Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä

www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware

us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic Peoples Republic of Korea (DPRK), and provide mitigation recommendations.. Lazarus Groupwhich these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actorsis targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.. see also

us-cert.cisa.gov/ncas/current-activity/2021/02/17/north-korean-malicious-cyber-activity-applejeus. see also

www.zdnet.com/article/us-charges-two-more-members-of-the-lazarus-north-korean-hacking-group/

Attacks targeting IT firms stir concern, controversy

www.welivesecurity.com/2021/02/17/attacks-targeting-it-firms-stir-concern-controversy/ The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. see also

www.centreon.com/en/company/newsroom/press-releases/centreon-provides-clarification-following-the-publication-of-the-anssi-report/

Malware Is Now Targeting Apples New M1 Processor

www.wired.com/story/apple-m1-malware/ Two distinct strains of malware have already adjusted to the new silicon just months after its debut.

Kia Motors America suffers ransomware attack, $20 million ransom

www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ A new version of the Masslogger trojan has been targeting Windows users now using a compiled HTML (CHM) file format to start the infection chain.

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/ The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.

Hosting provider phishing

www.kaspersky.com/blog/hosting-provider-phishing-web-page/38783/ How, and why, cybercriminals attack accounts on hosting provider sites.

Dutch police post ‘friendly’ warnings on hacking forums

www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/ Dutch police: “Hosting criminal infrastructure in The Netherlands is a lost cause.”

Varo Steam-huijareita älä vastaa koskaan tällaisiin viesteihin

www.is.fi/digitoday/esports/art-2000007808398.html Steam-palvelussa yritetään muun muassa huijata skinejä eli virtuaaliesineitä käyttäjiltä.

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

thehackernews.com/2021/02/researchers-unmask-hackers-behind.html Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html In 2019, Mandiants Red Team discovered a series of vulnerabilities present within Digi Internationals ConnectPort X2e device, which allows for remote code execution as a privileged user.. Specifically, Mandiants research focused on SolarCitys (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients.. This two-part blog series will discuss our analysis at a high level, explore the novel techniques used to gain initial access to the ConnectPort X2e device, and share the technical details of the vulnerabilities discovered. Topics to be covered will include physical device inspection, debugging interface probing, chip-off techniques, firmware analysis, glitch attacks, and software exploitation.

SectopRAT: New version adds encrypted communication

www.gdatasoftware.com/blog/sectoprat-adds-encrypted-communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?

Better device configuration shouldnt be like herding cats

www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats Hunting for common security weaknesses using Microsoft Defender for Endpoint.

You might be interested in …

Daily NCSC-FI news followup 2021-03-06

Chinas RedEcho accused of targeting Indias power grids blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/ RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future [PDF].. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and […]

Read More

Daily NCSC-FI news followup 2021-03-30

Älä ole hiljaa: 7 syytä, joiden vuoksi verkkorötöksistä kannattaa tehdä rikosilmoitus www.is.fi/digitoday/tietoturva/art-2000007889042.html Kyberrikokset tulisi ilmoittaa poliisille, uusi Kyberrikollisuus on poliisiasia -opas kertoo. Suuri osa kyberrikoksista jää ilmoittamatta poliisille. Tähän tärkeimmät syyt ovat epäröinti käynnistää prosessi esimerkiksi negatiivisen julkisuuden pelossa, pelko omien virheiden paljastumisesta, sekä hyötyjen ja haittojen punnitseminen, johon kuuluu muun muassa uskomus rikollisen kiinni […]

Read More

Daily NCSC-FI news followup 2019-06-28

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.. The malware, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.