugs-in-older-rv-routers-that-reached-eol/ Networking equipment vendor Cisco said yesterday it was not going to release firmware updates to fix 74 vulnerabilities that had been reported in its line of RV routers, which had reached end-of-life (EOL). Affected devices include Cisco Small Business RV110W, RV130, RV130W, and RV215W systems, which can be used as both routers, firewalls, and VPNs. All four reached EOL in 2017 and 2018 and have also recently exited their last maintenance window as part of paid support contracts on December 1, 2020.

Office January security updates fix remote code execution bugs

www.bleepingcomputer.com/news/security/office-january-security-updates-fix-remote-code-execution-bugs/ Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month’s Patch Tuesday. In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

Poliisi toivoo yrityksiltä lisää ilmoituksia it-rikoksista Ainoa tapa puuttua on, että tapauksia tutkitaan

www.tivi.fi/uutiset/tv/2651632d-db6c-4a2f-afe0-8e73f45e822b Kieli ei suojaa suomalaisia tietoverkkojen rikoksilta enää mitenkään, poliisin kyberrikostorjuntakeskuksen ylitarkastaja Christian Jämsén sanoo. Käännösohjelmat ja automatiikka ovat niin kehittyneitä, että kiireisellä lukaisulla huijausviestit menevät läpi ja onnistuvat. Lisäksi Suomi on globaalista kulmasta suhteellisen vauras maa, joka kiinnostaa rikollisia.. Tieto- ja viestintärikoksia ilmoitetaan poliisille vuodessa noin 1 400 tapauksen verran. Näistä yritysten osuus on arviolta noin kolmannes. Yritysten ilmoitusherkkyys on parantunut, mutta herkemminkin ne voisivat toimia.

TL;DR: The Tenable Research 2020 Threat Landscape Retrospective

www.tenable.com/blog/tldr-the-tenable-research-2020-threat-landscape-retrospective Tenables Security Response Team takes a look back at the major vulnerability and cybersecurity news of 2020 to develop insight and guidance for defenders. Søren Kierkegaard, the Danish philosopher, once wrote that life can only be understood backwards but it must be lived forwards. Tenables Security Response Team is tasked with looking at the threat landscape on a day-to-day basis and, while that provides us with the ability to see things in the moment, its only when we look back at the year that was that we can see the bigger . picture.. Report:

static.tenable.com/marketing/research-reports/Research-%20Report-Threat_Landscape_2020.pdf

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

www.darkreading.com/physical-security/who-is-responsible-for-protecting-physical-security-systems-from-cyberattacks/d/d-id/1339898 It’s a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?. In recent years it has become more obvious that physical security systems are dependent on IT and vulnerable to cyberattacks. In 2007, the movie Live Free or Die Hard showed how a group of criminals were able to control traffic systems and bring Washington DC and the stock market to a standstill. In the film Johnny English Strikes Again (2018), all the trains in the UK are directed to Bristol.

Tietomurron uhrin vaikea valinta: Hetun voi vaihtaa helpommin, mutta samalla on uusittava maksukortit ja koulutodistukset, hoitosikin voi vaarantua

yle.fi/uutiset/3-11736579 Hallitus lupasi auttaa Vastaamon tietomurron uhreja helpottamalla henkilötunnuksen vaihtamista pikaisella aikataululla. Jopa 50 000 terapia-asiakkaan henkilö-ja potilastiedot päätyivät tietomurrossa kiristäjän käsiin. Hallituksen lakiesityksen lausuntokierros päättyi torstaina. Henkilötunnusta voisi tulevaisuudessa muuttaa jo sen väärinkäytön uhan perusteella. Tällä hetkellä henkilötunnusta ei voi vaihtaa ennakoivasti tietomurron jälkeen vaan vasta kun tunnuksen väärinkäytöstä on syntynyt uhrille vahinkoa.

You might be interested in …

Daily NCSC-FI news followup 2019-09-23

Dear network operators, please use the existing tools to fix security www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/ Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.. Routers use the Border Gateway Protocol (BGP) to tell each other the current […]

Read More

Daily NCSC-FI news followup 2021-05-06

Syväteknologiaa kehittävä Unikie kyberturvallisuusjärjestö FISCin jäseneksi: “Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton” www.epressi.com/tiedotteet/ohjelmistoteollisuus/syvateknologiaa-kehittava-unikie-kyberturvallisuusjarjesto-fiscin-jaseneksi-kaiken-internet-ioe-ilman-salattua-tietoliikennetta-on-vastuuton.html tsuNAME – New DNS bug allows attackers to DDoS authoritative DNS servers www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/ “What makes TsuNAME particularly dangerous is that it can be exploited to carry out DDoS attacks against critical DNS infrastructure like large TLDs or ccTLDs, potentially affecting […]

Read More

Daily NCSC-FI news followup 2020-10-01

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week. MAR-10303705-1.v1 Remote Access Trojan: SLOTHFULMEDIA us-cert.cisa.gov/ncas/analysis-reports/ar20-275a The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named mediaplayer.exe”, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.