Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä

www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware

us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic Peoples Republic of Korea (DPRK), and provide mitigation recommendations.. Lazarus Groupwhich these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actorsis targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.. see also

us-cert.cisa.gov/ncas/current-activity/2021/02/17/north-korean-malicious-cyber-activity-applejeus. see also

www.zdnet.com/article/us-charges-two-more-members-of-the-lazarus-north-korean-hacking-group/

Attacks targeting IT firms stir concern, controversy

www.welivesecurity.com/2021/02/17/attacks-targeting-it-firms-stir-concern-controversy/ The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. see also

www.centreon.com/en/company/newsroom/press-releases/centreon-provides-clarification-following-the-publication-of-the-anssi-report/

Malware Is Now Targeting Apples New M1 Processor

www.wired.com/story/apple-m1-malware/ Two distinct strains of malware have already adjusted to the new silicon just months after its debut.

Kia Motors America suffers ransomware attack, $20 million ransom

www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ A new version of the Masslogger trojan has been targeting Windows users now using a compiled HTML (CHM) file format to start the infection chain.

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/ The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.

Hosting provider phishing

www.kaspersky.com/blog/hosting-provider-phishing-web-page/38783/ How, and why, cybercriminals attack accounts on hosting provider sites.

Dutch police post ‘friendly’ warnings on hacking forums

www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/ Dutch police: “Hosting criminal infrastructure in The Netherlands is a lost cause.”

Varo Steam-huijareita älä vastaa koskaan tällaisiin viesteihin

www.is.fi/digitoday/esports/art-2000007808398.html Steam-palvelussa yritetään muun muassa huijata skinejä eli virtuaaliesineitä käyttäjiltä.

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

thehackernews.com/2021/02/researchers-unmask-hackers-behind.html Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html In 2019, Mandiants Red Team discovered a series of vulnerabilities present within Digi Internationals ConnectPort X2e device, which allows for remote code execution as a privileged user.. Specifically, Mandiants research focused on SolarCitys (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients.. This two-part blog series will discuss our analysis at a high level, explore the novel techniques used to gain initial access to the ConnectPort X2e device, and share the technical details of the vulnerabilities discovered. Topics to be covered will include physical device inspection, debugging interface probing, chip-off techniques, firmware analysis, glitch attacks, and software exploitation.

SectopRAT: New version adds encrypted communication

www.gdatasoftware.com/blog/sectoprat-adds-encrypted-communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?

Better device configuration shouldnt be like herding cats

www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats Hunting for common security weaknesses using Microsoft Defender for Endpoint.

You might be interested in …

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Daily NCSC-FI news followup 2019-06-17

Bloomberg: Argentina Isnt Ruling Out a Cyberattack in Major Power Outage www.bloomberg.com/news/articles/2019-06-16/massive-power-failure-sweeps-across-argentina-and-uruguay Though a cyberattack isnt the primary hypothesis, it cant be ruled out, Argentine Energy Secretary Gustavo Lopetegui told reporters in Buenos Aires. A technical issue or simple humidity could have triggered the breakdown, said Carlos Garcia Pereira, head of Transener, Argentinas largest power-transmission […]

Read More

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.