Daily NCSC-FI news followup 2021-01-27

Kyberharjoitusskenaariot 2021 – uusia ideoita kyberharjoituksiin

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoitusskenaariot-2021-uusia-ideoita-kyberharjoituksiin Uusi Kyberharjoitusskenaariot 2021 -julkaisumme sisältää todentuntuisia kyberuhkia maksujärjestelmän tietovuodosta laajamittaiseen epidemiaan. Skenaarioiden tarkoitus on auttaa organisaatioita löytämään itselleen sopivimmat uhkakuvat, joiden torjumista ne voivat harjoitella.


www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. Also:

www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/. Also:

www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/. Also:

krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/. Also: yle.fi/uutiset/3-11759178. Also:


Tällainen on suomalaisten puhelimiin parhaillaan levitettävä haittaohjelma “Voidaan puhua epidemiasta”

www.is.fi/digitoday/tietoturva/art-2000007764380.html Suomalaisten puhelimiin levitetään haittaohjelmaa tekstiviestillä, jota lähetetään Postin nimissä. Viestissä oleva linkki ohjaa verkkosivulle, joka yrittää asentaa Android-puhelimiin haittaohjelman. IPhone-käyttäjiin isketään toisella tavalla. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Ville Kontinen kertoo, että nyt aktiivinen levityskampanja on ollut käynnissä vuodenvaihteesta alkaen.

Vanha puhelimesi kiinnostaa rikollisia nämä laitteet kannattaa tuhota huolellisesti, jos et halua tietojasi vääriin käsiin

yle.fi/uutiset/3-11756262 Tietomurrot ovat lisänneet kuluttajien tietoisuutta datalaitteiden oikeaoppisesta hävittämisestä.

Ehkä jopa 32 000 Vastaamon potilaan tiedot ilmestyivät viime yönä Tor-verkkoon poliisi: “Emme tiedä, monenko käsissä tietokanta on”

yle.fi/uutiset/3-11757676 Ainakin osa julkaistuista potilastiedoista on aitoja eli luultavasti peräisin Vastaamon tietomurrosta. Also:

www.is.fi/digitoday/tietoturva/art-2000007765480.html. Also:

www.tivi.fi/uutiset/tv/1858de83-77c0-45b8-99db-be668fd56876. Also: www.is.fi/digitoday/tietoturva/art-2000007765875.html. Also:


Apple critical patches fix in-the-wild iPhone exploits update now!

nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/ Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. Also:

www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:

www.forbes.com/sites/kateoflahertyuk/2021/01/27/ios-144-update-now-warning-issued-to-all-iphone-users/. Also: www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:

www.zdnet.com/article/apple-fixes-another-three-ios-zero-days-exploited-in-the-wild/. Also: www.is.fi/digitoday/tietoturva/art-2000007765612.html. Also:

www.tivi.fi/uutiset/tv/f3189bf1-34e7-4fb9-952d-9917b4563162. Also:

thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html. Also: cyber.gc.ca/en/alerts/apple-security-advisory-23. Also:


Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html The attack starts with an email imitating DHL, as seen in Figure 1. The email tries to trick the recipient into clicking on a link, which would take them to a fake DHL website. In Figure 2, we can see the fake page asking for credit card details that, if submitted, would give the user a generic response while in the background the credit card data is shared with the attackers.

Australian men extradited to US over $65m mobile phone scam


ASIC reports server breached via Accellion vulnerability

www.zdnet.com/article/asic-reports-server-breached-via-accellion-vulnerability/ “This incident is related to Accellion software used by ASIC to transfer files and attachments, ” the corporate regulator said in a notice posted on the evening before a public holiday.

23M Gamer Records Exposed in VIPGames Leak

threatpost.com/gamer-records-exposed-vipgames-leak/163352/ The personal data of 66, 000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. In this case, the site’s unprotected server leaked more than 30GB of data containing 23 million individual records, including usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and even data on players who were banned from the platform, WizCase said.

Top Cyber Attacks of 2020

thehackernews.com/2021/01/top-cyber-attacks-of-2020.html Attack 1: Fraudulent unemployment claims rise in response to the pandemic. Attack 2: T-Mobile breach exposes sensitive customer datatwice. Attack 3: Hackers try to meddle with the coronavirus pandemic response. Attack 4: The FireEye attack that exposed a major breach of the U.S. government

Today’s ‘sophisticated cyber attack’ victim is the Woodland Trust: Pre-Xmas breach under investigation

www.theregister.com/2021/01/27/woodland_trust_cyber_attack/ Read also: www.woodlandtrust.org.uk/security-incident/

Mimecast links security breach to SolarWinds hackers

www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/ Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. Also:


Bypassing the Protections MFA Bypass Techniques for the Win


Here’s how a researcher broke into Microsoft VS Code’s GitHub

www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/ This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code.

How We Hacked Azure Functions and Escaped Docker

www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/ After an internal assessment, Microsoft has determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host.

Google’s Project Zero discovered that a security flaw might have allowed hackers to eavesdrop on Android users. After an investigation conducted by cybersecurity researcher Natalie Silvanovich, the expert discovered vulnerabilities in many apps with 10M+ installs on Google Play that accept incoming calls

www.pandasecurity.com/en/mediacenter/mobile-news/vulnerability-messaging-apps/ The affected applications include hugely popular apps such as Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. She described her findings in a Project Zero blog post.

Using the Manager Attribute in Active Directory (AD) for Password Resets

thehackernews.com/2021/01/using-manager-attribute-in-active.html Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic.

cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool. TeamTNT delivers malware with new detection evasion tool. AT&T Alien Labs has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.

Insurers defend covering ransomware payments

www.bbc.com/news/technology-55811165 Also:

www.zdnet.com/article/uk-association-defends-ransomware-payments-in-cyber-insurance-policies/. Also:


Are.club Websites Unsafe? This Security Firm Says So


Iran blocks Signal messaging app after WhatsApp exodus

www.aljazeera.com/news/2021/1/26/iran-blocks-signal-messaging-app-after-whatsapp-exodus Iran’s government has moved to block Signal after Iranians flocked to the messaging platform following privacy concerns from Facebook-owned WhatsApp.

New Google cloud service aims to bring zero trust security to the web

www.zdnet.com/article/google-new-cloud-service-aims-to-bring-zero-trust-security-to-the-web/ Google launches BeyondCorp Enterprise, a new enterprise security service.

Russian Hacker Pleads Guilty to Administering a Website that Catered to Criminals

www.justice.gov/usao-sdca/pr/russian-hacker-pleads-guilty-administering-website-catered-criminals Kirill Victorovich Firsov, a Russian citizen, pleaded guilty in federal court today to a cybercrime, admitting that he was the administrator of a website that catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information and services to be used for criminal activity.

5G-verkko puhuttaa enemmän kuin aiemmat Säteilyturvakeskuksen mukaan säteilyn raja-arvojen ja terveyshaittojen välille jää reilu turvaväli

yle.fi/uutiset/3-11757881 Tutkimusta aiempien sukupolvien verkoista voidaan STUKin mukaan soveltaa luotettavasti myös 5G:hen, jonka osalta terveysvaikutusten tutkimus on vasta alkutaipaleella.

Ransomware: Should Governments Hack Cybercrime Cartels?

www.bankinfosecurity.com/ransomware-should-governments-hack-cybercrime-cartels-a-15861 Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted

You might be interested in …

[NCSC-FI News] Android banking malware intercepts calls to customer support

Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it impersonates, including the official logo and the customer support number. When the victim tries to call the bank, the malware breaks the connection and shows its call screen, which is almost indistinguishable from the real one. [Original […]

Read More

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

[NCSC-FI News] Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users

Phising emails are being sent that refer to a non-existent breach. The “solution” to this breach is to update the 24 word phrase as soon as possible and set up a new wallet PIN. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.