Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä

www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös


Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware

us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic Peoples Republic of Korea (DPRK), and provide mitigation recommendations.. Lazarus Groupwhich these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actorsis targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.. see also

us-cert.cisa.gov/ncas/current-activity/2021/02/17/north-korean-malicious-cyber-activity-applejeus. see also


Attacks targeting IT firms stir concern, controversy

www.welivesecurity.com/2021/02/17/attacks-targeting-it-firms-stir-concern-controversy/ The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. see also


Malware Is Now Targeting Apples New M1 Processor

www.wired.com/story/apple-m1-malware/ Two distinct strains of malware have already adjusted to the new silicon just months after its debut.

Kia Motors America suffers ransomware attack, $20 million ransom

www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ A new version of the Masslogger trojan has been targeting Windows users now using a compiled HTML (CHM) file format to start the infection chain.

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/ The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.

Hosting provider phishing

www.kaspersky.com/blog/hosting-provider-phishing-web-page/38783/ How, and why, cybercriminals attack accounts on hosting provider sites.

Dutch police post ‘friendly’ warnings on hacking forums

www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/ Dutch police: “Hosting criminal infrastructure in The Netherlands is a lost cause.”

Varo Steam-huijareita älä vastaa koskaan tällaisiin viesteihin

www.is.fi/digitoday/esports/art-2000007808398.html Steam-palvelussa yritetään muun muassa huijata skinejä eli virtuaaliesineitä käyttäjiltä.

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

thehackernews.com/2021/02/researchers-unmask-hackers-behind.html Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html In 2019, Mandiants Red Team discovered a series of vulnerabilities present within Digi Internationals ConnectPort X2e device, which allows for remote code execution as a privileged user.. Specifically, Mandiants research focused on SolarCitys (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients.. This two-part blog series will discuss our analysis at a high level, explore the novel techniques used to gain initial access to the ConnectPort X2e device, and share the technical details of the vulnerabilities discovered. Topics to be covered will include physical device inspection, debugging interface probing, chip-off techniques, firmware analysis, glitch attacks, and software exploitation.

SectopRAT: New version adds encrypted communication

www.gdatasoftware.com/blog/sectoprat-adds-encrypted-communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?

Better device configuration shouldnt be like herding cats

www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats Hunting for common security weaknesses using Microsoft Defender for Endpoint.

You might be interested in …

Daily NCSC-FI news followup 2021-05-11

Companies 5 Million Personal identifiable information records detected on an AWS service due to misconception of users blog.checkpoint.com/2021/05/11/companies-5-million-personal-identifiable-information-records-detected-on-an-aws-service-due-to-misconception-of-users/ CPR was able to detect personal records in Amazon Web Services (AWS). By analyzing and enumerating public AWS Systems Manager (SSM) documents, CPR retrieved over five million personally identifiable information records and credit card transactions of companies, […]

Read More

Daily NCSC-FI news followup 2021-09-15

Patch now! PrintNightmare over, MSHTML fixed, a new horror appears OMIGOD blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/ The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare nightmare. The ease with which the vulnerabilities shrugged off the August patches doesn’t look to get a rerun. So far we haven’t seen any indications that this […]

Read More

Daily NCSC-FI news followup 2019-11-02

Yhdysvallat tutkii TikTok-videosovellusta “Se on vastavakoilu-uhka” yle.fi/uutiset/3-11048631 Yhdysvaltalaissenaattorien mukaan yrityst voitaisiin pakottaa jakamaan tietoja kiinalaisten tiedusteluelinten kanssa. Yhdysvaltain hallinto on alkanut tutkia kiinalaisomisteista TikTok-videosovellusta, kertoi New York Times (siirryt toiseen palveluun)perjantaina. Tutkinnan on mr selvitt, onko sovellus lhettnyt tietoja Kiinaan, kertoo lehti nimettmiin lhteisiin viitaten. Yhdysvaltalaissenaattorit ovat vaatineet selvityst sovelluksesta jo viime kuussa. TikTok on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.