Daily NCSC-FI news followup 2021-01-15

Bitcoin-kiristäjä piinaa taas suomalaisia

www.kauppalehti.fi/uutiset/bitcoin-kiristaja-piinaa-taas-suomalaisia-ala-maksa-masturbointilunnaita/a65ed063-b6b7-4ae9-93a8-4a4161d70b43 Verkkohuijarit ovat taas liikkeellä pornokiristyksinä tunnettujen huijausviestien kanssa. Huijarit väittävät tartuttaneensa haittaohjelman vastaanottajan koneelle tämän vierailtua aikuisviihdesivustolla. Katso myös Kyberturvallisuuskeskuksen uutinen aiheesta:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshuijauksia-liikkeella-runsaasti-ala-usko-huijarien-vaitteita

Signal down after getting flooded with new users

www.bleepingcomputer.com/news/software/signal-down-after-getting-flooded-with-new-users/ Signal users are currently experiencing issues around the world, with users unable to send and receive messages.

Ransomware attacks now to blame for half of healthcare data breaches

www.zdnet.com/article/ransomware-attacks-now-to-blame-for-half-of-healthcare-data-breaches/ Ransomware is now responsible for 46% of healthcare data breaches, according to analysis by cybersecurity researchers at Tenable. More than 35% of all breaches are linked to ransomware attacks, resulting in an often tremendous financial cost. Tenable:

www.tenable.com/blog/tldr-the-tenable-research-2020-threat-landscape-retrospective

Scotland environmental regulator hit by ongoing’ ransomware attack

www.bleepingcomputer.com/news/security/scotland-environmental-regulator-hit-by-ongoing-ransomware-attack/ The Scottish Environment Protection Agency (SEPA) confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. SEPA added that, after isolating the compromised systems, recovery will probably take “a significant period” and some of the infected SEPA systems will have to be replaced with new ones.

Hackers leaked altered Pfizer data to sabotage trust in vaccines

www.bleepingcomputer.com/news/security/hackers-leaked-altered-pfizer-data-to-sabotage-trust-in-vaccines/ The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines.

Verified Twitter accounts hacked in $580k Elon Musk’ crypto scam

www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-in-580k-elon-musk-crypto-scam/ Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active. The attackers are likely targeting dormant verified accounts not to be detected by the owner of the accounts. From the cryptocurrency addresses collected from landing pages seen by BleepingComputer and MetaMask, the threat actors have earned $587, 000 in bitcoin.

You might be interested in …

Daily NCSC-FI news followup 2020-03-26

Coronavirus as a hook www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/ We tell how the coronavirus scare is being exploited by phishers to attack companies and install malware. E-mails imitating business correspondence with malicious attachments are nothing new. Weve been observing them in junk traffic for the last three years at least. The more precise the fake, the higher the likelihood […]

Read More

Daily NCSC-FI news followup 2020-01-26

Teenagers today. Can’t take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist www.theregister.co.uk/2020/01/25/security_roundup/ Also, Cisco, Citrix emit patches, US army advises using Signal Patching the Citrix ADC Bug Doesn’t Mean You Weren’t Hacked www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/ Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. […]

Read More

[NCSC-FI News] Qakbot infection with Cobalt Strike and VNC activity

On Monday 2022-03-14, I infected a vulnerable Windows host with Qakbot (Qbot) malware. Approximately 17 hours later, the infected host generated traffic for Cobalt Strike and VNC (Virtual Network Computing) activity. Like Cobalt Strike, VNC provides remote access to an infected host Today’s diary provides a quick review of the infection activity. Source: Read More […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.