Daily NCSC-FI news followup 2021-02-01

Someväitteiden mukaan Vastaamo-uhrien pankkitilejä tyhjennetty – todellisuudessa kyse lienee kierosta huijauksesta Nordean ja OP:n nimissä

www.is.fi/digitoday/tietoturva/art-2000007776104.html Suomessa on meneillään kehittynyt OP:n ja Nordean nimissä tehtävä tietojenkalastelu, joka sattuu samaan aikaan Vastaamon asiakastietojen aktiivisen leviämisen kanssa. – Vastaamo-tiedoissa ei ole ollut sellaisia tietoja, jotka tämän mahdollistaisivat. Siellä ei ole ollut esimerkiksi käyttäjätunnus ja salasana -pareja tai luottokorttitietoja varmistuskoodeineen, sanoo Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Ville Kontinen.

Poliisi tutkii Microsoftin ja Nordean nimissä tehtyjä huijauksia Epäillyt nostivat uhreilta lähes 300 000 euroa rahaa: “Uhria voidaan käyttää myös rahanpesuun”

www.kauppalehti.fi/uutiset/poliisi-tutkii-microsoftin-ja-nordean-nimissa-tehtyja-huijauksia-epaillyt-nostivat-uhreilta-lahes-300-000-euroa-rahaa-uhria-voidaan-kayttaa-myos-rahanpesuun/9c855577-4bc3… Tutkinnanjohtaja muistuttaa, ettei verkkopankkitunnuksia pidä antaa kenellekään puhelimitse, sähköpostitse tai muutenkaan. “Microsoft-huijauksessa uhria voidaan käyttää myös rahanpesuun. Tällöin huijarit tallettavat hänen tililleen toisilta henkilöiltä anastettuja varoja. Uhri voi syyllistyä tuottamukselliseen rahanpesuun, jos hän välittää näitä rikoksella hankittuja rahoja eteenpäin”, kertoo tutkinnanjohtaja Jukkapekka Risu kertoo tiedotteessa.

Operation NightScout: Supplychain attack targets online gaming in Asia

www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/ In January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. According to ESET telemetry, more than 100, 000 of our users have Noxplayer installed on their machines. Among them, only 5 users received a malicious update, showing that Operation NightScout is a highly targeted operation.

SonicWall zero-day exploited in the wild

www.zdnet.com/article/sonicwall-zero-day-exploited-in-the-wild/ Cyber-security firm the NCC Group said on Sunday that it detected active exploitation attempts against a zero-day vulnerability in SonicWall networking devices. Details about the nature of the vulnerability have not been made public to prevent other threat actors from studying it and launching their own attacks.

New Trickbot module uses Masscan for local network reconnaissance

www.zdnet.com/article/new-trickbot-module-uses-masscan-for-local-network-reconnaissance/ Cyber-security experts say they spotted a new component of the Trickbot malware that performs local network reconnaissance. Named masrv, the component incorporates a copy of the Masscan open-source utility in order to scan local networks for other systems with open ports that can be attacked at a later stage. The idea behind masrv is to drop the component on newly infected devices, send a series of Masscan commands, let the component scan the local network, and upload the scan results to a Trickbot command and control server. also:

www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/

SpamCop anti-spam service suffers an outage after its domain expired

www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ Cisco’s SpamCop anti-spam service suffered an outage Sunday after a its domain mistakenly was allowed to expire. Today, mail administrators, organizations, and ISPs worldwide suddenly found that their outgoing mail was being rejected as it reported as being listed in the blacklist at bl.spamcop.net.

Here’s how hackers can compromise your network via routers that aren’t protect with IoT device security

blog.checkpoint.com/2021/02/01/iot-firmware-security-zero-day-exploitation-prevention/ Security for the “Internet of Things” (or IoT) is still relatively new to a majority of organizations. Understanding IoT firmware security will help protect against device attacks that target weak networked devices like IP cameras, routers, smart meters, medical equipment, and more.

Inside a pro-Huawei influence campaign

indianexpress.com/article/technology/tech-news-technology/inside-a-pro-huawei-influence-campaign-7168175/ The effort suggests a new twist in social media manipulation, said Ben Nimmo, a Graphika investigator who helped identify the pro-Huawei campaign.

Russian hack brings changes, uncertainty to US court system

apnews.com/article/coronavirus-pandemic-courts-russia-375942a439bee4f4b25f393224d3d778 Until recently, even the most secretive material – about wiretaps, witnesses and national security concerns – could be filed electronically. But that changed after the massive Russian hacking campaign that breached the U.S. court system’s electronic case files and those of scores of other federal agencies and private companies.

Myanmar hit with internet disruptions as military seeks to take control

www.zdnet.com/article/myanmar-hit-with-internet-disruptions-as-military-seeks-to-take-control/ Internet and phone connections are reportedly to be unstable, with online connectivity dipping to 50% as the country faces an apparent military coup and enters state of emergency. Numerous posts on Twitter appeared to confirm either poor or lack of online and phone connectivity, with several living overseas saying they were unable to reach their family and friends in Myanmar.

U.K. Arrest in SMS Bandits’ Phishing Service

krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/ Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits, ” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers

isc.sans.edu/forums/diary/Taking+a+Shot+at+Reverse+Shell+Attacks+CNC+Phone+Home+and+Data+Exfil+from+Servers/27054/ Over the last number of weeks (after the Solarwinds Orion news) there’s been a lot of discussion on how to detect if a server-based applcation is compromised. The discussions have ranged from buying new sophisticated tools, auditing the development pipeline, to diffing patches. But really, for me it’s as simple as saying “should my application server really be able to connect to any internet host on any protocol”. Let’s take it one step further and say “should my application server really be able to connect to arbitrary hosts on tcp/443 or udp/53 (or any other protocol)”. And when you phrase it that way, the answer really should be a simple “no”.

Ransomware attack takes out UK Research and Innovation’s Brussels networking office

www.theregister.com/2021/02/01/ukri_ransomware_ukro_brussels/ UK Research and Innovation, the British government’s science and research organisation, has temporarily turned off a couple of its web-facing services after an apparent ransomware attack.

Finnish Information Security Cluster – Kyberala ry Teknologiateollisuuden toimialayhdistykseksi

www.epressi.com/tiedotteet/turvallisuus/finnish-information-security-cluster-kyberala-ry-teknologiateollisuuden-toimialayhdistykseksi.html Finnish Information Security Cluster Kyberala ry liittyy Teknologiateollisuuden toimialayhdistykseksi 1.2.2021 alkaen. Kyberturvateknologia on yhä merkittävämmässä roolissa niin digitalisoituvassa teollisuudessa kuin koko yhteiskunnassa.

You might be interested in …

Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi. Detecting and Preventing Emotet 2019 Campaign media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the […]

Read More

Daily NCSC-FI news followup 2021-03-11

February 2021s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals. Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has […]

Read More

Daily NCSC-FI news followup 2019-08-17

Apples Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market www.vice.com/en_us/article/d3a8jq/apple-corellium-lawsuit Apple sued Corellium, a company that makes virtual copies of iOS for researchers to practice hacking the iPhone on. NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down www.theregister.co.uk/2019/08/16/spying_reauthorization_coats/ In […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.