Poliisi varoittaa erittäin vahingollisista huijaustekstiviesteistä älä klikkaa linkkiä
www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös
Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware
us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic Peoples Republic of Korea (DPRK), and provide mitigation recommendations.. Lazarus Groupwhich these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actorsis targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.. see also
Attacks targeting IT firms stir concern, controversy
www.welivesecurity.com/2021/02/17/attacks-targeting-it-firms-stir-concern-controversy/ The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. see also
Malware Is Now Targeting Apples New M1 Processor
www.wired.com/story/apple-m1-malware/ Two distinct strains of malware have already adjusted to the new silicon just months after its debut.
Kia Motors America suffers ransomware attack, $20 million ransom
www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.
Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ A new version of the Masslogger trojan has been targeting Windows users now using a compiled HTML (CHM) file format to start the infection chain.
Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam
www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/ The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.
Hosting provider phishing
www.kaspersky.com/blog/hosting-provider-phishing-web-page/38783/ How, and why, cybercriminals attack accounts on hosting provider sites.
Dutch police post ‘friendly’ warnings on hacking forums
www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/ Dutch police: “Hosting criminal infrastructure in The Netherlands is a lost cause.”
Varo Steam-huijareita älä vastaa koskaan tällaisiin viesteihin
www.is.fi/digitoday/esports/art-2000007808398.html Steam-palvelussa yritetään muun muassa huijata skinejä eli virtuaaliesineitä käyttäjiltä.
Researchers Unmask Hackers Behind APOMacroSploit Malware Builder
thehackernews.com/2021/02/researchers-unmask-hackers-behind.html Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html In 2019, Mandiants Red Team discovered a series of vulnerabilities present within Digi Internationals ConnectPort X2e device, which allows for remote code execution as a privileged user.. Specifically, Mandiants research focused on SolarCitys (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients.. This two-part blog series will discuss our analysis at a high level, explore the novel techniques used to gain initial access to the ConnectPort X2e device, and share the technical details of the vulnerabilities discovered. Topics to be covered will include physical device inspection, debugging interface probing, chip-off techniques, firmware analysis, glitch attacks, and software exploitation.
SectopRAT: New version adds encrypted communication
www.gdatasoftware.com/blog/sectoprat-adds-encrypted-communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?
Better device configuration shouldnt be like herding cats
www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats Hunting for common security weaknesses using Microsoft Defender for Endpoint.